git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	THOBY Simon <Simon.THOBY@viveris.fr>
	Mon, 16 Aug 2021 08:10:59 +0000 (08:10 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 15 Sep 2021 08:00:59 +0000 (10:00 +0200)
commit	237ad4fb042c5cf83acf24108ae6e1b6b61d40c9
tree	67be9103191704266f0d21d46a5b8f5f8f02ce57	tree
parent	9e4b9b07f67d1c4a47e39215433409c332bbf54d	commit \| diff

IMA: remove the dependency on CRYPTO_MD5

commit 8510505d55e194d3f6c9644c9f9d12c4f6b0395a upstream.

MD5 is a weak digest algorithm that shouldn't be used for cryptographic
operation. It hinders the efficiency of a patch set that aims to limit
the digests allowed for the extended file attribute namely security.ima.
MD5 is no longer a requirement for IMA, nor should it be used there.

The sole place where we still use the MD5 algorithm inside IMA is setting
the ima_hash algorithm to MD5, if the user supplies 'ima_hash=md5'
parameter on the command line. With commit ab60368ab6a4 ("ima: Fallback
to the builtin hash algorithm"), setting "ima_hash=md5" fails gracefully
when CRYPTO_MD5 is not set:
ima: Can not allocate md5 (reason: -2)
ima: Allocating md5 failed, going to use default hash algorithm sha256

Remove the CRYPTO_MD5 dependency for IMA.

Signed-off-by: THOBY Simon <Simon.THOBY@viveris.fr>
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
[zohar@linux.ibm.com: include commit number in patch description for
stable.]
Cc: stable@vger.kernel.org # 4.17
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>