[REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support
James Prestwood
prestwoj at gmail.com
Wed Mar 13 13:12:54 PDT 2024
Hi,
On 3/13/24 12:44 PM, Eric Biggers wrote:
> On Wed, Mar 13, 2024 at 10:26:06AM -0700, James Prestwood wrote:
>> Hi,
>>
>> On 3/13/24 1:56 AM, Johannes Berg wrote:
>>> Not sure why you're CC'ing the world, but I guess adding a few more
>>> doesn't hurt ...
>>>
>>> On Wed, 2024-03-13 at 09:50 +0100, Karel Balej wrote:
>>>> and I use iwd
>>> This is your problem, the wireless stack in the kernel doesn't use any
>>> kernel crypto code for 802.1X.
>> Yes, the wireless stack has zero bearing on the issue. I think that's what
>> you meant by "problem".
>>
>> IWD has used the kernel crypto API forever which was abruptly broken, that
>> is the problem.
>>
>> The original commit says it was to remove support for sha1 signed kernel
>> modules, but it did more than that and broke the keyctl API.
>>
> Which specific API is iwd using that is relevant here?
> I cloned https://kernel.googlesource.com/pub/scm/network/wireless/iwd
> and grepped for keyctl and AF_ALG, but there are no matches.
IWD uses ELL for its crypto, which uses the AF_ALG API:
https://git.kernel.org/pub/scm/libs/ell/ell.git/
I believe the failure is when calling:
KEYCTL_PKEY_QUERY enc="x962" hash="sha1"
From logs Michael posted on the IWD list, the ELL API that fails is:
l_key_get_info (ell.git/ell/key.c:416)
Thanks,
James
>
> - Eric
More information about the linux-arm-kernel
mailing list