Re: [PATCH ipsec-next] xfrm: Drop support for HMAC-RIPEMD-160

Next message: illusion.wang: "[PATCH v11 net-next 00/11] nbl driver for Nebulamatrix NICs"
Previous message: Lorenzo Bianconi: "Re: [PATCH mt76] wifi: mt76: mt76x2u: Add support for ELECOM WDC-867SU3S"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Steffen Klassert

Date: Wed Apr 08 2026 - 05:37:41 EST

On Sat, Apr 04, 2026 at 06:15:13PM -0700, Eric Biggers wrote:
> Drop support for HMAC-RIPEMD-160 from IPsec to reduce the UAPI surface
> and simplify future maintenance. It's almost certainly unused.
>
> RIPEMD-160 received some attention in the early 2000s when SHA-* weren't
> quite as well established. But it never received much adoption outside
> of certain niches such as Bitcoin.
>
> It's actually unclear that Linux + IPsec + HMAC-RIPEMD-160 has *ever*
> been used, even historically. When support for it was added in 2003, it
> was done so in a "cleanup" commit without any justification [1]. It
> didn't actually work until someone happened to fix it 5 years later [2].
> That person didn't use or test it either [3]. Finally, also note that
> "hmac(rmd160)" is by far the slowest of the algorithms in aalg_list[].
>
> Of course, today IPsec is usually used with an AEAD, such as AES-GCM.
> But even for IPsec users still using a dedicated auth algorithm, they
> almost certainly aren't using, and shouldn't use, HMAC-RIPEMD-160.
>
> Thus, let's just drop support for it. Note: no kconfig update is
> needed, since CRYPTO_RMD160 wasn't actually being selected anyway.
>
> References:
> [1] linux-history commit d462985fc1941a47
> ("[IPSEC]: Clean up key manager algorithm handling.")
> [2] linux commit a13366c632132bb9
> ("xfrm: xfrm_algo: correct usage of RIPEMD-160")
> [3] https://lore.kernel.org/all/1212340578-15574-1-git-send-email-rueegsegger@xxxxxxxxxxx
>
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>

Applied, thanks a lot Eric!