mbox series

[v3,0/7] crypto: mark ecb(arc4) skcipher as obsolete

Message ID 20200831151649.21969-1-ardb@kernel.org (mailing list archive)
Headers show
Series crypto: mark ecb(arc4) skcipher as obsolete | expand

Message

Ard Biesheuvel Aug. 31, 2020, 3:16 p.m. UTC
RC4 hasn't aged very well, and is a poor fit for the skcipher API so it
would be good if we could get rid of the ecb(arc4) drivers in the kernel
at some point in the future. This prevents new users from creeping in, and
allows us to improve the skcipher API without having to care too much about
obsolete algorithms that may be difficult to support going forward.

So let's get rid of any remaining in-kernel users, either by switching them
to the arc4 library API (for cases which simply cannot change algorithms,
e.g., WEP), or dropping the code entirely. Also remove the remaining h/w
accelerated implementations, and mark the generic s/w implementation as
obsolete in Kconfig.

Changes since v2:
- depend on CRYPTO_USER_API not CRYPTO_USER
- rename CRYPTO_USER_ENABLE_OBSOLETE to CRYPTO_USER_API_ENABLE_OBSOLETE for
  clarity

Changes since RFC [0]:
- keep ecb(arc4) generic C implementation, and the associated test vectors,
  but print a warning about ecb(arc4) being obsolete so we can identify
  remaining users
- add a Kconfig option to en/disable obsolete algorithms that are only kept
  around to prevent breaking users that rely on it via the socket interface
- add a patch to clean up some bogus Kconfig dependencies
- add acks to patches #1, #2 and #3

[0] https://lore.kernel.org/driverdev-devel/20200702101947.682-1-ardb@kernel.org/

Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Trond Myklebust <trond.myklebust@hammerspace.com>
Cc: Anna Schumaker <anna.schumaker@netapp.com>
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Chuck Lever <chuck.lever@oracle.com>
Cc: Eric Biggers <ebiggers@google.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: linux-crypto@vger.kernel.org
Cc: netdev@vger.kernel.org
Cc: devel@driverdev.osuosl.org
Cc: linux-nfs@vger.kernel.org

Ard Biesheuvel (7):
  staging/rtl8192e: switch to RC4 library interface
  staging/rtl8192u: switch to RC4 library interface
  SUNRPC: remove RC4-HMAC-MD5 support from KerberosV
  crypto: n2 - remove ecb(arc4) support
  crypto: bcm-iproc - remove ecb(arc4) support
  net: wireless: drop bogus CRYPTO_xxx Kconfig selects
  crypto: arc4 - mark ecb(arc4) skcipher as obsolete

 crypto/Kconfig                                |  10 +
 crypto/arc4.c                                 |  10 +
 drivers/crypto/bcm/cipher.c                   |  96 +-----
 drivers/crypto/bcm/cipher.h                   |   1 -
 drivers/crypto/bcm/spu.c                      |  23 +-
 drivers/crypto/bcm/spu.h                      |   1 -
 drivers/crypto/bcm/spu2.c                     |  12 +-
 drivers/crypto/bcm/spu2.h                     |   1 -
 drivers/crypto/n2_core.c                      |  46 ---
 drivers/net/wireless/intel/ipw2x00/Kconfig    |   4 -
 drivers/net/wireless/intersil/hostap/Kconfig  |   4 -
 drivers/staging/rtl8192e/Kconfig              |   4 +-
 drivers/staging/rtl8192e/rtllib_crypt_tkip.c  |  70 +----
 drivers/staging/rtl8192e/rtllib_crypt_wep.c   |  72 +----
 drivers/staging/rtl8192u/Kconfig              |   1 +
 .../rtl8192u/ieee80211/ieee80211_crypt_tkip.c |  81 +----
 .../rtl8192u/ieee80211/ieee80211_crypt_wep.c  |  64 +---
 include/linux/sunrpc/gss_krb5.h               |  11 -
 include/linux/sunrpc/gss_krb5_enctypes.h      |   9 +-
 net/sunrpc/Kconfig                            |   1 -
 net/sunrpc/auth_gss/gss_krb5_crypto.c         | 276 ------------------
 net/sunrpc/auth_gss/gss_krb5_mech.c           |  95 ------
 net/sunrpc/auth_gss/gss_krb5_seal.c           |   1 -
 net/sunrpc/auth_gss/gss_krb5_seqnum.c         |  87 ------
 net/sunrpc/auth_gss/gss_krb5_unseal.c         |   1 -
 net/sunrpc/auth_gss/gss_krb5_wrap.c           |  65 +----
 26 files changed, 97 insertions(+), 949 deletions(-)

