As discussed on the list [0], MD4 is still being relied upon by the CIFS driver, even though successful attacks on MD4 are as old as Linux itself. So let's move the code into the CIFS driver, and remove it from the crypto API so that it is no longer exposed to other subsystems or to user space via AF_ALG. Note: this leaves the code in crypto/asymmetric_keys that is able to parse RSA+MD4 keys if an "md4" shash is available. Given that its Kconfig symbol does not select CRYPTO_MD4, it only has a runtime dependency on md4 and so we can either decide remove it later, or just let it fail on the missing MD4 shash as it would today if the module is not enabled. [0] https://lore.kernel.org/linux-cifs/YRXlwDBfQql36wJx@sol.localdomain/ Cc: Eric Biggers <ebiggers@xxxxxxxxxx> Cc: ronnie sahlberg <ronniesahlberg@xxxxxxxxx> Cc: linux-cifs <linux-cifs@xxxxxxxxxxxxxxx> Cc: Steve French <sfrench@xxxxxxxxx> Cc: David Howells <dhowells@xxxxxxxxxx> Cc: keyrings@xxxxxxxxxxxxxxx Ard Biesheuvel (2): fs/cifs: Incorporate obsolete MD4 crypto code crypto: md4 - Remove obsolete algorithm crypto/Kconfig | 6 - crypto/Makefile | 1 - crypto/md4.c | 241 -------------------- crypto/tcrypt.c | 14 +- crypto/testmgr.c | 6 - crypto/testmgr.h | 42 ---- fs/cifs/Kconfig | 1 - fs/cifs/cifsfs.c | 1 - fs/cifs/smbencrypt.c | 200 ++++++++++++++-- 9 files changed, 178 insertions(+), 334 deletions(-) delete mode 100644 crypto/md4.c -- 2.20.1