projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b85ea95) | patch
apparmor: switch SECURITY_APPARMOR_HASH from sha1 to sha256
authorDimitri John Ledkov <dimitri.ledkov@canonical.com>
Sun, 22 Oct 2023 19:40:26 +0000 (20:40 +0100)
committerJohn Johansen <john.johansen@canonical.com>
Sun, 19 Nov 2023 08:47:56 +0000 (00:47 -0800)
commite44a4dc4b36cc087878596b937d52caca35e9b19
tree2503fb92c4eff889a6987c747792c16141020ff9tree | snapshot
parentb85ea95d086471afb4ad062012a4d73cd328fa86commit | diff
apparmor: switch SECURITY_APPARMOR_HASH from sha1 to sha256

sha1 is insecure and has colisions, thus it is not useful for even
lightweight policy hash checks. Switch to sha256, which on modern
hardware is fast enough.

Separately as per NIST Policy on Hash Functions, sha1 usage must be
withdrawn by 2030. This config option currently is one of many that
holds up sha1 usage.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/Kconfig diff | blob | history
security/apparmor/apparmorfs.c diff | blob | history
security/apparmor/crypto.c diff | blob | history
ep93xx device tree rework repo: git://git.maquefel.me/linux.git