Forum | Documentation | Website | Blog

Skip to content
Snippets Groups Projects
Commit 16ab7cb5 authored by Dimitri John Ledkov's avatar Dimitri John Ledkov Committed by Herbert Xu
Browse files

crypto: pkcs7 - remove sha1 support 


Removes support for sha1 signed kernel modules, importing sha1 signed
x.509 certificates.

rsa-pkcs1pad keeps sha1 padding support, which seems to be used by
virtio driver.

sha1 remains available as there are many drivers and subsystems using
it. Note only hmac(sha1) with secret keys remains cryptographically
secure.

In the kernel there are filesystems, IMA, tpm/pcr that appear to be
using sha1. Maybe they can all start to be slowly upgraded to
something else i.e. blake3, ParallelHash, SHAKE256 as needed.

Signed-off-by: default avatarDimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent c35b581e
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 107 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Open hardware computers for makers, educators and professionals