Complete list of AF_ALG algorithms used by iwd

Next message: Luna Jernberg: "Re: Linux 7.1-rc2"
Previous message: Louis Kotze: "[PATCH 4/4] wifi: rtw89: advertise EHT OM Control for 8922a per WFA cert"
Next in thread: James Prestwood: "Re: Complete list of AF_ALG algorithms used by iwd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Mon May 04 2026 - 00:51:48 EST

With AF_ALG being on its way out due to its frequent vulnerabilities,
iwd will need to be fixed to follow the standard practice of using
userspace crypto code (for example, libcrypto) instead. In the mean
time, AF_ALG is at least going to need to be hardened by removing
unnecessary functionality, for example unnecessary algorithms.

Based on the iwd and libell source code, it appears iwd is relying on
the following algorithm names from AF_ALG. Please confirm that this
list is correct and that these are the ones we need to keep for iwd:

cmac(aes)
hmac(md5)
hmac(sha1)
hmac(sha224)
hmac(sha256)
hmac(sha384)
hmac(sha512)
md4
md5
sha1
sha224
sha256
sha384
sha512
ecb(aes)
cbc(aes)
ctr(aes)
ecb(des)
cbc(des)
cbc(des3_ede)

Also, does iwd always hold CAP_NET_ADMIN? We're also considering adding
a privilege check to AF_ALG. (It's TBD whether it would be
unconditional or controlled by a sysctl.)

- Eric