Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG

Next message: Scott Branden: "Re: misc: bcm-vk: unbounded entry_size overflows proc_mon entries[]"
Previous message: Fredric Cover: "[PATCH] smb/client: use %pe to print error pointer"
In reply to: Bastien Nocera: "Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG"
Next in thread: Linus Torvalds: "Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Tue Jun 23 2026 - 12:51:15 EST

On Tue, Jun 23, 2026 at 02:44:28PM +0200, Bastien Nocera wrote:
> Hey,
>
> Replying to this older patch.
>
> On Wed, 2026-04-29 at 18:15 -0700, Eric Biggers wrote:
> <snip>
> > This isn't intended to change anything overnight. After all, most Linux
> > distros won't be able to disable the kconfig options quite yet, mainly
> > because of iwd. But this should create a bit more impetus for these
> > userspace programs to be fixed, and the documentation update should also
> > help prevent more users from appearing.
>
> There are 2 other users that I know of: bluez, and the ell library
> (used by iwd and bluez).
>
> From what I could tell, bluetoothd uses AF_ALG for cryptography:
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/src/shared/crypto.c
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/tools/mesh-gatt/crypto.c
>
> It uses "ecb(aes)" and "cmac(aes)" as algorithms.
>
> Finally, it also uses them both again:
> https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/mesh/crypto.c
> through ell:
> https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ell/cipher.c
>
> Because that's a question that also came up, bluetoothd also uses the
> CAP_NET_ADMIN capability.
>
> I'll let Luiz and Marcel take it over from here.
>

We're aware of that and are taking it into account in the allowlist:
https://lore.kernel.org/linux-crypto/20260622234803.6982-1-ebiggers@xxxxxxxxxx/
If you have any feedback on the allowlist, please respond to that patch.

- Eric