diff options
author | Dimitri John Ledkov <dimitri.ledkov@canonical.com> | 2023-10-10 22:25:29 +0100 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2023-10-20 13:39:26 +0800 |
commit | c1d760a47163bec1ecd5c82638c8c234fcbd549e (patch) | |
tree | bda5a40aa2bb521e3f6ec5cc4682ea4007890f8b /crypto | |
parent | 16ab7cb5825fc3425c16ad2c6e53d827f382d7c6 (diff) |
crypto: mscode_parser - remove sha224 authenticode support
It is possible to stand up own certificates and sign PE-COFF binaries
using SHA-224. However it never became popular or needed since it has
similar costs as SHA-256. Windows Authenticode infrastructure never
had support for SHA-224, and all secureboot keys used fro linux
vmlinuz have always been using at least SHA-256.
Given the point of mscode_parser is to support interoperatiblity with
typical de-facto hashes, remove support for SHA-224 to avoid
posibility of creating interoperatibility issues with rhboot/shim,
grub, and non-linux systems trying to sign or verify vmlinux.
SHA-224 itself is not removed from the kernel, as it is truncated
SHA-256. If requested I can write patches to remove SHA-224 support
across all of the drivers.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asymmetric_keys/mscode_parser.c | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/crypto/asymmetric_keys/mscode_parser.c b/crypto/asymmetric_keys/mscode_parser.c index 6416bded0e07..855cbc46a9c3 100644 --- a/crypto/asymmetric_keys/mscode_parser.c +++ b/crypto/asymmetric_keys/mscode_parser.c @@ -84,9 +84,6 @@ int mscode_note_digest_algo(void *context, size_t hdrlen, case OID_sha512: ctx->digest_algo = "sha512"; break; - case OID_sha224: - ctx->digest_algo = "sha224"; - break; case OID__NR: sprint_oid(value, vlen, buffer, sizeof(buffer)); |