Comments

Herbert Xu Sept. 11, 2020, 6:57 a.m. UTC | #1
On Mon, Aug 31, 2020 at 06:16:42PM +0300, Ard Biesheuvel wrote:
> RC4 hasn't aged very well, and is a poor fit for the skcipher API so it
> would be good if we could get rid of the ecb(arc4) drivers in the kernel
> at some point in the future. This prevents new users from creeping in, and
> allows us to improve the skcipher API without having to care too much about
> obsolete algorithms that may be difficult to support going forward.
> 
> So let's get rid of any remaining in-kernel users, either by switching them
> to the arc4 library API (for cases which simply cannot change algorithms,
> e.g., WEP), or dropping the code entirely. Also remove the remaining h/w
> accelerated implementations, and mark the generic s/w implementation as
> obsolete in Kconfig.
> 
> Changes since v2:
> - depend on CRYPTO_USER_API not CRYPTO_USER
> - rename CRYPTO_USER_ENABLE_OBSOLETE to CRYPTO_USER_API_ENABLE_OBSOLETE for
>   clarity
> 
> Changes since RFC [0]:
> - keep ecb(arc4) generic C implementation, and the associated test vectors,
>   but print a warning about ecb(arc4) being obsolete so we can identify
>   remaining users
> - add a Kconfig option to en/disable obsolete algorithms that are only kept
>   around to prevent breaking users that rely on it via the socket interface
> - add a patch to clean up some bogus Kconfig dependencies
> - add acks to patches #1, #2 and #3
> 
> [0] https://lore.kernel.org/driverdev-devel/20200702101947.682-1-ardb@kernel.org/
> 
> Cc: Herbert Xu <herbert@gondor.apana.org.au>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: Trond Myklebust <trond.myklebust@hammerspace.com>
> Cc: Anna Schumaker <anna.schumaker@netapp.com>
> Cc: "J. Bruce Fields" <bfields@fieldses.org>
> Cc: Chuck Lever <chuck.lever@oracle.com>
> Cc: Eric Biggers <ebiggers@google.com>
> Cc: Arnd Bergmann <arnd@arndb.de>
> Cc: linux-crypto@vger.kernel.org
> Cc: netdev@vger.kernel.org
> Cc: devel@driverdev.osuosl.org
> Cc: linux-nfs@vger.kernel.org
> 
> Ard Biesheuvel (7):
>   staging/rtl8192e: switch to RC4 library interface
>   staging/rtl8192u: switch to RC4 library interface
>   SUNRPC: remove RC4-HMAC-MD5 support from KerberosV
>   crypto: n2 - remove ecb(arc4) support
>   crypto: bcm-iproc - remove ecb(arc4) support
>   net: wireless: drop bogus CRYPTO_xxx Kconfig selects
>   crypto: arc4 - mark ecb(arc4) skcipher as obsolete
> 
>  crypto/Kconfig                                |  10 +
>  crypto/arc4.c                                 |  10 +
>  drivers/crypto/bcm/cipher.c                   |  96 +-----
>  drivers/crypto/bcm/cipher.h                   |   1 -
>  drivers/crypto/bcm/spu.c                      |  23 +-
>  drivers/crypto/bcm/spu.h                      |   1 -
>  drivers/crypto/bcm/spu2.c                     |  12 +-
>  drivers/crypto/bcm/spu2.h                     |   1 -
>  drivers/crypto/n2_core.c                      |  46 ---
>  drivers/net/wireless/intel/ipw2x00/Kconfig    |   4 -
>  drivers/net/wireless/intersil/hostap/Kconfig  |   4 -
>  drivers/staging/rtl8192e/Kconfig              |   4 +-
>  drivers/staging/rtl8192e/rtllib_crypt_tkip.c  |  70 +----
>  drivers/staging/rtl8192e/rtllib_crypt_wep.c   |  72 +----
>  drivers/staging/rtl8192u/Kconfig              |   1 +
>  .../rtl8192u/ieee80211/ieee80211_crypt_tkip.c |  81 +----
>  .../rtl8192u/ieee80211/ieee80211_crypt_wep.c  |  64 +---
>  include/linux/sunrpc/gss_krb5.h               |  11 -
>  include/linux/sunrpc/gss_krb5_enctypes.h      |   9 +-
>  net/sunrpc/Kconfig                            |   1 -
>  net/sunrpc/auth_gss/gss_krb5_crypto.c         | 276 ------------------
>  net/sunrpc/auth_gss/gss_krb5_mech.c           |  95 ------
>  net/sunrpc/auth_gss/gss_krb5_seal.c           |   1 -
>  net/sunrpc/auth_gss/gss_krb5_seqnum.c         |  87 ------
>  net/sunrpc/auth_gss/gss_krb5_unseal.c         |   1 -
>  net/sunrpc/auth_gss/gss_krb5_wrap.c           |  65 +----
>  26 files changed, 97 insertions(+), 949 deletions(-)

All applied.  Thanks.