lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220114142015.87974-1-Jason@zx2c4.com>
Date:   Fri, 14 Jan 2022 15:20:12 +0100
From:   "Jason A. Donenfeld" <Jason@...c4.com>
To:     linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        bpf@...r.kernel.org, linux-crypto@...r.kernel.org
Cc:     "Jason A. Donenfeld" <Jason@...c4.com>,
        Alexei Starovoitov <alexei.starovoitov@...il.com>,
        Andy Lutomirski <luto@...capital.net>,
        Ard Biesheuvel <ardb@...nel.org>, Erik Kline <ek@...gle.com>,
        Fernando Gont <fgont@...networks.com>,
        Geert Uytterhoeven <geert@...ux-m68k.org>,
        Hannes Frederic Sowa <hannes@...essinduktion.org>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>,
        Lorenzo Colitti <lorenzo@...gle.com>
Subject: [PATCH RFC v2 0/3] remove remaining users of SHA-1

Hi,

There are currently two remaining users of SHA-1 left in the kernel: bpf
tag generation, and ipv6 address calculation. In an effort to reduce
code size and rid ourselves of insecure primitives, this RFC patchset
moves to using the more secure BLAKE2s function. I wanted to get your
feedback on how feasible this patchset is, and if there is some
remaining attachment to SHA-1, why exactly, and what could be done to
mitigate it. Rather than sending a mailing list post just asking, "what
do you think?" I figured it'd be easier to send this as an RFC patchset,
so you see specifically what I mean.

Version 2 makes the ipv6 handling a bit cleaner and fixes a build
warning from the last commit. Since this is just an RFC-for-discussion,
there's not technically a need to be sending this, but from the looks of
it, a real solution here might involve a bit more heavy lifting, so I
wanted to at least get my latest on the list in case others want to play
around with solutions in this space too. Also, the original recipient
list was too narrow, so this v2 expands that a bit.

Thoughts? Comments?

Thanks,
Jason

Cc: Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc: Andy Lutomirski <luto@...capital.net>
Cc: Ard Biesheuvel <ardb@...nel.org>
Cc: Erik Kline <ek@...gle.com>
Cc: Fernando Gont <fgont@...networks.com>
Cc: Geert Uytterhoeven <geert@...ux-m68k.org>
Cc: Hannes Frederic Sowa <hannes@...essinduktion.org>
Cc: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>
Cc: Lorenzo Colitti <lorenzo@...gle.com>

Jason A. Donenfeld (3):
  bpf: move from sha1 to blake2s in tag calculation
  ipv6: move from sha1 to blake2s in address calculation
  crypto: sha1_generic - import lib/sha1.c locally

 crypto/sha1_generic.c | 182 +++++++++++++++++++++++++++++++++++++
 include/crypto/sha1.h |  10 ---
 kernel/bpf/core.c     |  39 +-------
 lib/Makefile          |   2 +-
 lib/sha1.c            | 204 ------------------------------------------
 net/ipv6/addrconf.c   |  56 +++---------
 6 files changed, 201 insertions(+), 292 deletions(-)
 delete mode 100644 lib/sha1.c

-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