Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG

Next message: &#x24B6;l&#xEF; P&#x262E;latel: "Re: [PATCH] crypto: af_alg - Remove zero-copy support from AF_ALG"
Previous message: Roman Vivchar via B4 Relay: "[PATCH 06/13] thermal: mediatek: add pmic thermal support"
In reply to: Jeff Barnes: "Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG"
Next in thread: Simo Sorce: "Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Mon May 04 2026 - 14:31:25 EST

On Mon, May 04, 2026 at 02:12:11PM -0400, Jeff Barnes wrote:
> A plain hash provides no protection against an attacker who can modify
> both the object and its reference hash.

Same with the HMAC, because in the FIPS integrity check the key isn't
secret. You can find the key used by the sha512hmac binary here:
https://github.com/smuellerDD/libkcapi/blob/master/apps/kcapi-hasher.c#L125

- Eric