Re: [PATCH] Revert "crypto: pkcs7 - remove sha1 support"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu Mar 21, 2024 at 6:10 AM EET, Eric Biggers wrote:
> On Tue, Mar 19, 2024 at 07:20:54PM +0200, Jarkko Sakkinen wrote:
> > > diff --git a/crypto/asymmetric_keys/mscode_parser.c b/crypto/asymmetric_keys/mscode_parser.c
> > > index 05402ef8964e..8aecbe4637f3 100644
> > > --- a/crypto/asymmetric_keys/mscode_parser.c
> > > +++ b/crypto/asymmetric_keys/mscode_parser.c
> > > @@ -73,10 +73,13 @@ int mscode_note_digest_algo(void *context, size_t hdrlen,
> > >  	char buffer[50];
> > >  	enum OID oid;
> > >  
> > >  	oid = look_up_OID(value, vlen);
> > >  	switch (oid) {
> > > +	case OID_sha1:
> > > +		ctx->digest_algo = "sha1";
> > > +		break;
> > 
> > I fully agree with the change BUT...
> > 
> > IMHO it would make sense to e.g either add inline comment about iwd
> > dependency or link to the bug report here.
> > 
> > I'd like to think that there is common will to eventually get rid of
> > all of SHA-1, and thus in cases where it is not yet possible it would
> > make sense to guide what to needs to be done to make it happen, right?
> > 
> > BR, Jarkko
>
> This is supposed to just be a revert, so it's best not to mess around with
> adding additional stuff that wasn't in the original commit.  The sha1 signatures
> are also not unique; iwd is also forcing the kernel to keep supporting MD4, RC4,
> KEYCTL_DH_COMPUTE, KEYCTL_PKEY_{QUERY,ENCRYPT,DECRYPT,SIGN,VERIFY}, etc.
> Probably more than I don't know about.  I guess all of this should be documented
> in the code in appropriate places.  Probably the iwd folks should step in to do
> this, as they know best what they're using and they got a lot of this added to
> the kernel in the first place.
>
> - Eric

OK, fair point.


BR, Jarkko





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux