From: Ard Biesheuvel <ardb@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org,
Ard Biesheuvel <ardb@kernel.org>
Subject: [PATCH] crypto: mark unused ciphers as obsolete
Date: Fri, 11 Sep 2020 17:11:03 +0300 [thread overview]
Message-ID: <20200911141103.14832-1-ardb@kernel.org> (raw)
We have a few interesting pieces in our cipher museum, which are never
used internally, and were only ever provided as generic C implementations.
Unfortunately, we cannot simply remove this code, as we cannot be sure
that it is not being used via the AF_ALG socket API, however unlikely.
So let's mark the Anubis, Khazad, SEED and TEA algorithms as obsolete,
which means they can only be enabled in the build if the socket API is
enabled in the first place.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
Hopefully, I will be able to convince the distro kernel maintainers to
disable CRYPTO_USER_API_ENABLE_OBSOLETE in their v5.10+ builds once the
iwd changes for arc4 make it downstream (Debian already has an updated
version in its unstable distro). With the joint coverage of their QA,
we should be able to confirm that these algos are never used, and
actually remove them altogether.
crypto/Kconfig | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index e85d8a059489..fac10143d23f 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1185,6 +1185,7 @@ config CRYPTO_AES_PPC_SPE
config CRYPTO_ANUBIS
tristate "Anubis cipher algorithm"
+ depends on CRYPTO_USER_API_ENABLE_OBSOLETE
select CRYPTO_ALGAPI
help
Anubis cipher algorithm.
@@ -1424,6 +1425,7 @@ config CRYPTO_FCRYPT
config CRYPTO_KHAZAD
tristate "Khazad cipher algorithm"
+ depends on CRYPTO_USER_API_ENABLE_OBSOLETE
select CRYPTO_ALGAPI
help
Khazad cipher algorithm.
@@ -1487,6 +1489,7 @@ config CRYPTO_CHACHA_MIPS
config CRYPTO_SEED
tristate "SEED cipher algorithm"
+ depends on CRYPTO_USER_API_ENABLE_OBSOLETE
select CRYPTO_ALGAPI
help
SEED cipher algorithm (RFC4269).
@@ -1613,6 +1616,7 @@ config CRYPTO_SM4
config CRYPTO_TEA
tristate "TEA, XTEA and XETA cipher algorithms"
+ depends on CRYPTO_USER_API_ENABLE_OBSOLETE
select CRYPTO_ALGAPI
help
TEA cipher algorithm.
--
2.17.1
next reply other threads:[~2020-09-11 15:57 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-11 14:11 Ard Biesheuvel [this message]
2020-09-11 16:23 ` [PATCH] crypto: mark unused ciphers as obsolete Van Leeuwen, Pascal
2020-09-11 16:30 ` Ard Biesheuvel
2020-09-11 16:46 ` Van Leeuwen, Pascal
2020-09-12 10:05 ` Milan Broz
2020-09-18 7:30 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200911141103.14832-1-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).