MD5 is obsolete.  Continuing to maintain architecture-optimized
implementations of MD5 is unnecessary and risky.  It diverts resources
from the modern algorithms that are actually important.

While there was demand for continuing to maintain the PowerPC optimized
MD5 code to accommodate userspace programs that are misusing AF_ALG
(https://lore.kernel.org/linux-crypto/c4191597-341d-4fd7-bc3d-13daf7666c41@csgroup.eu/),
no such demand has been seen for the SPARC optimized MD5 code.

Thus, let's drop it and focus effort on the more modern SHA algorithms,
which already have optimized code for SPARC.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---

This patch is targeting libcrypto-next

 lib/crypto/Kconfig         |  1 -
 lib/crypto/Makefile        |  1 -
 lib/crypto/sparc/md5.h     | 48 --------------------------
 lib/crypto/sparc/md5_asm.S | 70 --------------------------------------
 4 files changed, 120 deletions(-)
 delete mode 100644 lib/crypto/sparc/md5.h
 delete mode 100644 lib/crypto/sparc/md5_asm.S

diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig
index 4b6f593dc72f..a5246171a000 100644
--- a/lib/crypto/Kconfig
+++ b/lib/crypto/Kconfig
@@ -134,11 +134,10 @@ config CRYPTO_LIB_MD5
 config CRYPTO_LIB_MD5_ARCH
 	bool
 	depends on CRYPTO_LIB_MD5 && !UML
 	default y if MIPS && CPU_CAVIUM_OCTEON
 	default y if PPC
-	default y if SPARC64
 
 config CRYPTO_LIB_MLDSA
 	tristate
 	select CRYPTO_LIB_SHA3
 	help
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile
index ec1747f51d07..4b47a2e5c67c 100644
--- a/lib/crypto/Makefile
+++ b/lib/crypto/Makefile
@@ -186,11 +186,10 @@ clean-files += powerpc/ghashp8-ppc.S
 obj-$(CONFIG_CRYPTO_LIB_MD5) += libmd5.o
 libmd5-y := md5.o
 ifeq ($(CONFIG_CRYPTO_LIB_MD5_ARCH),y)
 CFLAGS_md5.o += -I$(src)/$(SRCARCH)
 libmd5-$(CONFIG_PPC) += powerpc/md5-asm.o
-libmd5-$(CONFIG_SPARC) += sparc/md5_asm.o
 endif # CONFIG_CRYPTO_LIB_MD5_ARCH
 
