[PATCH v5 1/5] IMA: remove the dependency on CRYPTO_MD5

[PATCH v5 0/5] IMA: restrict the accepted digest algorithms for the security.ima xattr · THOBY Simon <hidden> · 2021-07-28
[PATCH v5 1/5] IMA: remove the dependency on CRYPTO_MD5 · THOBY Simon <hidden> · 2021-07-28
Re: [PATCH v5 1/5] IMA: remove the dependency on CRYPTO_MD5 · Lakshmi Ramasubramanian <hidden> · 2021-08-03
[PATCH v5 2/5] IMA: block writes of the security.ima xattr with unsupported algorithms · THOBY Simon <hidden> · 2021-07-28
Re: [PATCH v5 2/5] IMA: block writes of the security.ima xattr with unsupported algorithms · Lakshmi Ramasubramanian <hidden> · 2021-08-03
[PATCH v5 3/5] IMA: add support to restrict the hash algorithms used for file appraisal · THOBY Simon <hidden> · 2021-07-28
Re: [PATCH v5 3/5] IMA: add support to restrict the hash algorithms used for file appraisal · Lakshmi Ramasubramanian <hidden> · 2021-08-03
[PATCH v5 5/5] IMA: introduce a new policy option func=SETXATTR_CHECK · THOBY Simon <hidden> · 2021-07-28
Re: [PATCH v5 5/5] IMA: introduce a new policy option func=SETXATTR_CHECK · Mimi Zohar <zohar@linux.ibm.com> · 2021-07-28
Re: [PATCH v5 5/5] IMA: introduce a new policy option func=SETXATTR_CHECK · THOBY Simon <hidden> · 2021-07-29
Re: [PATCH v5 5/5] IMA: introduce a new policy option func=SETXATTR_CHECK · Mimi Zohar <zohar@linux.ibm.com> · 2021-07-29
[PATCH v5 4/5] IMA: add a policy option to restrict xattr hash algorithms on appraisal · THOBY Simon <hidden> · 2021-07-28
Re: [PATCH v5 0/5] IMA: restrict the accepted digest algorithms for the security.ima xattr · Mimi Zohar <zohar@linux.ibm.com> · 2021-07-28

STALE1760d

From: THOBY Simon <hidden>
Date: 2021-07-28 13:21:27
Subsystem: extended verification module (evm), integrity measurement architecture (ima), security subsystem, the rest · Maintainers: Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Paul Moore, James Morris, "Serge E. Hallyn", Linus Torvalds

Remove the CRYPTO_MD5 dependency for IMA, as it is not necessary
and it hinders the efficiency of a patchset that limit the digests
allowed for the security.ima xattr.

Signed-off-by: Simon Thoby <redacted>
---
 security/integrity/ima/Kconfig    | 1 -
 security/integrity/ima/ima_main.c | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index d0ceada99243..f3a9cc201c8c 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig

@@ -6,7 +6,6 @@ config IMA
 	select SECURITYFS
 	select CRYPTO
 	select CRYPTO_HMAC
-	select CRYPTO_MD5
 	select CRYPTO_SHA1
 	select CRYPTO_HASH_INFO
 	select TCG_TPM if HAS_IOMEM && !UML

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 287b90509006..7f2310f29789 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c

@@ -53,7 +53,7 @@ static int __init hash_setup(char *str)
 	if (strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) == 0) {
 		if (strncmp(str, "sha1", 4) == 0) {
 			ima_hash_algo = HASH_ALGO_SHA1;
-		} else if (strncmp(str, "md5", 3) == 0) {
+		} else if (IS_ENABLED(CONFIG_CRYPTO_MD5) && strncmp(str, "md5", 3) == 0) {
 			ima_hash_algo = HASH_ALGO_MD5;
 		} else {
 			pr_err("invalid hash algorithm \"%s\" for template \"%s\"",

-- 
2.31.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help