Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On 3/13/24 12:44 PM, Eric Biggers wrote:
On Wed, Mar 13, 2024 at 10:26:06AM -0700, James Prestwood wrote:
Hi,

On 3/13/24 1:56 AM, Johannes Berg wrote:
Not sure why you're CC'ing the world, but I guess adding a few more
doesn't hurt ...

On Wed, 2024-03-13 at 09:50 +0100, Karel Balej wrote:
   and I use iwd
This is your problem, the wireless stack in the kernel doesn't use any
kernel crypto code for 802.1X.
Yes, the wireless stack has zero bearing on the issue. I think that's what
you meant by "problem".

IWD has used the kernel crypto API forever which was abruptly broken, that
is the problem.

The original commit says it was to remove support for sha1 signed kernel
modules, but it did more than that and broke the keyctl API.

Which specific API is iwd using that is relevant here?
I cloned https://kernel.googlesource.com/pub/scm/network/wireless/iwd
and grepped for keyctl and AF_ALG, but there are no matches.

IWD uses ELL for its crypto, which uses the AF_ALG API:

https://git.kernel.org/pub/scm/libs/ell/ell.git/

I believe the failure is when calling:

KEYCTL_PKEY_QUERY enc="x962" hash="sha1"

From logs Michael posted on the IWD list, the ELL API that fails is:

l_key_get_info (ell.git/ell/key.c:416)

Thanks,

James


- Eric




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux