Eric,
Eric Biggers, 2024-03-13T16:32:27-07:00:
> From: Eric Biggers <[email protected]>
>
> This reverts commit 16ab7cb5825fc3425c16ad2c6e53d827f382d7c6 because it
> broke iwd. iwd uses the KEYCTL_PKEY_* UAPIs via its dependency libell,
> and apparently it is relying on SHA-1 signature support. These UAPIs
> are fairly obscure, and their documentation does not mention which
> algorithms they support. iwd really should be using a properly
> supported userspace crypto library instead. Regardless, since something
> broke we have to revert the change.
>
> It may be possible that some parts of this commit can be reinstated
> without breaking iwd (e.g. probably the removal of MODULE_SIG_SHA1), but
> for now this just does a full revert to get things working again.
>
> Reported-by: Karel Balej <[email protected]>
> Closes: https://lore.kernel.org/r/[email protected]
> Cc: Dimitri John Ledkov <[email protected]>
> Signed-off-by: Eric Biggers <[email protected]>
thank you very much for the revert. I have compiled 6.8 with this patch
and attest that it solves my eduroam connection issue.
Tested-by: Karel Balej <[email protected]>
May I please ask, though, why you did not Cc stable (and add a Fixes
trailer for that matter)? It seems like something that would be nice to
see fixed in 6.7.y and 6.8.y too as soon as possible.
Kind regards,
K. B.
On Thu, Mar 14, 2024 at 09:11:08AM +0100, Karel Balej wrote:
> Eric,
>
> Eric Biggers, 2024-03-13T16:32:27-07:00:
> > From: Eric Biggers <[email protected]>
> >
> > This reverts commit 16ab7cb5825fc3425c16ad2c6e53d827f382d7c6 because it
> > broke iwd. iwd uses the KEYCTL_PKEY_* UAPIs via its dependency libell,
> > and apparently it is relying on SHA-1 signature support. These UAPIs
> > are fairly obscure, and their documentation does not mention which
> > algorithms they support. iwd really should be using a properly
> > supported userspace crypto library instead. Regardless, since something
> > broke we have to revert the change.
> >
> > It may be possible that some parts of this commit can be reinstated
> > without breaking iwd (e.g. probably the removal of MODULE_SIG_SHA1), but
> > for now this just does a full revert to get things working again.
> >
> > Reported-by: Karel Balej <[email protected]>
> > Closes: https://lore.kernel.org/r/[email protected]
> > Cc: Dimitri John Ledkov <[email protected]>
> > Signed-off-by: Eric Biggers <[email protected]>
>
> thank you very much for the revert. I have compiled 6.8 with this patch
> and attest that it solves my eduroam connection issue.
>
> Tested-by: Karel Balej <[email protected]>
>
> May I please ask, though, why you did not Cc stable (and add a Fixes
> trailer for that matter)? It seems like something that would be nice to
> see fixed in 6.7.y and 6.8.y too as soon as possible.
I just forgot. Reverts usually get backported without asking anyway, but the
following should be added to make it explicit:
Fixes: 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support")
Cc: [email protected]
That should just be added when the patch is applied, unless I happen to need to
send out a new version anyway.
We need to decide who is actually going to apply this revert. Probably Herbert,
since he took the commit that's being reverted?
- Eric