[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aN5ho_VTClL5ai8l@gondor.apana.org.au>
Date: Thu, 2 Oct 2025 19:27:31 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Jiri Slaby <jirislaby@...nel.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
"David S. Miller" <davem@...emloft.net>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
Vegard Nossum <vegard.nossum@...cle.com>, netdev@...r.kernel.org,
Eric Biggers <ebiggers@...nel.org>,
Jakub Kicinski <kuba@...nel.org>
Subject: Re: 6.17 crashes in ipv6 code when booted fips=1 [was: [GIT PULL]
Crypto Update for 6.17]
On Thu, Oct 02, 2025 at 12:57:11PM +0200, Jiri Slaby wrote:
>
> Anyway, cherry-picking this -next commit onto 6.17 works as well (the code
> uses now crypto_lib's sha1, not crypto's):
> commit 095928e7d80186c524013a5b5d54889fa2ec1eaa
> Author: Eric Biggers <ebiggers@...nel.org>
> Date: Sat Aug 23 21:36:43 2025 -0400
>
> ipv6: sr: Use HMAC-SHA1 and HMAC-SHA256 library functions
>
>
> I don't know what to do next -- should it be put into 6.17 stable later and
> we are done?
Yes that works too. But it's basically the same as reverting
the patch from Vegard since it makes the code use SHA1 again
even though we told it not too.
Perhaps we should just revert Vegard's change? Since it's kind
of pointless now that people are just using the underlying SHA1
algorithm directly through lib/crypto.
Cheers,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists