On Tue, Oct 10, 2023 at 10:22:38PM +0100, Dimitri John Ledkov wrote: > Removes support for sha1 signed kernel modules, importing sha1 signed > x.509 certificates. > > rsa-pkcs1pad keeps sha1 padding support, which seems to be used by > virtio driver. > > sha1 remains available as there are many drivers and subsystems using > it. Note only hmac(sha1) with secret keys remains cryptographically > secure. > > In the kernel there are filesystems, IMA, tpm/pcr that appear to be > using sha1. Maybe they can all start to be slowly upgraded to > something else i.e. blake3, ParallelHash, SHAKE256 as needed. > > Signed-off-by: Dimitri John Ledkov <dimitri.led...@canonical.com> > --- > crypto/asymmetric_keys/mscode_parser.c | 3 - > crypto/asymmetric_keys/pkcs7_parser.c | 4 -- > crypto/asymmetric_keys/public_key.c | 3 +- > crypto/asymmetric_keys/signature.c | 2 +- > crypto/asymmetric_keys/x509_cert_parser.c | 8 --- > crypto/testmgr.h | 80 ----------------------- > include/linux/oid_registry.h | 4 -- > kernel/module/Kconfig | 5 -- > 8 files changed, 2 insertions(+), 107 deletions(-)
Patch applied. Thanks. -- Email: Herbert Xu <herb...@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt