[PATCH 0/2] drop RC4 support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ard Biesheuvel <ardb@kernel.org>
To: ell@lists.01.org
Subject: [PATCH 0/2] drop RC4 support
Date: Mon, 03 Aug 2020 12:54:47 +0200	[thread overview]
Message-ID: <20200803105449.124714-1-ardb@kernel.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 1349 bytes --]

RC4 support in libell is based on the ecb(arc4) skcipher exposed by the
Linux crypto API, which is an odd beast given that it does not
distinguish between the key and the IV, and therefore does not fit the
skcipher API very well.

Now that work is underway in the linux-crypto kernel community to
implement chained requests for skciphers, we are running into problems
with this: the state that needs to be kept between skcipher requests to
implement chaining is currently kept in the TFM object (which holds the
key) in the case of ecb(arc4), and moving this into the request object
(to match the way chaining is implemented for other skcipher modes) may
enable key reuse (and thus IV reuse in the ARC4 case), which amount to
catastrophic failure for any stream cipher.

So in order to address this in a safe and robust manner, we intend to
retire the ecb(arc4) skcipher entirely on the Linux side. This obviously
requires work in the userland side as well, hence this series.

Ard Biesheuvel (2):
  tls: remove support for RC4 cipher suites
  cipher: remove obsolete arc4 support

 ell/cipher.c       |  8 +--
 ell/cipher.h       |  4 +-
 ell/tls-suites.c   | 41 ++------------
 unit/test-cipher.c | 56 --------------------
 unit/test-tls.c    |  3 +-
 5 files changed, 11 insertions(+), 101 deletions(-)

-- 
2.20.1

next             reply	other threads:[~2020-08-03 10:54 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-03 10:54 Ard Biesheuvel [this message]
2020-08-03 10:54 ` [PATCH 1/2] tls: remove support for RC4 cipher suites Ard Biesheuvel
2020-08-03 10:54 ` [PATCH 2/2] cipher: remove obsolete arc4 support Ard Biesheuvel
2020-08-03 21:48 ` [PATCH 0/2] drop RC4 support Denis Kenzior

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200803105449.124714-1-ardb@kernel.org \
    --to=ardb@kernel.org \
    --cc=ell@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.