From patchwork Mon Nov  2 16:42:18 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: dann frazier <dann.frazier@canonical.com>
X-Patchwork-Id: 1392377
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4CPzGx2y06z9sVl;
	Tue,  3 Nov 2020 03:42:33 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1kZcuY-0007NO-Q2; Mon, 02 Nov 2020 16:42:26 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <dann.frazier@canonical.com>) id 1kZcuW-0007NI-Rq
 for kernel-team@lists.ubuntu.com; Mon, 02 Nov 2020 16:42:24 +0000
Received: from 2.general.dannf.us.vpn ([10.172.65.1] helo=localhost)
 by youngberry.canonical.com with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <dann.frazier@canonical.com>) id 1kZcuW-0004rw-CI
 for kernel-team@lists.ubuntu.com; Mon, 02 Nov 2020 16:42:24 +0000
From: dann frazier <dann.frazier@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [RFC PATCH][Unstable] UBUNTU: [Config] Disable
 CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE
Date: Mon,  2 Nov 2020 09:42:18 -0700
Message-Id: <20201102164218.1013390-1-dann.frazier@canonical.com>
X-Mailer: git-send-email 2.29.1
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Disables deprecated algorithms unused by the kernel but exposed to userspace
via AF_ALG as recommended here:

 https://lists.linaro.org/pipermail/cross-distro/2020-October/000938.html

As noted, iwd (universe) did have a dependency on the kernel's ecb(arc4) but
upstream has now replaced that with a userspace version:

https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=1db8a85a60c645232eb5bba1ec0cd0a2927ccd16

While we have a new enough iwd in hirsute, focal's version still has this
dependency. So, if we decide to do this, we may also want to SRU that back.

Signed-off-by: dann frazier <dann.frazier@canonical.com>
---
 debian.master/config/annotations          |  7 ++-----
 debian.master/config/config.common.ubuntu | 12 ++++++------
 2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index 81938786ab66..3a11bafaebcf 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -280,8 +280,6 @@ CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL              policy<{'amd64': 'm'}>
 CONFIG_CRYPTO_AES                               policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_CRYPTO_AES_TI                            policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
 CONFIG_CRYPTO_AES_NI_INTEL                      policy<{'amd64': 'm'}>
-CONFIG_CRYPTO_ANUBIS                            policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
-CONFIG_CRYPTO_ARC4                              policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
 CONFIG_CRYPTO_BLOWFISH                          policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
 CONFIG_CRYPTO_BLOWFISH_X86_64                   policy<{'amd64': 'm'}>
 CONFIG_CRYPTO_CAMELLIA                          policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
@@ -295,17 +293,14 @@ CONFIG_CRYPTO_CAST6_AVX_X86_64                  policy<{'amd64': 'm'}>
 CONFIG_CRYPTO_DES                               policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
 CONFIG_CRYPTO_DES3_EDE_X86_64                   policy<{'amd64': 'm'}>
 CONFIG_CRYPTO_FCRYPT                            policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
-CONFIG_CRYPTO_KHAZAD                            policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
 CONFIG_CRYPTO_SALSA20                           policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
 CONFIG_CRYPTO_CHACHA20                          policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
 CONFIG_CRYPTO_CHACHA20_X86_64                   policy<{'amd64': 'm'}>
-CONFIG_CRYPTO_SEED                              policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
 CONFIG_CRYPTO_SERPENT                           policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
 CONFIG_CRYPTO_SERPENT_SSE2_X86_64               policy<{'amd64': 'm'}>
 CONFIG_CRYPTO_SERPENT_AVX_X86_64                policy<{'amd64': 'm'}>
 CONFIG_CRYPTO_SERPENT_AVX2_X86_64               policy<{'amd64': 'm'}>
 CONFIG_CRYPTO_SM4                               policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
-CONFIG_CRYPTO_TEA                               policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
 CONFIG_CRYPTO_TWOFISH                           policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
 CONFIG_CRYPTO_TWOFISH_X86_64                    policy<{'amd64': 'm'}>
 CONFIG_CRYPTO_TWOFISH_X86_64_3WAY               policy<{'amd64': 'm'}>
@@ -322,6 +317,7 @@ CONFIG_CRYPTO_USER_API_HASH                     policy<{'amd64': 'm', 'arm64': '
 CONFIG_CRYPTO_USER_API_SKCIPHER                 policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
 CONFIG_CRYPTO_USER_API_RNG                      policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
 CONFIG_CRYPTO_USER_API_AEAD                     policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
+CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE		policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 's390x': 'n'}>
 CONFIG_CRYPTO_STATS                             policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 's390x': 'y'}>
 CONFIG_CRYPTO_LIB_BLAKE2S                       policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
 CONFIG_CRYPTO_LIB_CHACHA                        policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 's390x': 'm'}>
@@ -439,6 +435,7 @@ CONFIG_CRYPTO_DEV_SA2UL                         policy<{'arm64': 'm'}>
 #
 CONFIG_CRYPTO_DEV_HISI_ZIP                      mark<ENFORCED>
 CONFIG_ZCRYPT_MULTIDEVNODES                     mark<ENFORCED> note<LP:1805429>
+CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE		mark<ENFORCED> note<Obsolete w/ no known userspace dependencies>
 
 # Menu: Cryptographic API >> Hardware crypto devices >> Algorithms enabled for QCE acceleration
 CONFIG_CRYPTO_DEV_QCE_ENABLE_ALL	        policy<{'arm64': 'y', 'armhf': 'y'}>
diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index 8500c4203ac7..1dad0154fc4d 100644
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -2124,8 +2124,8 @@ CONFIG_CRYPTO_AKCIPHER2=y
 CONFIG_CRYPTO_ALGAPI=y
 CONFIG_CRYPTO_ALGAPI2=y
 CONFIG_CRYPTO_ANSI_CPRNG=m
-CONFIG_CRYPTO_ANUBIS=m
-CONFIG_CRYPTO_ARC4=m
+# CONFIG_CRYPTO_ANUBIS is not set
+# CONFIG_CRYPTO_ARC4 is not set
 CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S=m
 CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=m
 CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=m
@@ -2295,7 +2295,7 @@ CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_HW=y
 CONFIG_CRYPTO_JITTERENTROPY=y
 CONFIG_CRYPTO_KEYWRAP=m
-CONFIG_CRYPTO_KHAZAD=m
+# CONFIG_CRYPTO_KHAZAD is not set
 CONFIG_CRYPTO_KPP=y
 CONFIG_CRYPTO_KPP2=y
 CONFIG_CRYPTO_LIB_AES=y
@@ -2345,7 +2345,7 @@ CONFIG_CRYPTO_RNG2=y
 CONFIG_CRYPTO_RNG_DEFAULT=y
 CONFIG_CRYPTO_RSA=y
 CONFIG_CRYPTO_SALSA20=m
-CONFIG_CRYPTO_SEED=m
+# CONFIG_CRYPTO_SEED is not set
 CONFIG_CRYPTO_SEQIV=y
 CONFIG_CRYPTO_SERPENT=m
 CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
@@ -2386,7 +2386,7 @@ CONFIG_CRYPTO_SM4=m
 CONFIG_CRYPTO_SM4_ARM64_CE=m
 CONFIG_CRYPTO_STATS=y
 CONFIG_CRYPTO_STREEBOG=m
-CONFIG_CRYPTO_TEA=m
+# CONFIG_CRYPTO_TEA is not set
 CONFIG_CRYPTO_TEST=m
 CONFIG_CRYPTO_TGR192=m
 CONFIG_CRYPTO_TWOFISH=m
@@ -2397,7 +2397,7 @@ CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m
 CONFIG_CRYPTO_USER=m
 CONFIG_CRYPTO_USER_API=m
 CONFIG_CRYPTO_USER_API_AEAD=m
-CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE=y
+# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set
 CONFIG_CRYPTO_USER_API_HASH=m
 CONFIG_CRYPTO_USER_API_RNG=m
 # CONFIG_CRYPTO_USER_API_RNG_CAVP is not set