Re: [PATCH RFC v1 1/3] bpf: move from sha1 to blake2s in tag calculation

From: Jason A. Donenfeld
Date: Fri Jan 14 2022 - 11:35:02 EST

Next message: conor dooley: "Re: [PATCH v3 14/15] riscv: dts: microchip: add new peripherals to icicle kit device tree"
Previous message: Jason A. Donenfeld: "Re: [PATCH RFC v2 1/3] bpf: move from sha1 to blake2s in tag calculation"
In reply to: Alexei Starovoitov: "Re: [PATCH RFC v1 1/3] bpf: move from sha1 to blake2s in tag calculation"
Next in thread: Jeffrey Walton: "Re: [PATCH RFC v1 1/3] bpf: move from sha1 to blake2s in tag calculation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 14, 2022 at 5:19 PM Alexei Starovoitov
<alexei.starovoitov@xxxxxxxxx> wrote:
>
> On Fri, Jan 14, 2022 at 7:08 AM Ard Biesheuvel <ardb@xxxxxxxxxx> wrote:
> >
> > Yeah, so the issue is that, at *some* point, SHA-1 is going to have to
> > go.
>
> sha1 cannot be removed from the kernel.
> See AF_ALG and iproute2 source for reference.

It can be removed from vmlinux, and be folded into the crypto API's
generic implementation where it belongs, which then can be built as a
module or not built at all, depending on configuration. Please see the
3/3 patch in this series to see what that looks like:
https://lore.kernel.org/lkml/20220114142015.87974-4-Jason@xxxxxxxxx/

Meanwhile, you have not replied to any of the substantive issues I
brought up. I'd appreciate you doing so.

Thank you,
Jason

Next message: conor dooley: "Re: [PATCH v3 14/15] riscv: dts: microchip: add new peripherals to icicle kit device tree"
Previous message: Jason A. Donenfeld: "Re: [PATCH RFC v2 1/3] bpf: move from sha1 to blake2s in tag calculation"
In reply to: Alexei Starovoitov: "Re: [PATCH RFC v1 1/3] bpf: move from sha1 to blake2s in tag calculation"
Next in thread: Jeffrey Walton: "Re: [PATCH RFC v1 1/3] bpf: move from sha1 to blake2s in tag calculation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]