Re: [PATCH] crypto: pkcs7: remove sha1 support

[Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>]

On Tue, Oct 10, 2023 at 10:22:38PM +0100, Dimitri John Ledkov wrote:
> Removes support for sha1 signed kernel modules, importing sha1 signed
> x.509 certificates.
> 
> rsa-pkcs1pad keeps sha1 padding support, which seems to be used by
> virtio driver.
> 
> sha1 remains available as there are many drivers and subsystems using
> it. Note only hmac(sha1) with secret keys remains cryptographically
> secure.
> 
> In the kernel there are filesystems, IMA, tpm/pcr that appear to be
> using sha1. Maybe they can all start to be slowly upgraded to
> something else i.e. blake3, ParallelHash, SHAKE256 as needed.
> 
> Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@xxxxxxxxxxxxx>
> ---
>  crypto/asymmetric_keys/mscode_parser.c    |  3 -
>  crypto/asymmetric_keys/pkcs7_parser.c     |  4 --
>  crypto/asymmetric_keys/public_key.c       |  3 +-
>  crypto/asymmetric_keys/signature.c        |  2 +-
>  crypto/asymmetric_keys/x509_cert_parser.c |  8 ---
>  crypto/testmgr.h                          | 80 -----------------------
>  include/linux/oid_registry.h              |  4 --
>  kernel/module/Kconfig                     |  5 --
>  8 files changed, 2 insertions(+), 107 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt