please consider disabling obsolete crypto in 5.10 and later
L.S.,
This is a request to consider disabling obsolete crypto in 5.10 and
later Debian builds of the Linux kernel on any architecture.
We are all familiar with the rigid rules when it comes to not breaking
userspace by making changes to the kernel, but this rule only takes
effect when anybody notices, and so I am proposing disabling some code
downstream before removing it entirely.
5.10 introduces a new Kconfig symbol
CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
which is enabled by default, but depends on support for the AF_ALG
socket API being enabled. In turn, block ciphers that are obsolete and
unlikely to be used anywhere have been made to depend on this new
symbol.
This means that these obsolete block ciphers will disappear entirely
when the AF_ALG socket API is omitted, but we can get rid of these
block ciphers explicitly too, by not setting the new symbol. I.e.,
adding
# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set
to the kernel configs. Note that Fedora have already done so in release 33 [0]
The block ciphers in question are RC4, Khazad, SEED, and
TEA/XTEA/XETA, none of which are used by the kernel itself, or known
to be used via the socket API (although a change was applied to
iwd/libell recently to get rid of an occurrence of RC4 - this change
has already been pulled into bullseye afaik)
Note that this is not a statement on whether these algorithms are
secure or not -there is simply no point in carrying and shipping code
that nobody uses or audits, but which can be autoloaded and exercised
via an unprivileged interface.
--
Ard.
[0] https://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git/commit/?h=f33
Reply to: