brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux-brain/security/integrity
History
THOBY Simon 4a95b04afa IMA: remove the dependency on CRYPTO_MD5 
commit 8510505d55e194d3f6c9644c9f9d12c4f6b0395a upstream.

MD5 is a weak digest algorithm that shouldn't be used for cryptographic
operation. It hinders the efficiency of a patch set that aims to limit
the digests allowed for the extended file attribute namely security.ima.
MD5 is no longer a requirement for IMA, nor should it be used there.

The sole place where we still use the MD5 algorithm inside IMA is setting
the ima_hash algorithm to MD5, if the user supplies 'ima_hash=md5'
parameter on the command line.  With commit ab60368ab6 ("ima: Fallback
to the builtin hash algorithm"), setting "ima_hash=md5" fails gracefully
when CRYPTO_MD5 is not set:
	ima: Can not allocate md5 (reason: -2)
	ima: Allocating md5 failed, going to use default hash algorithm sha256

Remove the CRYPTO_MD5 dependency for IMA.

Signed-off-by: THOBY Simon <Simon.THOBY@viveris.fr>
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
[zohar@linux.ibm.com: include commit number in patch description for
stable.]
Cc: stable@vger.kernel.org # 4.17
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2021-09-15 09:47:41 +02:00
..
evm evm: fix writing <securityfs>/evm overflow 2021-07-14 16:53:21 +02:00
ima IMA: remove the dependency on CRYPTO_MD5 2021-09-15 09:47:41 +02:00
platform_certs x86/efi: remove unused variables 2021-07-07 08:22:58 -04:00
Kconfig integrity: Select CONFIG_KEYS instead of depending on it 2019-08-05 18:40:20 -04:00
Makefile x86/efi: move common keyring handler functions to new file 2021-06-30 08:47:55 -04:00
digsig.c ima: Implement support for module-style appended signatures 2019-08-05 18:40:23 -04:00
digsig_asymmetric.c Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" 2019-07-10 18:43:43 -07:00
iint.c integrity: double check iint_cache was initialized 2021-03-30 14:35:24 +02:00
integrity.h ima: Implement support for module-style appended signatures 2019-08-05 18:40:23 -04:00
integrity_audit.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00