Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG

Next message: Mark Brown: "Missing signoff in the block tree"
Previous message: w15303746062: "[PATCH v3 0/2] misc: ibmasm: Fix out-of-bounds MMIO accesses"
Next in thread: Eric Biggers: "Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Bastien Nocera

Date: Tue Jun 23 2026 - 08:44:47 EST

Hey,

Replying to this older patch.

On Wed, 2026-04-29 at 18:15 -0700, Eric Biggers wrote:
<snip>
> This isn't intended to change anything overnight. After all, most Linux
> distros won't be able to disable the kconfig options quite yet, mainly
> because of iwd. But this should create a bit more impetus for these
> userspace programs to be fixed, and the documentation update should also
> help prevent more users from appearing.

There are 2 other users that I know of: bluez, and the ell library
(used by iwd and bluez).

>From what I could tell, bluetoothd uses AF_ALG for cryptography:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/src/shared/crypto.c
https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/tools/mesh-gatt/crypto.c

It uses "ecb(aes)" and "cmac(aes)" as algorithms.

Finally, it also uses them both again:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/mesh/crypto.c
through ell:
https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ell/cipher.c

Because that's a question that also came up, bluetoothd also uses the
CAP_NET_ADMIN capability.

I'll let Luiz and Marcel take it over from here.

Cheers