linux/crypto/asymmetric_keys
Dimitri John Ledkov 16ab7cb582 crypto: pkcs7 - remove sha1 support
Removes support for sha1 signed kernel modules, importing sha1 signed
x.509 certificates.

rsa-pkcs1pad keeps sha1 padding support, which seems to be used by
virtio driver.

sha1 remains available as there are many drivers and subsystems using
it. Note only hmac(sha1) with secret keys remains cryptographically
secure.

In the kernel there are filesystems, IMA, tpm/pcr that appear to be
using sha1. Maybe they can all start to be slowly upgraded to
something else i.e. blake3, ParallelHash, SHAKE256 as needed.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2023-10-20 13:39:26 +08:00
..
asymmetric_keys.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
asymmetric_type.c KEYS: remove MODULE_LICENSE in non-modules 2023-04-13 13:13:51 -07:00
Kconfig crypto: certs: fix FIPS selftest dependency 2023-02-13 10:00:41 +02:00
Makefile certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
mscode_parser.c crypto: pkcs7 - remove sha1 support 2023-10-20 13:39:26 +08:00
mscode.asn1
pkcs7_key_type.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
pkcs7_parser.c crypto: pkcs7 - remove sha1 support 2023-10-20 13:39:26 +08:00
pkcs7_parser.h crypto: asymmetric_keys: fix some comments in pkcs7_parser.h 2021-01-21 16:16:09 +00:00
pkcs7_trust.c keys: X.509 public key issuer lookup without AKID 2022-01-09 00:18:42 +02:00
pkcs7_verify.c asymmetric_keys: log on fatal failures in PE/pkcs7 2023-03-21 16:23:56 +00:00
pkcs7.asn1 PKCS#7: Appropriately restrict authenticated attributes and content type 2015-08-12 17:01:01 +01:00
pkcs8_parser.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
pkcs8.asn1 KEYS: Implement PKCS#8 RSA Private Key parser [ver #2] 2018-10-26 09:30:46 +01:00
public_key.c crypto: pkcs7 - remove sha1 support 2023-10-20 13:39:26 +08:00
restrict.c KEYS: DigitalSignature link restriction 2023-08-17 20:12:20 +00:00
selftest.c certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
signature.c crypto: pkcs7 - remove sha1 support 2023-10-20 13:39:26 +08:00
verify_pefile.c KEYS: fix kernel-doc warnings in verify_pefile 2023-07-14 18:23:14 +10:00
verify_pefile.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
x509_akid.asn1 X.509: Add missing IMPLICIT annotations to AKID ASN.1 module 2023-10-05 18:16:30 +08:00
x509_cert_parser.c crypto: pkcs7 - remove sha1 support 2023-10-20 13:39:26 +08:00
x509_loader.c wifi: cfg80211: Deduplicate certificate loading 2023-01-19 14:46:45 +01:00
x509_parser.h certs: Add FIPS selftests 2022-06-21 16:05:12 +01:00
x509_public_key.c X.509: if signature is unsupported skip validation 2023-08-25 18:46:55 +08:00
x509.asn1 KEYS: x509: clearly distinguish between key and signature algorithms 2022-03-08 10:33:18 +02:00