On Tue, May 05, 2026 at 08:00:05PM -0700, Eric Biggers wrote: > MD5 is obsolete, is vulnerable to collision attacks, and is being > replaced by SHA-256 in new systems. It doesn't make sense to continue > to maintain architecture-optimized implementations of MD5. Effort > should be spent on modern algorithms. > > Indeed, architecture-optimized MD5 code remains only for powerpc. It > was already removed from mips and sparc, and it never existed for any > other architecture (e.g. x86, arm, or arm64) in the first place. > Earlier the decision was made to keep the powerpc MD5 code for a while > anyway because of someone using it via AF_ALG via libkcapi-hasher > (https://lore.kernel.org/r/[email protected]/) > > However, with AF_ALG itself now being on its way out due to its > continuous stream of security vulnerabilities > (https://lore.kernel.org/r/[email protected]/), > it's also time to be a bit more forceful with nudging people towards > userspace crypto code. It's always been the better solution anyway, and > it's much more efficient if properly optimized code is used. > > Note that the md5-asm.S file contains no privileged instructions and > could be run in userspace just fine. > > Thus, we now have two factors going against keeping the powerpc MD5 > code. Different people might weigh these two factors differently, but I > think the two of them together make the removal the clear choice. > > Let's remove it. > > Acked-by: Christophe Leroy (CS GROUP) <[email protected]> > Acked-by: Ard Biesheuvel <[email protected]> > Signed-off-by: Eric Biggers <[email protected]> > --- > > This patch is intended to be taken via libcrypto-next
Applied to https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-next - Eric
