[openssl-dev] Removing obsolete crypto from OpenSSL 1.1 - seeking feedback

Hubert Kario hkario at redhat.com
Mon Nov 16 18:25:07 UTC 2015 

On Monday 16 November 2015 16:51:10 Emilia Käsper wrote:
> IDEA, MD2, MDC2, RC5, RIPEMD, SEED, Whirlpool, binary curves
> 
> This isn't of course entirely representative of widespread usage.
> However Google's multi-billion line codebase now builds against
> BoringSSL and therefore largely does not depend on these algorithms.
> Those billions of lines aren't all new and shiny code written in
> 2015, and some of it does have to interoperate with the outside
> world.
> 
> And here's the list gone from LibreSSL, from what I can tell:
> 
> MD2, MDC2, RC5, SEED
> 
> Neither have removed CAST, and there is presumably a good reason for
> that. (PGP?)
> 
> It seems to me that these can pretty safely go:
> 
> MD2 - (The argument that someone somewhere may want to keep verifying
> old MD2 signatures on self-signed certs doesn't seem like a
> compelling enough reason to me. It's been disabled by default since
> OpenSSL 1.0.0.) MDC2
> SEED
> RC5
> 
> These could probably stay (C only):
> 
> CAST
> IDEA
> RIPEMD (used in Bitcoin?)
> WHIRLPOOL
> 
> as well as
> 
> BLOWFISH
> MD4
> RC2
> 
> I am on the fence about the binary curves: I am not aware of any
> usage, really, and it's not about to pick up now.

I'm afraid you're too focused on TLS/SSL use case. And while it is 
important it's not the only use case the OpenSSL does serve.

And for what it's worth, I'm very much *for* removing as much (and as 
fast as possible) support for the old junk (or unused stuff - like 
curves < 256 bit) in TLS. Search the archives for "Insecure DEFAULT 
cipher set" for an example.

But stuff like this:

> The argument that someone somewhere may want to keep verifying
> old MD2 signatures on self-signed certs

is not true. I was talking about document signatures, time stamps, CRL 
signatures and certificate signatures in general. Not the trust anchors 
or their self-signatures.

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151116/95555aca/attachment.sig>

More information about the openssl-dev mailing list