Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp363327pxk; Fri, 11 Sep 2020 08:58:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxOMEhzJSxnxsAugm/29yz5Uh02Yw7BLBFRHKQameHD6BPgXM75Yxxjc7PDUXqhLyjVxczG X-Received: by 2002:a50:d7ca:: with SMTP id m10mr2896549edj.259.1599839899223; Fri, 11 Sep 2020 08:58:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599839899; cv=none; d=google.com; s=arc-20160816; b=RbUc9efFQaYh4wFAwMHMpMMB4rBmqh2qi9ugIYLVtRtRbyjyEFAAIDKY1S3Svq4mSY Wr2i+xtCAIaNoLmdhwtTb33Vv6F0MEB7hfZNgsAnlQ9Y8RrBagvXNfmyW0LSXL6EPb6Y p7wfACqlILqoOBcLEVYhJNCoheqGIuSQjCwdIRfDk4vE1PG6FemDrLJSs0uVTESZo7EE YLTW7waDJ9VyFaKv/XBrFluuqhBb1Ald+1GehXAA7j14t2Nqv6uPuiK7oe1h7C7QUnLD SfxBBYtXla9OqLOORx7lNmWxWAIyBW95YEWZJyUVghuw1vqcnRLgwInBps3k1qC79xJg TWqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=QWiGofrCbCXQ3E1RNaMzg69hOtooRxXPXnBnN4wYxQ8=; b=ecwlV94/n/R3XrmQaf8TR3aKW/Th+cHsQJCvo1VUxQndOOd8E8dzXuoKDaOQb+zzJ0 ovfqapu7FaCwcNYJIfRx2oOpysKsK3Liq0IMQV+u7qgAahlASTu+5bOfj1qWych0234N 0wO5iwqqcR21ZF3ubCIIkg+TcMunD+278FI/27N4OMjW48Ssp/qHaBZbKF0H9RR2OkU9 v7E4HTdtPZOVUWAfkUVS15cYqRpM1X8OgRy256BxI+7FAJf1OvZwhOu09eyZoxEquP7c xOeG72bQVfxDNnsTSqZCU3ew6v2UUrCbn4iE7Pxem/4EevmSYBkcqU2fLy+72dVghkqn XbDw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ZQdAe5kl; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id yc15si1837359ejb.23.2020.09.11.08.57.45; Fri, 11 Sep 2020 08:58:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=ZQdAe5kl; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726170AbgIKP5J (ORCPT + 99 others); Fri, 11 Sep 2020 11:57:09 -0400 Received: from mail.kernel.org ([198.145.29.99]:39806 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726228AbgIKPza (ORCPT ); Fri, 11 Sep 2020 11:55:30 -0400 Received: from e123331-lin.nice.arm.com (unknown [91.140.123.103]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C0F0322269; Fri, 11 Sep 2020 14:11:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1599833496; bh=rGbqf9/+lTR20/q7Oy//dTrBqkiYio6GueIG0oElcGY=; h=From:To:Cc:Subject:Date:From; b=ZQdAe5klBavXVdVmWwUvddVN51f4YmXyaQ7YmDxBa77Lv/tQ7xOLKuh4zvdnA3p1I L/KyvkhfWZWwQ5BQNqR73F58lI2+xeCeWldaj3GbZFDFDYpvzVbGVzt26G/cyOC+kt AjRT4MdCnfLVdA0hRXI5PmMl9GeZubBWGt5KaPjY= From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org, Ard Biesheuvel Subject: [PATCH] crypto: mark unused ciphers as obsolete Date: Fri, 11 Sep 2020 17:11:03 +0300 Message-Id: <20200911141103.14832-1-ardb@kernel.org> X-Mailer: git-send-email 2.17.1 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org We have a few interesting pieces in our cipher museum, which are never used internally, and were only ever provided as generic C implementations. Unfortunately, we cannot simply remove this code, as we cannot be sure that it is not being used via the AF_ALG socket API, however unlikely. So let's mark the Anubis, Khazad, SEED and TEA algorithms as obsolete, which means they can only be enabled in the build if the socket API is enabled in the first place. Signed-off-by: Ard Biesheuvel --- Hopefully, I will be able to convince the distro kernel maintainers to disable CRYPTO_USER_API_ENABLE_OBSOLETE in their v5.10+ builds once the iwd changes for arc4 make it downstream (Debian already has an updated version in its unstable distro). With the joint coverage of their QA, we should be able to confirm that these algos are never used, and actually remove them altogether. crypto/Kconfig | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/Kconfig b/crypto/Kconfig index e85d8a059489..fac10143d23f 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1185,6 +1185,7 @@ config CRYPTO_AES_PPC_SPE config CRYPTO_ANUBIS tristate "Anubis cipher algorithm" + depends on CRYPTO_USER_API_ENABLE_OBSOLETE select CRYPTO_ALGAPI help Anubis cipher algorithm. @@ -1424,6 +1425,7 @@ config CRYPTO_FCRYPT config CRYPTO_KHAZAD tristate "Khazad cipher algorithm" + depends on CRYPTO_USER_API_ENABLE_OBSOLETE select CRYPTO_ALGAPI help Khazad cipher algorithm. @@ -1487,6 +1489,7 @@ config CRYPTO_CHACHA_MIPS config CRYPTO_SEED tristate "SEED cipher algorithm" + depends on CRYPTO_USER_API_ENABLE_OBSOLETE select CRYPTO_ALGAPI help SEED cipher algorithm (RFC4269). @@ -1613,6 +1616,7 @@ config CRYPTO_SM4 config CRYPTO_TEA tristate "TEA, XTEA and XETA cipher algorithms" + depends on CRYPTO_USER_API_ENABLE_OBSOLETE select CRYPTO_ALGAPI help TEA cipher algorithm. -- 2.17.1