Re: please consider disabling obsolete crypto in 5.10 and later

To: Ard Biesheuvel <ardb@kernel.org>, debian-kernel@lists.debian.org
Subject: Re: please consider disabling obsolete crypto in 5.10 and later
From: Ard Biesheuvel <ardb@kernel.org>
Date: Fri, 5 Feb 2021 23:45:45 +0100
Message-id: <[🔎] CAMj1kXFQUMLF5qpjvG06oDHNpeRsnEy-DkiVzqZ=nTLj-cWtUQ@mail.gmail.com>
In-reply-to: <[🔎] YBhw1SGJeJbcBp9D@eldamar.lan>
References: <CAMj1kXHXdrLKf90xyj5yFq5RScZmPAmyr3wXHraY2iEp4EAmXA@mail.gmail.com> <[🔎] YBhw1SGJeJbcBp9D@eldamar.lan>

On Mon, 1 Feb 2021 at 22:21, Salvatore Bonaccorso <carnil@debian.org> wrote:
>
> Hi Ard,
>
> On Sat, Jan 30, 2021 at 04:41:16PM +0100, Ard Biesheuvel wrote:
> > L.S.,
> >
> > This is a request to consider disabling obsolete crypto in 5.10 and
> > later Debian builds of the Linux kernel on any architecture.
> >
> > We are all familiar with the rigid rules when it comes to not breaking
> > userspace by making changes to the kernel, but this rule only takes
> > effect when anybody notices, and so I am proposing disabling some code
> > downstream before removing it entirely.
> >
> > 5.10 introduces a new Kconfig symbol
> >
> > CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
> >
> > which is enabled by default, but depends on support for the AF_ALG
> > socket API being enabled. In turn, block ciphers that are obsolete and
> > unlikely to be used anywhere have been made to depend on this new
> > symbol.
> >
> > This means that these obsolete block ciphers will disappear entirely
> > when the AF_ALG socket API is omitted, but we can get rid of these
> > block ciphers explicitly too, by not setting the new symbol. I.e.,
> > adding
> >
> > # CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set
> >
> > to the kernel configs. Note that Fedora have already done so in release 33 [0]
> >
> > The block ciphers in question are RC4, Khazad, SEED, and
> > TEA/XTEA/XETA, none of which are used by the kernel itself, or known
> > to be used via the socket API (although a change was applied to
> > iwd/libell recently to get rid of an occurrence of RC4 - this change
> > has already been pulled into bullseye afaik)
> >
> > Note that this is not a statement on whether these algorithms are
> > secure or not -there is simply no point in carrying and shipping code
> > that nobody uses or audits, but which can be autoloaded and exercised
> > via an unprivileged interface.
>
> FTR (posteriori), we tried that in
> https://salsa.debian.org/kernel-team/linux/-/commit/633e1992f7d915c22b2a2adea87981e7503bb737
> (and is in the 5.10.12-1 upload to unstable).
>

Confirmed, thanks.

Reply to:

References:
- Re: please consider disabling obsolete crypto in 5.10 and later
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Uploading linux (5.10.13-1)
Next by Date: Bug#982056: cgroup: cgroup2: unknown option "memory_recursiveprot"
Previous by thread: Re: please consider disabling obsolete crypto in 5.10 and later
Next by thread: Re: please consider disabling obsolete crypto in 5.10 and later
Index(es):
- Date
- Thread