git.maquefel.me Git - linux.git/commit

crypto: pkcs7 - remove sha1 support

Removes support for sha1 signed kernel modules, importing sha1 signed
x.509 certificates.

rsa-pkcs1pad keeps sha1 padding support, which seems to be used by
virtio driver.

sha1 remains available as there are many drivers and subsystems using
it. Note only hmac(sha1) with secret keys remains cryptographically
secure.

In the kernel there are filesystems, IMA, tpm/pcr that appear to be
using sha1. Maybe they can all start to be slowly upgraded to
something else i.e. blake3, ParallelHash, SHAKE256 as needed.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

author	Dimitri John Ledkov <dimitri.ledkov@canonical.com>
	Tue, 10 Oct 2023 21:22:38 +0000 (22:22 +0100)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Fri, 20 Oct 2023 05:39:26 +0000 (13:39 +0800)
commit	16ab7cb5825fc3425c16ad2c6e53d827f382d7c6
tree	8cf4c325cbdf68f4d256c2ed5c6f4bc7d7d7bc93	tree \| snapshot
parent	c35b581e5197cced51047beeab0d3ccbfe948764	commit \| diff

crypto/asymmetric_keys/mscode_parser.c		diff \| blob \| history
crypto/asymmetric_keys/pkcs7_parser.c		diff \| blob \| history
crypto/asymmetric_keys/public_key.c		diff \| blob \| history
crypto/asymmetric_keys/signature.c		diff \| blob \| history
crypto/asymmetric_keys/x509_cert_parser.c		diff \| blob \| history
crypto/testmgr.h		diff \| blob \| history
include/linux/oid_registry.h		diff \| blob \| history
kernel/module/Kconfig		diff \| blob \| history