* Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG [not found] <20260430011544.31823-1-ebiggers@kernel.org> @ 2026-06-23 12:44 ` Bastien Nocera 2026-06-23 16:49 ` Eric Biggers 0 siblings, 1 reply; 4+ messages in thread From: Bastien Nocera @ 2026-06-23 12:44 UTC (permalink / raw) To: Eric Biggers, linux-crypto, Herbert Xu, Marcel Holtmann, Luiz Augusto von Dentz Cc: linux-doc, linux-api, linux-kernel, netdev, Linus Torvalds, linux-bluetooth, ell Hey, Replying to this older patch. On Wed, 2026-04-29 at 18:15 -0700, Eric Biggers wrote: <snip> > This isn't intended to change anything overnight. After all, most Linux > distros won't be able to disable the kconfig options quite yet, mainly > because of iwd. But this should create a bit more impetus for these > userspace programs to be fixed, and the documentation update should also > help prevent more users from appearing. There are 2 other users that I know of: bluez, and the ell library (used by iwd and bluez). From what I could tell, bluetoothd uses AF_ALG for cryptography: https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/src/shared/crypto.c https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/tools/mesh-gatt/crypto.c It uses "ecb(aes)" and "cmac(aes)" as algorithms. Finally, it also uses them both again: https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/mesh/crypto.c through ell: https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ell/cipher.c Because that's a question that also came up, bluetoothd also uses the CAP_NET_ADMIN capability. I'll let Luiz and Marcel take it over from here. Cheers ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG 2026-06-23 12:44 ` [PATCH] crypto: af_alg - Document the deprecation of AF_ALG Bastien Nocera @ 2026-06-23 16:49 ` Eric Biggers 2026-06-23 18:56 ` Linus Torvalds 0 siblings, 1 reply; 4+ messages in thread From: Eric Biggers @ 2026-06-23 16:49 UTC (permalink / raw) To: Bastien Nocera Cc: linux-crypto, Herbert Xu, Marcel Holtmann, Luiz Augusto von Dentz, linux-doc, linux-api, linux-kernel, netdev, Linus Torvalds, linux-bluetooth, ell On Tue, Jun 23, 2026 at 02:44:28PM +0200, Bastien Nocera wrote: > Hey, > > Replying to this older patch. > > On Wed, 2026-04-29 at 18:15 -0700, Eric Biggers wrote: > <snip> > > This isn't intended to change anything overnight. After all, most Linux > > distros won't be able to disable the kconfig options quite yet, mainly > > because of iwd. But this should create a bit more impetus for these > > userspace programs to be fixed, and the documentation update should also > > help prevent more users from appearing. > > There are 2 other users that I know of: bluez, and the ell library > (used by iwd and bluez). > > From what I could tell, bluetoothd uses AF_ALG for cryptography: > https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/src/shared/crypto.c > https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/tools/mesh-gatt/crypto.c > > It uses "ecb(aes)" and "cmac(aes)" as algorithms. > > Finally, it also uses them both again: > https://git.kernel.org/pub/scm/bluetooth/bluez.git/tree/mesh/crypto.c > through ell: > https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ell/cipher.c > > Because that's a question that also came up, bluetoothd also uses the > CAP_NET_ADMIN capability. > > I'll let Luiz and Marcel take it over from here. > We're aware of that and are taking it into account in the allowlist: https://lore.kernel.org/linux-crypto/20260622234803.6982-1-ebiggers@kernel.org/ If you have any feedback on the allowlist, please respond to that patch. - Eric ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG 2026-06-23 16:49 ` Eric Biggers @ 2026-06-23 18:56 ` Linus Torvalds 2026-06-23 19:19 ` Eric Biggers 0 siblings, 1 reply; 4+ messages in thread From: Linus Torvalds @ 2026-06-23 18:56 UTC (permalink / raw) To: Eric Biggers Cc: Bastien Nocera, linux-crypto, Herbert Xu, Marcel Holtmann, Luiz Augusto von Dentz, linux-doc, linux-api, linux-kernel, netdev, linux-bluetooth, ell On Tue, 23 Jun 2026 at 09:51, Eric Biggers <ebiggers@kernel.org> wrote: > > We're aware of that and are taking it into account in the allowlist: Note that if we can just unconditionally make it depend on CAP_NET_ADMIN, that would be good - independently of any allowlist. Because if iwd and abluetoothd are the main two users, and both of those already require CAP_NET_ADMIN anyway... Linus ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG 2026-06-23 18:56 ` Linus Torvalds @ 2026-06-23 19:19 ` Eric Biggers 0 siblings, 0 replies; 4+ messages in thread From: Eric Biggers @ 2026-06-23 19:19 UTC (permalink / raw) To: Linus Torvalds Cc: Bastien Nocera, linux-crypto, Herbert Xu, Marcel Holtmann, Luiz Augusto von Dentz, linux-doc, linux-api, linux-kernel, netdev, linux-bluetooth, ell On Tue, Jun 23, 2026 at 11:56:10AM -0700, Linus Torvalds wrote: > On Tue, 23 Jun 2026 at 09:51, Eric Biggers <ebiggers@kernel.org> wrote: > > > > We're aware of that and are taking it into account in the allowlist: > > Note that if we can just unconditionally make it depend on > CAP_NET_ADMIN, that would be good - independently of any allowlist. > > Because if iwd and abluetoothd are the main two users, and both of > those already require CAP_NET_ADMIN anyway... There's also cryptsetup, including unprivileged benchmarking and also (in theory) formatting support, and pre-7.0 versions of iproute2 which used it for computing SHA-1 hashes of BPF programs. If we broke unprivileged 'cryptsetup benchmark', some people would definitely notice. However, since it's just a manually-run benchmark anyway, users could just run it with sudo. I don't know about the iproute2 case. It depends how aggressive we want to be. My current proposal (https://lore.kernel.org/linux-crypto/20260622234803.6982-1-ebiggers@kernel.org/) has the entries in the allowlist marked as either privileged or unprivileged. There are just a few unprivileged ones, for cryptsetup and iproute2 as mentioned. But we could try doing away with the unprivileged ones entirely and see who complains. - Eric ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-06-23 19:19 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20260430011544.31823-1-ebiggers@kernel.org>
2026-06-23 12:44 ` [PATCH] crypto: af_alg - Document the deprecation of AF_ALG Bastien Nocera
2026-06-23 16:49 ` Eric Biggers
2026-06-23 18:56 ` Linus Torvalds
2026-06-23 19:19 ` Eric Biggers
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox