Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG

From: Jon Kohler

Date: Mon May 04 2026 - 10:59:18 EST



> On Apr 29, 2026, at 9:15 PM, Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
>
> AF_ALG is almost completely unnecessary, and it exposes a massive attack
> surface that hasn't been standing up to modern vulnerability discovery
> tools. The latest one even has its own website, providing a small
> Python script that reliably roots most Linux distros: https://copy.fail/
>
> This isn't sustainable, especially as LLMs have accelerated the rate the
> vulnerabilities are coming in. The effort that is being put into this
> thing is vastly disproportional to the few programs that actually use
> it, and those programs would be better served by userspace code anyway.
>
> These issues have been noted in many mailing list discussions already.
> But until now they haven't been reflected in the documentation or
> kconfig menu itself, and the vulnerabilities are still coming in.
>
> Let's go ahead and document the deprecation.
>
> This isn't intended to change anything overnight. After all, most Linux
> distros won't be able to disable the kconfig options quite yet, mainly
> because of iwd. But this should create a bit more impetus for these
> userspace programs to be fixed, and the documentation update should also
> help prevent more users from appearing.
>
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> ---

Quick passing observation
I noticed that when attempting to completely disable these Crypto APIs,
I was experiencing boot failures with fips=1 enabled systems.

Using 6.18-based kernel with an el9-based user space, I see the
following hang in the early boot console from dracut-pre-pivot:
Check integrity of kernel
libkcapi - Error: AF_ALG: socket syscall failed (errno: -97)
Allocation of hmac(sha512) cipher failed (-97)

I haven't looked at every elX version, but at least in el9 and el10,
they use libkcapi-hmaccalc to provide sha512hmac, which dracut [1]
uses to calculate the HMAC value in do_fips().

Digging further, I was only able to disable RNG and AEAD APIs, but
not HASH and SKCIPHER APIs when FIPS was in the picture with el9++.

I’m not sure how other distros do the same, but this could be problematic
elsehwere if other distros went down the libkcapi route.

[1] https://github.com/dracutdevs/dracut/blob/059/modules.d/01fips/fips.sh#L167