Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support

public inbox for linux-crypto@vger.kernel.org
 help / color / mirror / Atom feed

From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: James Prestwood <prestwoj@gmail.com>,
	Eric Biggers <ebiggers@kernel.org>,
	 Jeff Johnson <quic_jjohnson@quicinc.com>
Cc: Johannes Berg <johannes@sipsolutions.net>,
	Karel Balej <balejk@matfyz.cz>,
	 dimitri.ledkov@canonical.com, alexandre.torgue@foss.st.com,
	davem@davemloft.net,  dhowells@redhat.com,
	herbert@gondor.apana.org.au, keyrings@vger.kernel.org,
	 linux-arm-kernel@lists.infradead.org,
	linux-crypto@vger.kernel.org,  linux-kernel@vger.kernel.org,
	linux-modules@vger.kernel.org,
	 linux-stm32@st-md-mailman.stormreply.com, mcgrof@kernel.org,
	 mcoquelin.stm32@gmail.com, linux-wireless@vger.kernel.org,
	 netdev@vger.kernel.org, iwd@lists.linux.dev
Subject: Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support
Date: Thu, 14 Mar 2024 08:22:38 -0400	[thread overview]
Message-ID: <7133628a2f45ad63e90c481387ed5b44906df54f.camel@HansenPartnership.com> (raw)
In-Reply-To: <a4d24b2c-7dbf-4354-9514-f8a253aac14b@gmail.com>

On Thu, 2024-03-14 at 04:52 -0700, James Prestwood wrote:
> I'm also not entirely sure why this stuff continues to be removed
> from the kernel. First MD4, then it got reverted, then this (now
> reverted, thanks). Both cases there was not clear justification of
> why it was  being removed.

I think this is some misunderstanding of the NIST and FIPS requirements
with regards to hashes, ciphers and bits of security.  The bottom line
is that neither NIST nor FIPS requires the removal of the sha1
algorithm at all.  Both of them still support it for HMAC (for now). 
In addition, the FIPS requirement is only that you not *issue* sha1
hashed signatures.  FIPS still allows you to verify legacy signatures
with sha1 as the signing hash (for backwards compatibility reasons). 
Enterprises with no legacy and no HMAC requirements *may* remove the
hash, but it's not mandated.

So *removing* sha1 from the certificate code was the wrong thing to do.
We should have configurably prevented using sha1 as the algorithm for
new signatures but kept it for signature verification.

Can we please get this sorted out before 2025, because next up is the
FIPS requirement to move to at least 128 bits of security which will
see RSA2048 deprecated in a similar way: We should refuse to issue
RSA2048 signatures, but will still be allowed to verify them for legacy
reasons.

James

next prev parent reply	other threads:[~2024-03-14 12:22 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-10 21:22 [PATCH] crypto: pkcs7: remove sha1 support Dimitri John Ledkov
2023-10-20  5:54 ` Herbert Xu
2024-03-13  8:50 ` [REGRESSION] " Karel Balej
2024-03-13  8:56   ` Johannes Berg
2024-03-13 17:26     ` James Prestwood
2024-03-13 19:44       ` Eric Biggers
2024-03-13 20:12         ` James Prestwood
2024-03-13 20:22           ` Eric Biggers
2024-03-13 21:17             ` James Prestwood
2024-03-13 22:10               ` Eric Biggers
2024-03-13 22:51                 ` Jeff Johnson
2024-03-13 23:06                   ` Eric Biggers
2024-03-13 23:40                     ` Eric Biggers
2024-03-14 11:52                     ` James Prestwood
2024-03-14 12:22                       ` James Bottomley [this message]
2024-03-14 20:20                       ` Eric Biggers
2024-03-14 23:38                         ` Ard Biesheuvel
2024-03-13 18:39     ` Michael Yartys
2024-03-13 19:54   ` Karel Balej
2024-03-15 13:09     ` Karel Balej

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7133628a2f45ad63e90c481387ed5b44906df54f.camel@HansenPartnership.com \
    --to=james.bottomley@hansenpartnership.com \
    --cc=alexandre.torgue@foss.st.com \
    --cc=balejk@matfyz.cz \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=dimitri.ledkov@canonical.com \
    --cc=ebiggers@kernel.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=iwd@lists.linux.dev \
    --cc=johannes@sipsolutions.net \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-modules@vger.kernel.org \
    --cc=linux-stm32@st-md-mailman.stormreply.com \
    --cc=linux-wireless@vger.kernel.org \
    --cc=mcgrof@kernel.org \
    --cc=mcoquelin.stm32@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=prestwoj@gmail.com \
    --cc=quic_jjohnson@quicinc.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox