[5.4,141/144] IMA: remove the dependency on CRYPTO_MD5

Message ID	20210913131052.645459517@linuxfoundation.org
State	New
Headers	show Return-Path: <stable-owner@kernel.org> From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org, THOBY Simon <Simon.THOBY@viveris.fr>, Lakshmi Ramasubramanian <nramas@linux.microsoft.com>, Mimi Zohar <zohar@linux.ibm.com> Subject: [PATCH 5.4 141/144] IMA: remove the dependency on CRYPTO_MD5 Date: Mon, 13 Sep 2021 15:15:22 +0200 Message-Id: <20210913131052.645459517@linuxfoundation.org> In-Reply-To: <20210913131047.974309396@linuxfoundation.org> References: <20210913131047.974309396@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	None \| expand [5.4,002/144] regmap: fix the offset of register error log [5.4,004/144] sched/deadline: Fix reset_on_fork reporting of DL tasks [5.4,006/144] crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() [5.4,008/144] rcu/tree: Handle VM stoppage in stall detection [5.4,011/144] hrtimer: Ensure timerfd notification for HIGHRES=n [5.4,014/144] isofs: joliet: Fix iocharset=utf8 mount option [5.4,016/144] nvme-tcp: dont update queue count when failing to set io queues [5.4,019/144] power: supply: max17042_battery: fix typo in MAx17042_TOFF [5.4,021/144] libata: fix ata_host_start() [5.4,023/144] crypto: qat - handle both source of interrupt in VF ISR [5.4,027/144] fcntl: fix potential deadlock for &fasync_struct.fa_lock [5.4,029/144] s390/kasan: fix large PMD pages address alignment check [5.4,031/144] m68k: emu: Fix invalid free in nfeth_cleanup() [5.4,033/144] spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config [5.4,034/144] spi: spi-pic32: Fix issue with uninitialized dma_slave_config [5.4,035/144] genirq/timings: Fix error return code in irq_timings_test_irqs() [5.4,036/144] lib/mpi: use kcalloc in mpi_resize [5.4,038/144] block: nbd: add sanity check for first_minor [5.4,040/144] certs: Trigger creation of RSA module signing key if its not an RSA key [5.4,041/144] regulator: vctrl: Use locked regulator_get_voltage in probe path [5.4,043/144] spi: sprd: Fix the wrong WDG_LOAD_VAL [5.4,046/144] drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() [5.4,047/144] media: TDA1997x: enable EDID support [5.4,050/144] bpf: Fix a typo of reuseport map in bpf.h. [5.4,052/144] ARM: dts: aspeed-g6: Fix HVI3C function-group in pinctrl dtsi [5.4,054/144] soc: qcom: rpmhpd: Use corner in power_off [5.4,056/144] media: dvb-usb: fix uninit-value in vp702x_read_mac_addr [5.4,057/144] media: dvb-usb: Fix error handling in dvb_usb_i2c_init [5.4,061/144] 6lowpan: iphc: Fix an off-by-one check of array index [5.4,063/144] drm/amdgpu/acp: Make PM domain really work [5.4,064/144] tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos [5.4,066/144] ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties [5.4,067/144] ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties [5.4,069/144] net/mlx5e: Prohibit inner indir TIRs in IPoIB [5.4,070/144] cgroup/cpuset: Fix a partition bug with hotplug [5.4,073/144] leds: lt3593: Put fwnode in any case during ->probe() [5.4,075/144] media: em28xx-input: fix refcount bug in em28xx_usb_disconnect [5.4,076/144] media: venus: venc: Fix potential null pointer dereference on pointer fmt [5.4,077/144] PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently [5.4,080/144] debugfs: Return error during {full/open}_proxy_open() on rmmod [5.4,081/144] Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow [5.4,082/144] PM: EM: Increase energy calculation precision [5.4,083/144] drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs [5.4,084/144] arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7 [5.4,085/144] counter: 104-quad-8: Return error when invalid mode during ceiling_write [5.4,088/144] usb: gadget: udc: at91: add IRQ check [5.4,090/144] usb: phy: twl6030: add IRQ checks [5.4,091/144] usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse [5.4,095/144] mac80211: Fix insufficient headroom issue for AMSDU [5.4,097/144] nfsd4: Fix forced-expiry locking [5.4,099/144] mm/swap: consider max pages in iomap_swapfile_add_extent [5.4,103/144] rsi: fix error code in rsi_load_9116_firmware() [5.4,104/144] rsi: fix an error code in rsi_probe() [5.4,107/144] mmc: dw_mmc: Fix issue with uninitialized dma_slave_config [5.4,110/144] CIFS: Fix a potencially linear read overflow [5.4,111/144] i2c: mt65xx: fix IRQ check [5.4,113/144] usb: bdc: Fix an error handling path in bdc_probe() when no suitable DMA config is ... [5.4,114/144] tty: serial: fsl_lpuart: fix the wrong mapbase value [5.4,116/144] ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function [5.4,119/144] bcma: Fix memory leak for internally-handled cores [5.4,120/144] brcmfmac: pcie: fix oops on failure to resume and reprobe [5.4,121/144] ipv6: make exception cache less predictible [5.4,123/144] net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed [5.4,125/144] octeontx2-af: Fix loop in free and unmap counter [5.4,126/144] ipv4: fix endianness issue in inet_rtm_getroute_build_skb() [5.4,128/144] bpf: Fix leakage due to insufficient speculative store bypass mitigation [5.4,129/144] bpf: verifier: Allocate idmap scratch in verifier env [5.4,132/144] tty: Fix data race between tiocsti() and flush_to_ldisc() [5.4,136/144] KVM: x86: Update vCPUs hv_clock before back to guest when tsc_offset is adjusted [5.4,139/144] fuse: flush extending writes [5.4,141/144] IMA: remove the dependency on CRYPTO_MD5 [5.4,143/144] backlight: pwm_bl: Improve bootloader/kernel device handover [5.4,144/144] clk: kirkwood: Fix a clocking boot regression

Message ID

20210913131052.645459517@linuxfoundation.org

State

New

Headers

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, THOBY Simon <Simon.THOBY@viveris.fr>,
	Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
	Mimi Zohar <zohar@linux.ibm.com>
Subject: [PATCH 5.4 141/144] IMA: remove the dependency on CRYPTO_MD5
Date: Mon, 13 Sep 2021 15:15:22 +0200
Message-Id: <20210913131052.645459517@linuxfoundation.org>
In-Reply-To: <20210913131047.974309396@linuxfoundation.org>
References: <20210913131047.974309396@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

None | expand

Commit Message

Greg KH Sept. 13, 2021, 1:15 p.m. UTC

From: THOBY Simon <Simon.THOBY@viveris.fr>

commit 8510505d55e194d3f6c9644c9f9d12c4f6b0395a upstream.

MD5 is a weak digest algorithm that shouldn't be used for cryptographic
operation. It hinders the efficiency of a patch set that aims to limit
the digests allowed for the extended file attribute namely security.ima.
MD5 is no longer a requirement for IMA, nor should it be used there.

The sole place where we still use the MD5 algorithm inside IMA is setting
the ima_hash algorithm to MD5, if the user supplies 'ima_hash=md5'
parameter on the command line.  With commit ab60368ab6a4 ("ima: Fallback
to the builtin hash algorithm"), setting "ima_hash=md5" fails gracefully
when CRYPTO_MD5 is not set:
	ima: Can not allocate md5 (reason: -2)
	ima: Allocating md5 failed, going to use default hash algorithm sha256

Remove the CRYPTO_MD5 dependency for IMA.

Signed-off-by: THOBY Simon <Simon.THOBY@viveris.fr>
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
[zohar@linux.ibm.com: include commit number in patch description for
stable.]
Cc: stable@vger.kernel.org # 4.17
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 security/integrity/ima/Kconfig |    1 -
 1 file changed, 1 deletion(-)

--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -6,7 +6,6 @@  config IMA
 	select SECURITYFS
 	select CRYPTO
 	select CRYPTO_HMAC
-	select CRYPTO_MD5
 	select CRYPTO_SHA1
 	select CRYPTO_HASH_INFO
 	select TCG_TPM if HAS_IOMEM && !UML

[5.4,141/144] IMA: remove the dependency on CRYPTO_MD5

Commit Message

Patch