[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210913131124.495974055@linuxfoundation.org>
Date: Mon, 13 Sep 2021 15:16:21 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, THOBY Simon <Simon.THOBY@...eris.fr>,
Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>,
Mimi Zohar <zohar@...ux.ibm.com>
Subject: [PATCH 5.14 327/334] IMA: remove the dependency on CRYPTO_MD5
From: THOBY Simon <Simon.THOBY@...eris.fr>
commit 8510505d55e194d3f6c9644c9f9d12c4f6b0395a upstream.
MD5 is a weak digest algorithm that shouldn't be used for cryptographic
operation. It hinders the efficiency of a patch set that aims to limit
the digests allowed for the extended file attribute namely security.ima.
MD5 is no longer a requirement for IMA, nor should it be used there.
The sole place where we still use the MD5 algorithm inside IMA is setting
the ima_hash algorithm to MD5, if the user supplies 'ima_hash=md5'
parameter on the command line. With commit ab60368ab6a4 ("ima: Fallback
to the builtin hash algorithm"), setting "ima_hash=md5" fails gracefully
when CRYPTO_MD5 is not set:
ima: Can not allocate md5 (reason: -2)
ima: Allocating md5 failed, going to use default hash algorithm sha256
Remove the CRYPTO_MD5 dependency for IMA.
Signed-off-by: THOBY Simon <Simon.THOBY@...eris.fr>
Reviewed-by: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
[zohar@...ux.ibm.com: include commit number in patch description for
stable.]
Cc: stable@...r.kernel.org # 4.17
Signed-off-by: Mimi Zohar <zohar@...ux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
security/integrity/ima/Kconfig | 1 -
1 file changed, 1 deletion(-)
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -6,7 +6,6 @@ config IMA
select SECURITYFS
select CRYPTO
select CRYPTO_HMAC
- select CRYPTO_MD5
select CRYPTO_SHA1
select CRYPTO_HASH_INFO
select TCG_TPM if HAS_IOMEM && !UML
Powered by blists - more mailing lists