Re: [PATCH] Revert "crypto: pkcs7 - remove sha1 support"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 14, 2024 at 09:11:08AM +0100, Karel Balej wrote:
> Eric,
> 
> Eric Biggers, 2024-03-13T16:32:27-07:00:
> > From: Eric Biggers <ebiggers@xxxxxxxxxx>
> >
> > This reverts commit 16ab7cb5825fc3425c16ad2c6e53d827f382d7c6 because it
> > broke iwd.  iwd uses the KEYCTL_PKEY_* UAPIs via its dependency libell,
> > and apparently it is relying on SHA-1 signature support.  These UAPIs
> > are fairly obscure, and their documentation does not mention which
> > algorithms they support.  iwd really should be using a properly
> > supported userspace crypto library instead.  Regardless, since something
> > broke we have to revert the change.
> >
> > It may be possible that some parts of this commit can be reinstated
> > without breaking iwd (e.g. probably the removal of MODULE_SIG_SHA1), but
> > for now this just does a full revert to get things working again.
> >
> > Reported-by: Karel Balej <balejk@xxxxxxxxx>
> > Closes: https://lore.kernel.org/r/CZSHRUIJ4RKL.34T4EASV5DNJM@xxxxxxxxx
> > Cc: Dimitri John Ledkov <dimitri.ledkov@xxxxxxxxxxxxx>
> > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> 
> thank you very much for the revert. I have compiled 6.8 with this patch
> and attest that it solves my eduroam connection issue.
> 
> Tested-by: Karel Balej <balejk@xxxxxxxxx>
> 
> May I please ask, though, why you did not Cc stable (and add a Fixes
> trailer for that matter)? It seems like something that would be nice to
> see fixed in 6.7.y and 6.8.y too as soon as possible.

I just forgot.  Reverts usually get backported without asking anyway, but the
following should be added to make it explicit:

    Fixes: 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support")
    Cc: stable@xxxxxxxxxxxxxxx

That should just be added when the patch is applied, unless I happen to need to
send out a new version anyway.

We need to decide who is actually going to apply this revert.  Probably Herbert,
since he took the commit that's being reverted?

- Eric




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux