From: Eric Biggers <ebiggers@kernel.org>
To: Milan Broz <gmazyland@gmail.com>,
cryptsetup development <cryptsetup@lists.linux.dev>
Cc: linux-crypto@vger.kernel.org, dm-devel@lists.linux.dev,
linux-kernel@vger.kernel.org,
Demi Marie Obenour <demiobenour@gmail.com>
Subject: AF_ALG algorithms required by cryptsetup
Date: Sun, 3 May 2026 22:24:00 -0700 [thread overview]
Message-ID: <20260504052400.GB2289@sol> (raw)
Hi Milan,
AF_ALG is going to have to go away eventually, due to its frequent
vulnerabilities which vastly outweigh its benefits. Userspace crypto
code can be, should be, and generally already is used instead.
In the meantime, AF_ALG will need to be hardened by reducing its attack
surface, for example by removing unneeded algorithms and/or adding a
privilege check.
I understand cryptsetup actually already links to a userspace crypto
library such as libcrypto or libgcrypt by default (more than one is
supported). However, it sometimes falls back to AF_ALG for certain
algorithms for password hashing or keyslot encryption. The default
settings don't seem to use it (indeed, I use LUKS on one of my systems
and AF_ALG isn't enabled in my kernel), but some non-default settings
seem to use it.
Is a reasonably definitive list of the algorithms cryptsetup needs from
AF_ALG available anywhere, so that an allowlist can be implemented on
the kernel side?
(It would need to be unioned with what iwd uses as well.)
Also, what are the biggest blockers to removing the AF_ALG dependency
from cryptsetup, in your view?
Finally, how well would a CAP_SYS_ADMIN or CAP_NET_ADMIN restriction
work for cryptsetup? IIUC, volume formatting and opening require root
anyway, and all the device-mapper ioctls already require CAP_SYS_ADMIN.
I know 'cryptsetup benchmark' would be affected, but that tends to be a
one-off manually-run thing, which people could add 'sudo' to.
- Eric
next reply other threads:[~2026-05-04 5:25 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-04 5:24 Eric Biggers [this message]
2026-05-04 6:08 ` AF_ALG algorithms required by cryptsetup Milan Broz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260504052400.GB2289@sol \
--to=ebiggers@kernel.org \
--cc=cryptsetup@lists.linux.dev \
--cc=demiobenour@gmail.com \
--cc=dm-devel@lists.linux.dev \
--cc=gmazyland@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox