lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250630162948.GA1220@sol>
Date: Mon, 30 Jun 2025 09:29:48 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: John Johansen <john.johansen@...onical.com>
Cc: apparmor@...ts.ubuntu.com, linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org
Subject: Re: [PATCH] apparmor: use SHA-256 library API instead of
 crypto_shash API

On Thu, Jun 26, 2025 at 11:14:50PM -0700, John Johansen wrote:
> On 6/26/25 20:59, Eric Biggers wrote:
> > On Sun, Jun 22, 2025 at 02:16:07PM -0700, John Johansen wrote:
> > > On 6/12/25 12:11, Eric Biggers wrote:
> > > > On Sat, May 17, 2025 at 12:43:30AM -0700, John Johansen wrote:
> > > > > On 5/13/25 21:21, Eric Biggers wrote:
> > > > > > On Mon, Apr 28, 2025 at 12:04:30PM -0700, Eric Biggers wrote:
> > > > > > > From: Eric Biggers <ebiggers@...gle.com>
> > > > > > > 
> > > > > > > This user of SHA-256 does not support any other algorithm, so the
> > > > > > > crypto_shash abstraction provides no value.  Just use the SHA-256
> > > > > > > library API instead, which is much simpler and easier to use.
> > > > > > > 
> > > > > > > Signed-off-by: Eric Biggers <ebiggers@...gle.com>
> > > > > > > ---
> > > > > > > 
> > > > > > > This patch is targeting the apparmor tree for 6.16.
> > > > > > > 
> > > > > > >     security/apparmor/Kconfig  |  3 +-
> > > > > > >     security/apparmor/crypto.c | 85 ++++++--------------------------------
> > > > > > >     2 files changed, 13 insertions(+), 75 deletions(-)
> > > > > > 
> > > > > > Any interest in taking this patch through the apparmor or security trees?
> > > > > > 
> > > > > I can take it through my tree
> > > > 
> > > > Thanks!  I notice this isn't in v6.16-rc1.  Do you have a pull request planned?
> > > > 
> > > 
> > > Hey Eric,
> > > 
> > > sorry I have been sick and didn't get a 6.16 pull request out. I am slowly trying
> > > to dig my way out of the backlog, which is several weeks deeo. I might get together
> > > a small PR of bug fixes before the 6.17 merge window but the bulk of what is in
> > > apparmor-next will be waiting to merge in 6.17 now.
> > 
> > Hope you're feeling better!  Actually, would you mind if instead I took this
> I lot, though still generally tired/low on energy
> 
> > patch (with your ack) through the libcrypto-next tree for 6.17?
> > Otherwise there will be a silent merge conflict after I apply
> > https://lore.kernel.org/r/20250625070819.1496119-11-ebiggers@kernel.org/
> > 
> Avoiding a merge conflict? You have my ACK and blessing I will pull it out of
> the apparmor tree asap

Thanks, let me know once you've dropped it.

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