From: Eric Biggers <ebiggers@kernel.org>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: linux-crypto@vger.kernel.org,
Herbert Xu <herbert@gondor.apana.org.au>,
keyrings@vger.kernel.org, linux-wireless@vger.kernel.org,
iwd@lists.linux.dev, James Prestwood <prestwoj@gmail.com>,
Dimitri John Ledkov <dimitri.ledkov@canonical.com>,
Karel Balej <balejk@matfyz.cz>
Subject: Re: [PATCH] Revert "crypto: pkcs7 - remove sha1 support"
Date: Wed, 20 Mar 2024 21:10:15 -0700 [thread overview]
Message-ID: <20240321041015.GB2387@sol.localdomain> (raw)
In-Reply-To: <CZXWE5J2QMIN.1L4QKQU7C7UMN@kernel.org>
On Tue, Mar 19, 2024 at 07:20:54PM +0200, Jarkko Sakkinen wrote:
> > diff --git a/crypto/asymmetric_keys/mscode_parser.c b/crypto/asymmetric_keys/mscode_parser.c
> > index 05402ef8964e..8aecbe4637f3 100644
> > --- a/crypto/asymmetric_keys/mscode_parser.c
> > +++ b/crypto/asymmetric_keys/mscode_parser.c
> > @@ -73,10 +73,13 @@ int mscode_note_digest_algo(void *context, size_t hdrlen,
> > char buffer[50];
> > enum OID oid;
> >
> > oid = look_up_OID(value, vlen);
> > switch (oid) {
> > + case OID_sha1:
> > + ctx->digest_algo = "sha1";
> > + break;
>
> I fully agree with the change BUT...
>
> IMHO it would make sense to e.g either add inline comment about iwd
> dependency or link to the bug report here.
>
> I'd like to think that there is common will to eventually get rid of
> all of SHA-1, and thus in cases where it is not yet possible it would
> make sense to guide what to needs to be done to make it happen, right?
>
> BR, Jarkko
This is supposed to just be a revert, so it's best not to mess around with
adding additional stuff that wasn't in the original commit. The sha1 signatures
are also not unique; iwd is also forcing the kernel to keep supporting MD4, RC4,
KEYCTL_DH_COMPUTE, KEYCTL_PKEY_{QUERY,ENCRYPT,DECRYPT,SIGN,VERIFY}, etc.
Probably more than I don't know about. I guess all of this should be documented
in the code in appropriate places. Probably the iwd folks should step in to do
this, as they know best what they're using and they got a lot of this added to
the kernel in the first place.
- Eric
next prev parent reply other threads:[~2024-03-21 4:10 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-13 23:32 [PATCH] Revert "crypto: pkcs7 - remove sha1 support" Eric Biggers
2024-03-14 8:11 ` Karel Balej
2024-03-14 19:40 ` Eric Biggers
2024-03-19 17:20 ` Jarkko Sakkinen
2024-03-21 4:10 ` Eric Biggers [this message]
2024-03-21 14:44 ` Andrew Zaborowski
2024-03-21 16:26 ` Jarkko Sakkinen
2024-03-22 11:45 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240321041015.GB2387@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=balejk@matfyz.cz \
--cc=dimitri.ledkov@canonical.com \
--cc=herbert@gondor.apana.org.au \
--cc=iwd@lists.linux.dev \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=prestwoj@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox