On Mon Oct 2, 2023 at 2:57 AM EEST, Dimitri John Ledkov wrote: > Remove support for md4 md5 hash and signatures in x.509 certificate > parsers, pkcs7 signature parser, authenticode parser. > > All of these are insecure or broken, and everyone has long time ago > migrated to alternative hash implementations. > > Also remove md2 & md3 oids which have already didn't have support. > > This is also likely the last user of md4 in the kernel, and thus > crypto/md4.c and related tests in tcrypt & testmgr can likely be > removed. Other users such as cifs smbfs ext modpost sumversions have > their own internal implementation as needed. > > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@xxxxxxxxxxxxx> > --- > crypto/asymmetric_keys/mscode_parser.c | 6 ------ > crypto/asymmetric_keys/pkcs7_parser.c | 6 ------ > crypto/asymmetric_keys/x509_cert_parser.c | 6 ------ > include/linux/oid_registry.h | 8 -------- > 4 files changed, 26 deletions(-) > > diff --git a/crypto/asymmetric_keys/mscode_parser.c b/crypto/asymmetric_keys/mscode_parser.c > index 839591ad21..690405ebe7 100644 > --- a/crypto/asymmetric_keys/mscode_parser.c > +++ b/crypto/asymmetric_keys/mscode_parser.c > @@ -75,12 +75,6 @@ int mscode_note_digest_algo(void *context, size_t hdrlen, > > oid = look_up_OID(value, vlen); > switch (oid) { > - case OID_md4: > - ctx->digest_algo = "md4"; > - break; > - case OID_md5: > - ctx->digest_algo = "md5"; > - break; > case OID_sha1: > ctx->digest_algo = "sha1"; > break; > diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c > index 277482bb17..cf4caab962 100644 > --- a/crypto/asymmetric_keys/pkcs7_parser.c > +++ b/crypto/asymmetric_keys/pkcs7_parser.c > @@ -227,12 +227,6 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen, > struct pkcs7_parse_context *ctx = context; > > switch (ctx->last_oid) { > - case OID_md4: > - ctx->sinfo->sig->hash_algo = "md4"; > - break; > - case OID_md5: > - ctx->sinfo->sig->hash_algo = "md5"; > - break; > case OID_sha1: > ctx->sinfo->sig->hash_algo = "sha1"; > break; > diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c > index 7a9b084e20..8d23a69890 100644 > --- a/crypto/asymmetric_keys/x509_cert_parser.c > +++ b/crypto/asymmetric_keys/x509_cert_parser.c > @@ -195,15 +195,9 @@ int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag, > pr_debug("PubKey Algo: %u\n", ctx->last_oid); > > switch (ctx->last_oid) { > - case OID_md2WithRSAEncryption: > - case OID_md3WithRSAEncryption: > default: > return -ENOPKG; /* Unsupported combination */ > > - case OID_md4WithRSAEncryption: > - ctx->cert->sig->hash_algo = "md4"; > - goto rsa_pkcs1; > - > case OID_sha1WithRSAEncryption: > ctx->cert->sig->hash_algo = "sha1"; > goto rsa_pkcs1; > diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h > index 0f4a890392..89fb4612b2 100644 > --- a/include/linux/oid_registry.h > +++ b/include/linux/oid_registry.h > @@ -30,9 +30,6 @@ enum OID { > > /* PKCS#1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)} */ > OID_rsaEncryption, /* 1.2.840.113549.1.1.1 */ > - OID_md2WithRSAEncryption, /* 1.2.840.113549.1.1.2 */ > - OID_md3WithRSAEncryption, /* 1.2.840.113549.1.1.3 */ > - OID_md4WithRSAEncryption, /* 1.2.840.113549.1.1.4 */ > OID_sha1WithRSAEncryption, /* 1.2.840.113549.1.1.5 */ > OID_sha256WithRSAEncryption, /* 1.2.840.113549.1.1.11 */ > OID_sha384WithRSAEncryption, /* 1.2.840.113549.1.1.12 */ > @@ -49,11 +46,6 @@ enum OID { > OID_smimeCapabilites, /* 1.2.840.113549.1.9.15 */ > OID_smimeAuthenticatedAttrs, /* 1.2.840.113549.1.9.16.2.11 */ > > - /* {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2)} */ > - OID_md2, /* 1.2.840.113549.2.2 */ > - OID_md4, /* 1.2.840.113549.2.4 */ > - OID_md5, /* 1.2.840.113549.2.5 */ > - > OID_mskrb5, /* 1.2.840.48018.1.2.2 */ > OID_krb5, /* 1.2.840.113554.1.2.2 */ > OID_krb5u2u, /* 1.2.840.113554.1.2.2.3 */ > -- > 2.34.1 Reviewed-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx> BR, Jarkko