From: Ard Biesheuvel <ardb@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: herbert@gondor.apana.org.au, Ard Biesheuvel <ardb@kernel.org>,
Eric Biggers <ebiggers@kernel.org>,
ronnie sahlberg <ronniesahlberg@gmail.com>,
linux-cifs <linux-cifs@vger.kernel.org>,
Steve French <sfrench@samba.org>,
David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org
Subject: [PATCH 0/2] crypto: remove MD4 generic shash
Date: Wed, 18 Aug 2021 16:46:15 +0200 [thread overview]
Message-ID: <20210818144617.110061-1-ardb@kernel.org> (raw)
As discussed on the list [0], MD4 is still being relied upon by the CIFS
driver, even though successful attacks on MD4 are as old as Linux
itself.
So let's move the code into the CIFS driver, and remove it from the
crypto API so that it is no longer exposed to other subsystems or to
user space via AF_ALG.
Note: this leaves the code in crypto/asymmetric_keys that is able to
parse RSA+MD4 keys if an "md4" shash is available. Given that its
Kconfig symbol does not select CRYPTO_MD4, it only has a runtime
dependency on md4 and so we can either decide remove it later, or just
let it fail on the missing MD4 shash as it would today if the module is
not enabled.
[0] https://lore.kernel.org/linux-cifs/YRXlwDBfQql36wJx@sol.localdomain/
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: ronnie sahlberg <ronniesahlberg@gmail.com>
Cc: linux-cifs <linux-cifs@vger.kernel.org>
Cc: Steve French <sfrench@samba.org>
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Ard Biesheuvel (2):
fs/cifs: Incorporate obsolete MD4 crypto code
crypto: md4 - Remove obsolete algorithm
crypto/Kconfig | 6 -
crypto/Makefile | 1 -
crypto/md4.c | 241 --------------------
crypto/tcrypt.c | 14 +-
crypto/testmgr.c | 6 -
crypto/testmgr.h | 42 ----
fs/cifs/Kconfig | 1 -
fs/cifs/cifsfs.c | 1 -
fs/cifs/smbencrypt.c | 200 ++++++++++++++--
9 files changed, 178 insertions(+), 334 deletions(-)
delete mode 100644 crypto/md4.c
--
2.20.1
next reply other threads:[~2021-08-18 14:46 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-18 14:46 Ard Biesheuvel [this message]
2021-08-18 14:46 ` [PATCH 1/2] fs/cifs: Incorporate obsolete MD4 crypto code Ard Biesheuvel
2021-08-18 14:46 ` [PATCH 2/2] crypto: md4 - Remove obsolete algorithm Ard Biesheuvel
2021-08-18 14:51 ` [PATCH 0/2] crypto: remove MD4 generic shash Denis Kenzior
2021-08-18 16:10 ` Ard Biesheuvel
2021-08-18 16:23 ` Denis Kenzior
2021-08-18 16:47 ` Steve French
2021-08-18 22:08 ` Jeremy Allison
2021-08-19 3:49 ` Andrew Bartlett
2021-08-19 5:18 ` Eric Biggers
2021-08-19 5:23 ` Andrew Bartlett
2021-08-18 21:11 ` ronnie sahlberg
2021-08-18 22:10 ` Ard Biesheuvel
2021-08-18 22:22 ` Denis Kenzior
2021-08-18 23:03 ` Steve French
2021-08-19 16:56 ` Denis Kenzior
2021-08-19 10:42 ` Jarkko Sakkinen
2021-08-19 17:10 ` Steve French
2021-08-19 20:54 ` ronnie sahlberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210818144617.110061-1-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=ronniesahlberg@gmail.com \
--cc=sfrench@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).