mirror of
https://github.com/torvalds/linux
synced 2024-10-14 23:39:09 +00:00
crypto: mscode_parser - remove sha224 authenticode support
It is possible to stand up own certificates and sign PE-COFF binaries using SHA-224. However it never became popular or needed since it has similar costs as SHA-256. Windows Authenticode infrastructure never had support for SHA-224, and all secureboot keys used fro linux vmlinuz have always been using at least SHA-256. Given the point of mscode_parser is to support interoperatiblity with typical de-facto hashes, remove support for SHA-224 to avoid posibility of creating interoperatibility issues with rhboot/shim, grub, and non-linux systems trying to sign or verify vmlinux. SHA-224 itself is not removed from the kernel, as it is truncated SHA-256. If requested I can write patches to remove SHA-224 support across all of the drivers. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
16ab7cb582
commit
c1d760a471
|
@ -84,9 +84,6 @@ int mscode_note_digest_algo(void *context, size_t hdrlen,
|
|||
case OID_sha512:
|
||||
ctx->digest_algo = "sha512";
|
||||
break;
|
||||
case OID_sha224:
|
||||
ctx->digest_algo = "sha224";
|
||||
break;
|
||||
|
||||
case OID__NR:
|
||||
sprint_oid(value, vlen, buffer, sizeof(buffer));
|
||||
|
|
Loading…
Reference in a new issue