 ################################################################################
 
 obj-$(CONFIG_CRYPTO_LIB_MLDSA) += libmldsa.o
diff --git a/lib/crypto/sparc/md5.h b/lib/crypto/sparc/md5.h
deleted file mode 100644
index 3995f3e075eb..000000000000
--- a/lib/crypto/sparc/md5.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-only */
-/*
- * MD5 accelerated using the sparc64 crypto opcodes
- *
- * Copyright (c) Alan Smithee.
- * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
- * Copyright (c) Jean-Francois Dive <jef@linuxbe.org>
- * Copyright (c) Mathias Krause <minipli@googlemail.com>
- * Copyright (c) Cryptoapi developers.
- * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
- */
-
-#include <asm/elf.h>
-#include <asm/opcodes.h>
-#include <asm/pstate.h>
-
-static __ro_after_init DEFINE_STATIC_KEY_FALSE(have_md5_opcodes);
-
-asmlinkage void md5_sparc64_transform(struct md5_block_state *state,
-				      const u8 *data, size_t nblocks);
-
-static void md5_blocks(struct md5_block_state *state,
-		       const u8 *data, size_t nblocks)
-{
-	if (static_branch_likely(&have_md5_opcodes)) {
-		cpu_to_le32_array(state->h, ARRAY_SIZE(state->h));
-		md5_sparc64_transform(state, data, nblocks);
-		le32_to_cpu_array(state->h, ARRAY_SIZE(state->h));
-	} else {
-		md5_blocks_generic(state, data, nblocks);
-	}
-}
-
-#define md5_mod_init_arch md5_mod_init_arch
-static void md5_mod_init_arch(void)
-{
-	unsigned long cfr;
-
-	if (!(sparc64_elf_hwcap & HWCAP_SPARC_CRYPTO))
-		return;
-
-	__asm__ __volatile__("rd %%asr26, %0" : "=r" (cfr));
-	if (!(cfr & CFR_MD5))
-		return;
-
-	static_branch_enable(&have_md5_opcodes);
-	pr_info("Using sparc64 md5 opcode optimized MD5 implementation\n");
-}
diff --git a/lib/crypto/sparc/md5_asm.S b/lib/crypto/sparc/md5_asm.S
deleted file mode 100644
index 60b544e4d205..000000000000
--- a/lib/crypto/sparc/md5_asm.S
+++ /dev/null
@@ -1,70 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 */
-#include <linux/linkage.h>
-#include <asm/opcodes.h>
-#include <asm/visasm.h>
-
-ENTRY(md5_sparc64_transform)
-	/* %o0 = digest, %o1 = data, %o2 = rounds */
-	VISEntryHalf
-	ld	[%o0 + 0x00], %f0
-	ld	[%o0 + 0x04], %f1
-	andcc	%o1, 0x7, %g0
-	ld	[%o0 + 0x08], %f2
-	bne,pn	%xcc, 10f
-	 ld	[%o0 + 0x0c], %f3
-
-1:
-	ldd	[%o1 + 0x00], %f8
-	ldd	[%o1 + 0x08], %f10
-	ldd	[%o1 + 0x10], %f12
-	ldd	[%o1 + 0x18], %f14
-	ldd	[%o1 + 0x20], %f16
-	ldd	[%o1 + 0x28], %f18
-	ldd	[%o1 + 0x30], %f20
-	ldd	[%o1 + 0x38], %f22
-
-	MD5
-
-	subcc	%o2, 1, %o2
-	bne,pt	%xcc, 1b
-	 add	%o1, 0x40, %o1
-
-5:
-	st	%f0, [%o0 + 0x00]
-	st	%f1, [%o0 + 0x04]
-	st	%f2, [%o0 + 0x08]
-	st	%f3, [%o0 + 0x0c]
-	retl
-	 VISExitHalf
-10:
-	alignaddr %o1, %g0, %o1
-
-	ldd	[%o1 + 0x00], %f10
-1:
-	ldd	[%o1 + 0x08], %f12
-	ldd	[%o1 + 0x10], %f14
-	ldd	[%o1 + 0x18], %f16
-	ldd	[%o1 + 0x20], %f18
-	ldd	[%o1 + 0x28], %f20
-	ldd	[%o1 + 0x30], %f22
-	ldd	[%o1 + 0x38], %f24
-	ldd	[%o1 + 0x40], %f26
-
-	faligndata %f10, %f12, %f8
-	faligndata %f12, %f14, %f10
-	faligndata %f14, %f16, %f12
-	faligndata %f16, %f18, %f14
-	faligndata %f18, %f20, %f16
-	faligndata %f20, %f22, %f18
-	faligndata %f22, %f24, %f20
-	faligndata %f24, %f26, %f22
-
-	MD5
-
-	subcc	%o2, 1, %o2
-	fsrc2	%f26, %f10
-	bne,pt	%xcc, 1b
-	 add	%o1, 0x40, %o1
-
-	ba,a,pt	%xcc, 5b
-ENDPROC(md5_sparc64_transform)

