[PATCH v8 1/6] IMA: remove the dependency on CRYPTO_MD5

[PATCH v8 0/6] IMA: restrict the accepted digest algorithms for the security.ima xattr · THOBY Simon <hidden> · 2021-08-16
[PATCH v8 1/6] IMA: remove the dependency on CRYPTO_MD5 · THOBY Simon <hidden> · 2021-08-16
[PATCH v8 2/6] IMA: block writes of the security.ima xattr with unsupported algorithms · THOBY Simon <hidden> · 2021-08-16
[PATCH v8 6/6] IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms · THOBY Simon <hidden> · 2021-08-16
Re: [PATCH v8 6/6] IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms · Mimi Zohar <zohar@linux.ibm.com> · 2021-08-16
Re: [PATCH v8 6/6] IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms · THOBY Simon <hidden> · 2021-08-17
[PATCH v8 4/6] IMA: add a policy option to restrict xattr hash algorithms on appraisal · THOBY Simon <hidden> · 2021-08-16
[PATCH v8 5/6] IMA: introduce a new policy option func=SETXATTR_CHECK · THOBY Simon <hidden> · 2021-08-16
[PATCH v8 3/6] IMA: add support to restrict the hash algorithms used for file appraisal · THOBY Simon <hidden> · 2021-08-16

STALE1744d REVIEWED: 1 (0M)

From: THOBY Simon <hidden>
Date: 2021-08-16 08:11:04
Subsystem: extended verification module (evm), integrity measurement architecture (ima), security subsystem, the rest · Maintainers: Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Paul Moore, James Morris, "Serge E. Hallyn", Linus Torvalds

MD5 is a weak digest algorithm that shouldn't be used for cryptographic
operation. It hinders the efficiency of a patch set that aims to limit
the digests allowed for the extended file attribute namely security.ima.
MD5 is no longer a requirement for IMA, nor should it be used there.

The sole place where we still use the MD5 algorithm inside IMA (setting
the ima_hash algorithm to MD5 if the user supply the 'ima_hash=md5'
parameter on the command line) fails gracefully when CRYPTO_MD5 is not set:
	ima: Can not allocate md5 (reason: -2)
	ima: Allocating md5 failed, going to use default hash algorithm sha256

Remove the CRYPTO_MD5 dependency for IMA.

Reviewed-by: Lakshmi Ramasubramanian <redacted>
Signed-off-by: THOBY Simon <redacted>
---
 security/integrity/ima/Kconfig | 1 -
 1 file changed, 1 deletion(-)

diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index d0ceada99243..f3a9cc201c8c 100644
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig

@@ -6,7 +6,6 @@ config IMA
 	select SECURITYFS
 	select CRYPTO
 	select CRYPTO_HMAC
-	select CRYPTO_MD5
 	select CRYPTO_SHA1
 	select CRYPTO_HASH_INFO
 	select TCG_TPM if HAS_IOMEM && !UML

-- 
2.31.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help