On Thu, 2019-04-04 at 00:37 +0300, Vitaly Chikunov wrote: > On Wed, Apr 03, 2019 at 05:10:20PM -0400, Mimi Zohar wrote: > > On Thu, 2019-04-04 at 00:04 +0300, Vitaly Chikunov wrote: > > > Mimi, > > > > > > On Wed, Apr 03, 2019 at 04:41:04PM -0400, Mimi Zohar wrote: > > > > On Sat, 2019-03-23 at 04:41 +0300, Vitaly Chikunov wrote: > > > > > Primary names of the algorithms are different for OpenSSL and Kernel. > > > > > Allow to use both of them. > > > > > > > > Can we add a line here explaining the two names? Perhaps something > > > > like, "GOST R 34.11-2012 is the Russian national standard based on the > > > > Streebog set of hash functions." > > > > > > Ok. But, "GOST R 34.11-2012" is not mentioned, and there is other > > > standards with Streebog, such as RFC 6986, ISO/IEC 10118-3:2018, GOST > > > 34.11-2018. > > > > > > Point of this patch is that Kernel calls this hash function by it's > > > proper name "StreebogX", but older version of OpenSSL reference it by > > > acronym "md_gost12_X". (While newer should support Streebog name too.) > > > And we try to be user friendly and allow to use both names. > > > > If "Streebog" will be supported by OpenSSL, then why make md_gost12_x > > the primary name, and the kernel name the alias? Shouldn't it be the > > reverse (eg. "pkey_hash_algo_alias")? > > Because ima-evm-utils is using OpenSSL and not Kernel's Crypto API, > OpenSSL names are "primary" for ima-evm-utils. It's happened that most > names are the same for both APIs. > > "md_gost12_X" is supported for years by more versions of OpenSSL. While > "StreebogX" name is just committed a few months ago to gost-engine. Thus, > > 1) "md_gost12_x" name could be used on conservative distros. Users > will not need to wait [possible] a few years when new name reach > their distro. > > 2) PKEY_HASH_STREEBOG_X is resolved to "md_gost12_X" names (to the > names that are present in OpenSSL with much more probability). > > `pkey_hash_algo_kern` only contains names that are different between > the Kernel and OpenSSL. > > I used "primary" for the both arrays so that no names are offended by > being not-primary. Could you provide me with a single line or two, with an explanation for the two names. I'll add it to the commit patch description, before pushing out these patches. Thanks! Mimi