base-commit: 7ac21b4032e5b9b8a6a312b6f1d54f4ba24d1c16
-- 
2.53.0

On Thu, Mar 26, 2026 at 01:33:41PM -0700, Eric Biggers wrote:
> MD5 is obsolete.  Continuing to maintain architecture-optimized
> implementations of MD5 is unnecessary and risky.  It diverts resources
> from the modern algorithms that are actually important.
> 
> While there was demand for continuing to maintain the PowerPC optimized
> MD5 code to accommodate userspace programs that are misusing AF_ALG
> (https://lore.kernel.org/linux-crypto/c4191597-341d-4fd7-bc3d-13daf7666c41@csgroup.eu/),
> no such demand has been seen for the SPARC optimized MD5 code.
> 
> Thus, let's drop it and focus effort on the more modern SHA algorithms,
> which already have optimized code for SPARC.
> 
> Signed-off-by: Eric Biggers <ebiggers@kernel.org>
> ---
> 
> This patch is targeting libcrypto-next

Applied to https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-next

- Eric

On Thu, 2026-03-26 at 13:33 -0700, Eric Biggers wrote:
> MD5 is obsolete.  Continuing to maintain architecture-optimized
> implementations of MD5 is unnecessary and risky.  It diverts resources
> from the modern algorithms that are actually important.

Why is it risky? That makes no sense. I also don't see how it diverts
resources as no one is forced to work on the code.

SPARC is an architecture used by hobbyists and in space these days (in
the form of Leon). I don't think any other kernel developer will have
to take a look at it.

Adrian

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer
`. `'   Physicist
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

On Thu, Mar 26, 2026 at 10:51:01PM +0100, John Paul Adrian Glaubitz wrote:
> On Thu, 2026-03-26 at 13:33 -0700, Eric Biggers wrote:
> > MD5 is obsolete.  Continuing to maintain architecture-optimized
> > implementations of MD5 is unnecessary and risky.  It diverts resources
> > from the modern algorithms that are actually important.
> 
> Why is it risky? That makes no sense.

Because there can be issues in architecture-optimized algorithm
implementations that don't exist in the generic implementations.  That's
a very common class of issue that has repeated over time.

> I also don't see how it diverts resources as no one is forced to work
> on the code.
> 
> SPARC is an architecture used by hobbyists and in space these days (in
> the form of Leon). I don't think any other kernel developer will have
> to take a look at it.

Huh?  We've been refactoring how the various crypto and CRC algorithms
are integrated, for all architectures.

So people outside the SPARC community, especially myself, been having to
spend quite a bit of time updating the SPARC code so that it can still
be used.

And this isn't new.  I've had to patch arch/sparc/crypto/ many times
over the years as things change in the crypto subsystem.  Many other
people, again outside the SPARC community, have as well.

The fact that you're denying that we've had to do this is really
frustrating.  There is a significant maintenance cost to keeping this
code working, which is being paid by people outside the SPARC community.

It seems best to at least focus that effort on modern algorithms like
AES and SHA-256, and not obsolete ones like MD5 and DES.  Note that
dropping those eliminates the need to add them to QEMU, as well.

I think that makes things easier for everyone.

- Eric

On Thu, Mar 26, 2026 at 04:02:32PM -0700, Eric Biggers wrote:
> On Thu, Mar 26, 2026 at 10:51:01PM +0100, John Paul Adrian Glaubitz wrote:
> > On Thu, 2026-03-26 at 13:33 -0700, Eric Biggers wrote:
> > > MD5 is obsolete.  Continuing to maintain architecture-optimized
> > > implementations of MD5 is unnecessary and risky.  It diverts resources
> > > from the modern algorithms that are actually important.
> > 
> > Why is it risky? That makes no sense.
> 
> Because there can be issues in architecture-optimized algorithm
> implementations that don't exist in the generic implementations.  That's
> a very common class of issue that has repeated over time.
> 
> > I also don't see how it diverts resources as no one is forced to work
> > on the code.
> > 
> > SPARC is an architecture used by hobbyists and in space these days (in
> > the form of Leon). I don't think any other kernel developer will have
> > to take a look at it.
> 
> Huh?  We've been refactoring how the various crypto and CRC algorithms
> are integrated, for all architectures.
> 
> So people outside the SPARC community, especially myself, been having to
> spend quite a bit of time updating the SPARC code so that it can still
> be used.
> 
> And this isn't new.  I've had to patch arch/sparc/crypto/ many times
> over the years as things change in the crypto subsystem.  Many other
> people, again outside the SPARC community, have as well.
> 
> The fact that you're denying that we've had to do this is really
> frustrating.  There is a significant maintenance cost to keeping this
> code working, which is being paid by people outside the SPARC community.
> 
> It seems best to at least focus that effort on modern algorithms like
> AES and SHA-256, and not obsolete ones like MD5 and DES.  Note that
> dropping those eliminates the need to add them to QEMU, as well.
> 
> I think that makes things easier for everyone.

