Deprecate/remove legacy symmetric algorithms #6809
Labels
Milestone
Comments
jonmason
pushed a commit
to jonmason/meta-arm
that referenced
this issue
Jan 27, 2022
imgtool from mcuboot uses python3-cryptography-native, and the latest python3-cryptography explicitly loads the legacy provider, which is a separate shared object in OpenSSL 3. The search path for providers is hard-coded into the library so the wrong path is searched and the module is not found. Set OPENSSL_MODULES so the right path, so that the legacy module is found. In the future we may be able to be removed this if the explict use of legacy algorithms is removed (pyca/cryptography#6809). This also means we can remove the downgrades of python3-crytography that were being carried in meta-arm. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Jon Mason <jon.mason@arm.com>
alex
added a commit
to alex/cryptography
that referenced
this issue
Mar 2, 2022
alex
added a commit
to alex/cryptography
that referenced
this issue
Mar 2, 2022
alex
added a commit
to alex/cryptography
that referenced
this issue
Mar 2, 2022
alex
added a commit
to alex/cryptography
that referenced
this issue
Mar 2, 2022
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
cryptographyships numerous legacy symmetric algorithms that, anecdotally, have very low use. These algorithms have a variety of security drawbacks when compared to more modern equivalents (namely AES or ChaCha20) and generally shouldn't be used. We plan to deprecate them on a long cycle such that users have a chance to speak up if they have a use case that we should consider.The algorithms we'd like to deprecate and remove are:
3DES and ARC4 are also legacy (and ARC4 has serious security issues), but their common use in many scenarios means they will not be deprecated.
The text was updated successfully, but these errors were encountered: