Re: [RFC PATCH v1] module: sign with sha512 by default to avoid build errors

From: Sedat Dilek
Date: Thu Oct 10 2024 - 05:10:35 EST


On Thu, Oct 10, 2024 at 10:57 AM Thorsten Leemhuis <linux@xxxxxxxxxxxxx> wrote:
>
> On 10.10.24 10:42, Sedat Dilek wrote:
> > On Thu, Oct 10, 2024 at 10:29 AM Sedat Dilek <sedat.dilek@xxxxxxxxx> wrote:
> >> On Thu, Oct 10, 2024 at 10:19 AM Thorsten Leemhuis <linux@xxxxxxxxxxxxx> wrote:
> >>> On 10.10.24 09:00, Thorsten Leemhuis wrote:
> >>
> >> That was wrong in the original code which you moved:
> >>
> >> +config MODULE_SIG_SHA384
> >> + bool "SHA-384"
> >> + select CRYPTO_SHA512 <--- SHA*384*
> >
> > Thorsten, please fix it!
>
> That looks intentional to me -- and CRYPTO_SHA384 from a quick look does
> not even exist.
>
> But that's not at all my area of expertise, so I would not want to touch
> it anyway.
>
> Ciao, Thorsten
>
> P.S.: Vegard Nossum mentioned in the fediverse that I could also solve
> the problem the patch is about by adding "default MODULE_SIG_SHA512" to
> the "choice" section; haven't tried that, but that sounds like a better
> solution. Will likely give it a try, unless someone brings up unwanted
> side effects this might cause.
>

Not an expert in this area, too.

Looks like I misread it.

SHA224 selects XXX_SHA*256* so the code might be intentional.

-sed@-