Re: [PATCH v2] lib/crypto: powerpc/md5: Drop powerpc optimized MD5 code

[Eric Biggers]

On Tue, May 05, 2026 at 08:00:05PM -0700, Eric Biggers wrote:
> MD5 is obsolete, is vulnerable to collision attacks, and is being
> replaced by SHA-256 in new systems.  It doesn't make sense to continue
> to maintain architecture-optimized implementations of MD5.  Effort
> should be spent on modern algorithms.
> 
> Indeed, architecture-optimized MD5 code remains only for powerpc.  It
> was already removed from mips and sparc, and it never existed for any
> other architecture (e.g. x86, arm, or arm64) in the first place.
> Earlier the decision was made to keep the powerpc MD5 code for a while
> anyway because of someone using it via AF_ALG via libkcapi-hasher
> (https://lore.kernel.org/r/f0d771d5-ed70-444c-957a-ad4c16f6c115@xxxxxxxxxx/)
> 
> However, with AF_ALG itself now being on its way out due to its
> continuous stream of security vulnerabilities
> (https://lore.kernel.org/r/20260430011544.31823-1-ebiggers@xxxxxxxxxx/),
> it's also time to be a bit more forceful with nudging people towards
> userspace crypto code.  It's always been the better solution anyway, and
> it's much more efficient if properly optimized code is used.
> 
> Note that the md5-asm.S file contains no privileged instructions and
> could be run in userspace just fine.
> 
> Thus, we now have two factors going against keeping the powerpc MD5
> code.  Different people might weigh these two factors differently, but I
> think the two of them together make the removal the clear choice.
> 
> Let's remove it.
> 
> Acked-by: Christophe Leroy (CS GROUP) <chleroy@xxxxxxxxxx>
> Acked-by: Ard Biesheuvel <ardb@xxxxxxxxxx>
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> ---
> 
> This patch is intended to be taken via libcrypto-next

Applied to https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-next

- Eric