Let me know if you're aware of a real user that needs the obsolete MD5
algorithm to be accelerated for SPARC in the kernel.

Otherwise, I suggest we proceed with this patch, as this objection seems
to based only on principles and misunderstandings.

I think our interests are aligned, actually: we both want Linux to work
reliably on SPARC.

- Eric

On Fri, 27 Mar 2026, at 21:14, Eric Biggers wrote:
> On Thu, Mar 26, 2026 at 04:02:32PM -0700, Eric Biggers wrote:
>> On Thu, Mar 26, 2026 at 10:51:01PM +0100, John Paul Adrian Glaubitz wrote:
>> > On Thu, 2026-03-26 at 13:33 -0700, Eric Biggers wrote:
>> > > MD5 is obsolete.  Continuing to maintain architecture-optimized
>> > > implementations of MD5 is unnecessary and risky.  It diverts resources
>> > > from the modern algorithms that are actually important.
>> > 
>> > Why is it risky? That makes no sense.
>> 
>> Because there can be issues in architecture-optimized algorithm
>> implementations that don't exist in the generic implementations.  That's
>> a very common class of issue that has repeated over time.
>> 
>> > I also don't see how it diverts resources as no one is forced to work
>> > on the code.
>> > 
>> > SPARC is an architecture used by hobbyists and in space these days (in
>> > the form of Leon). I don't think any other kernel developer will have
>> > to take a look at it.
>> 
>> Huh?  We've been refactoring how the various crypto and CRC algorithms
>> are integrated, for all architectures.
>> 
>> So people outside the SPARC community, especially myself, been having to
>> spend quite a bit of time updating the SPARC code so that it can still
>> be used.
>> 
>> And this isn't new.  I've had to patch arch/sparc/crypto/ many times
>> over the years as things change in the crypto subsystem.  Many other
>> people, again outside the SPARC community, have as well.
>> 
>> The fact that you're denying that we've had to do this is really
>> frustrating.  There is a significant maintenance cost to keeping this
>> code working, which is being paid by people outside the SPARC community.
>> 
>> It seems best to at least focus that effort on modern algorithms like
>> AES and SHA-256, and not obsolete ones like MD5 and DES.  Note that
>> dropping those eliminates the need to add them to QEMU, as well.
>> 
>> I think that makes things easier for everyone.
>
> Let me know if you're aware of a real user that needs the obsolete MD5
> algorithm to be accelerated for SPARC in the kernel.
>
> Otherwise, I suggest we proceed with this patch, as this objection seems
> to based only on principles and misunderstandings.
>

Agreed. I do sympathise with the hobbyists, (and with the astronauts, for that matter), but the mainline kernel is not a museum. If someone has a desire to run obsolete code on an obsolete architecture, they are more than welcome to do so. But demanding that the rest of the world spends time on this is unreasonable, especially given that few people have access to the hardware.

The upshot of that is that the burden falls on the maintainers to chase bot reports and other reported regressions on obsolete architectures, and doing so for code such as MD5 which is entirely obsolete itself is just busywork.

Acked-by: Ard Biesheuvel <ardb@kernel.org>