Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp689091pxb; Mon, 16 Aug 2021 15:20:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxUcNMlS+8+ISGW1wcATU1Ay42Skuz4d4KU5zFKrIr8+SCUJdGOPbCqgayzujcQVL0ZShek X-Received: by 2002:a05:6e02:1d06:: with SMTP id i6mr139517ila.113.1629152425272; Mon, 16 Aug 2021 15:20:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629152425; cv=none; d=google.com; s=arc-20160816; b=sYbT8BJpJ1PGZfQgtfuPIYLbixKL1wKRfc1BgxTXmSPrqph1Ec0ARwh7r02wDFQDMX aXgfTtUtM7xIAsBo+E0NeEkUbFISWiYAhCZH+c873nCpfcLzL+nnbQv33rZLs+xwPaGZ isHsDKgGzDGeg8QXXoITgiEIhuhgnRuSqCjH7rAFAk7ND6qsvpkjyYlCbsD6mho1MHNv JeazQBsT4wnEJyyFNU3uHNWcNtr97JKf2jVxPLTVgaQr5G0YJBi2tuSNEjI3OmP+MVQY 3pqUgv2mvl9UQD0lEC5fBe40ZyizPnHCYqDUdGoRht56TKnpo8FTMj2Y1u488fhZMXVE bbjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=FzBrmu/3CW/8lyQMmK+Ly5/lL4aVDYMvjGlAGV17LOk=; b=rqR0f8d7ezSxIrLo/8RgIo1bdzV+5c0/b3tlfvWSdLnO4DSipv6hm2dPxh+1Ku5nAr QGCbwiyNjAFeRzHs4Z/zSMhcLrgoIBJ8blLJdu+N6aIMLb0LV7ifQwkfOqbUVBBMHUh1 8T9QX/z/RwBJFqcgCzcXTSxdD+ff5JFMDfcOHKHo0f4uEMXf8a1YP8aBo+5Oqm4qcQpX p5Mx7ycP9wcgUhpeUn8IXj66gdL39rFwCBSHv9ks4F3dMgK7MCyiJBCsoMvZE+DOp6aq VAcXGk89iF2xiMQrBbTLpd0sqMRdvCLIcUXe18eWuKcp6ZTaGc/YNs77Zs5cVMfftW+5 g3nw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=szs8TgkY; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y28si320623iot.48.2021.08.16.15.20.02; Mon, 16 Aug 2021 15:20:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=szs8TgkY; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232272AbhHPWUZ (ORCPT + 99 others); Mon, 16 Aug 2021 18:20:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:47836 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232269AbhHPWUY (ORCPT ); Mon, 16 Aug 2021 18:20:24 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 83934600CD; Mon, 16 Aug 2021 22:19:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1629152392; bh=YKbfqveW5N6PrKymvvb2EoK2UYjeEoMZZv9MnO8p2kQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=szs8TgkYPedA6TINs/C8u6K8r+SyUFLyfJlV4SQJ70kIexOLUionxEUm6yxTcTNAK rxCVPu+AYkHBMMsJeOmt2WTNKOnKmC5pr9VBvQGmfJ/IQ5V+peBAVjd6r4Ce+AcHLO +IJCBtOwIi6Y/RNETIRPD/TB71lprU54lVGiPBtE7EhNShb7T7+5XZSEQlE8WnooSL QxCMOp6OlEfRuebhTCUBSsgQHJbt8+6+IfkxlHZ/fynK1Jf0rk+O+A1JvLnKEkIZM3 ZpTc47T9/MTA3DsfJmZrcs6OrOYONIxn5Pb9nCzfovh3jWzn+TOxjx3jOCb3q/G8cB 7kAd0qqHRiFGw== Date: Mon, 16 Aug 2021 15:19:51 -0700 From: Eric Biggers To: ronnie sahlberg Cc: linux-cifs , Steve French , "samba-technical@lists.samba.org" , linux-crypto@vger.kernel.org Subject: Re: Building cifs.ko without any support for insecure crypto? Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Sun, Aug 15, 2021 at 08:38:23PM +1000, ronnie sahlberg wrote: > > What are the plans here? To just offer the possibility to disable all > these old crypto and hashes on a local kernel compile? > Or is the plan to just outright remove it from the kernel sources? > > If the first, I think that could possible be done for cifs. I think a > lot of the security minded larger enterprises already may be disabling > both SMB1 and also NTLM on serverside, so they would be fine. > > For the latter, I think it would be a no-go since aside from krb5 > there are just no other viable authentication mechs for smb. Removing the code would be best, but allowing it to be compiled out would be the next best thing. > TL;DR > If NTLMSSP authentication is disabled, there are no other options to > map a share than using KRB5 > and setting up the krb5 infrastructure. And thus smaller sites will > not be able to use CIFS :-( > So while I think it is feasible to add support to cifs.ko to > conditionally disable features depending in a kernel compile (no SMB1 > if des/rc4 is missing, no NTLM if rc4/md4/md5 is missing) I don't > think it is feasible to disable these by default. > I will work on making it possible to build cifs.ko with limied > functionality when these algorithms are disabled though. FWIW, the way this came up is that the Compatibility Test Suite for Android 11 verifies that CONFIG_CRYPTO_MD4 isn't set. The reason that test got added is because for a short time, CONFIG_CRYPTO_MD4 had accidentally been enabled in the recommended kernel config for Android. Since "obviously" no one would be using a completely broken crypto algorithm from 31 years ago, when fixing that bug we decided to go a bit further and just forbid it from the kernel config. I guess we'll have to remove that test for now (assuming that CONFIG_CIFS is to be allowed at all on an Android device, and that the people who want to use it don't want to use kerberos which is probably the case). It is beyond ridiculous that this is even an issue though, given that MD4 has been severely compromised for over 25 years. One thing which we should seriously consider doing is removing md4 from the crypto API and moving it into fs/cifs/. It isn't a valid crypto algorithm, so anyone who wants to use it should have to maintain it themselves. - Eric