Re: [PATCH] crypto: pkcs7: remove sha1 support

[PATCH] crypto: pkcs7: remove sha1 support · Dimitri John Ledkov <hidden> · 2023-10-10
Re: [PATCH] crypto: pkcs7: remove sha1 support · Herbert Xu <herbert@gondor.apana.org.au> · 2023-10-20
[REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · "Karel Balej" <balejk@matfyz.cz> · 2024-03-13
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · Johannes Berg <johannes@sipsolutions.net> · 2024-03-13
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · James Prestwood <hidden> · 2024-03-13
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · Eric Biggers <ebiggers@kernel.org> · 2024-03-13
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · James Prestwood <hidden> · 2024-03-13
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · Eric Biggers <ebiggers@kernel.org> · 2024-03-13
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · James Prestwood <hidden> · 2024-03-13
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · Eric Biggers <ebiggers@kernel.org> · 2024-03-13
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · Jeff Johnson <hidden> · 2024-03-13
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · Eric Biggers <ebiggers@kernel.org> · 2024-03-13
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · Eric Biggers <ebiggers@kernel.org> · 2024-03-13
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · James Prestwood <hidden> · 2024-03-14
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · James Bottomley <James.Bottomley@HansenPartnership.com> · 2024-03-14
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · Eric Biggers <ebiggers@kernel.org> · 2024-03-14
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · Ard Biesheuvel <ardb@kernel.org> · 2024-03-14
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · Michael Yartys <hidden> · 2024-03-13
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · "Karel Balej" <balejk@matfyz.cz> · 2024-03-13
Re: [REGRESSION] Re: [PATCH] crypto: pkcs7: remove sha1 support · "Karel Balej" <balejk@matfyz.cz> · 2024-03-15

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: 2023-10-20 05:54:59
Also in: keyrings, linux-arm-kernel, linux-crypto, lkml

On Tue, Oct 10, 2023 at 10:22:38PM +0100, Dimitri John Ledkov wrote:

Removes support for sha1 signed kernel modules, importing sha1 signed
x.509 certificates.

rsa-pkcs1pad keeps sha1 padding support, which seems to be used by
virtio driver.

sha1 remains available as there are many drivers and subsystems using
it. Note only hmac(sha1) with secret keys remains cryptographically
secure.

In the kernel there are filesystems, IMA, tpm/pcr that appear to be
using sha1. Maybe they can all start to be slowly upgraded to
something else i.e. blake3, ParallelHash, SHAKE256 as needed.

Signed-off-by: Dimitri John Ledkov <redacted>
---
 crypto/asymmetric_keys/mscode_parser.c    |  3 -
 crypto/asymmetric_keys/pkcs7_parser.c     |  4 --
 crypto/asymmetric_keys/public_key.c       |  3 +-
 crypto/asymmetric_keys/signature.c        |  2 +-
 crypto/asymmetric_keys/x509_cert_parser.c |  8 ---
 crypto/testmgr.h                          | 80 -----------------------
 include/linux/oid_registry.h              |  4 --
 kernel/module/Kconfig                     |  5 --
 8 files changed, 2 insertions(+), 107 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help