On Mon, Feb 10, 2025 at 07:53:57PM +0100, Lukas Wunner wrote: > > It does use the private key part: > > It takes advantage of the kernel's Key Retention Service for EAP-TLS, > which generally uses mutual authentication. E.g. clients authenticate > against a wireless hotspot. Hence it does invoke KEYCTL_PKEY_SIGN and > KEYCTL_PKEY_ENCRYPT (with private keys, obviously). Well if it wishes to keep this going, then someone will have to step up and maintain these algorithms and make them secure against side-channel attacks. In the absence of that, this functionality should be removed from the kernel. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
