crypto: pkcs7 - remove md4 md5 x.509 support

Remove support for md4 md5 hash and signatures in x.509 certificate
parsers, pkcs7 signature parser, authenticode parser.

All of these are insecure or broken, and everyone has long time ago
migrated to alternative hash implementations.

Also remove md2 & md3 oids which have already didn't have support.

This is also likely the last user of md4 in the kernel, and thus
crypto/md4.c and related tests in tcrypt & testmgr can likely be
removed. Other users such as cifs smbfs ext modpost sumversions have
their own internal implementation as needed.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/asymmetric_keys/mscode_parser.c b/crypto/asymmetric_keys/mscode_parser.c
index 839591ad21ac04992d23b657664a0f7e9560c323..690405ebe77b3145222acb5abd8ad12e7e69fe74 100644 (file)
--- a/crypto/asymmetric_keys/mscode_parser.c
+++ b/crypto/asymmetric_keys/mscode_parser.c
@@ -75,12 +75,6 @@ int mscode_note_digest_algo(void *context, size_t hdrlen,
 
        oid = look_up_OID(value, vlen);
        switch (oid) {
-       case OID_md4:
-               ctx->digest_algo = "md4";
-               break;
-       case OID_md5:
-               ctx->digest_algo = "md5";
-               break;
        case OID_sha1:
                ctx->digest_algo = "sha1";
                break;

diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
index 277482bb17777148935430aac9391406934b9a24..cf4caab9620ff1e1bf0fdeb95d6a7f611ed36693 100644 (file)
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -227,12 +227,6 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
        struct pkcs7_parse_context *ctx = context;
 
        switch (ctx->last_oid) {
-       case OID_md4:
-               ctx->sinfo->sig->hash_algo = "md4";
-               break;
-       case OID_md5:
-               ctx->sinfo->sig->hash_algo = "md5";
-               break;
        case OID_sha1:
                ctx->sinfo->sig->hash_algo = "sha1";
                break;

diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index 0a7049b470c1812a710b9815a052e02b253e8f44..2c30928621b7e9d4c96094282e987dcee7ac3368 100644 (file)
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -195,15 +195,9 @@ int x509_note_sig_algo(void *context, size_t hdrlen, unsigned char tag,
        pr_debug("PubKey Algo: %u\n", ctx->last_oid);
 
        switch (ctx->last_oid) {
-       case OID_md2WithRSAEncryption:
-       case OID_md3WithRSAEncryption:
        default:
                return -ENOPKG; /* Unsupported combination */
 
-       case OID_md4WithRSAEncryption:
-               ctx->cert->sig->hash_algo = "md4";
-               goto rsa_pkcs1;
-
        case OID_sha1WithRSAEncryption:
                ctx->cert->sig->hash_algo = "sha1";
                goto rsa_pkcs1;

diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index f86a08ba0207ee1dd1bb704b6380d55b2d3feb1f..4d04fa5d1eeceb858b858e9df21871252d9d06ac 100644 (file)
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -30,9 +30,6 @@ enum OID {
 
        /* PKCS#1 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)} */
        OID_rsaEncryption,              /* 1.2.840.113549.1.1.1 */
-       OID_md2WithRSAEncryption,       /* 1.2.840.113549.1.1.2 */
-       OID_md3WithRSAEncryption,       /* 1.2.840.113549.1.1.3 */
-       OID_md4WithRSAEncryption,       /* 1.2.840.113549.1.1.4 */
        OID_sha1WithRSAEncryption,      /* 1.2.840.113549.1.1.5 */
        OID_sha256WithRSAEncryption,    /* 1.2.840.113549.1.1.11 */
        OID_sha384WithRSAEncryption,    /* 1.2.840.113549.1.1.12 */
@@ -49,11 +46,6 @@ enum OID {
        OID_smimeCapabilites,           /* 1.2.840.113549.1.9.15 */
        OID_smimeAuthenticatedAttrs,    /* 1.2.840.113549.1.9.16.2.11 */
 
-       /* {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2)} */
-       OID_md2,                        /* 1.2.840.113549.2.2 */
-       OID_md4,                        /* 1.2.840.113549.2.4 */
-       OID_md5,                        /* 1.2.840.113549.2.5 */
-
        OID_mskrb5,                     /* 1.2.840.48018.1.2.2 */
        OID_krb5,                       /* 1.2.840.113554.1.2.2 */
        OID_krb5u2u,                    /* 1.2.840.113554.1.2.2.3 */