From: Jeff Barnes <jeffbarnes@linux.microsoft.com>
To: Eric Biggers <ebiggers@kernel.org>
Cc: "Jon Kohler" <jon@nutanix.com>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"Herbert Xu" <herbert@gondor.apana.org.au>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"Linus Torvalds" <torvalds@linux-foundation.org>
Subject: Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG
Date: Mon, 4 May 2026 14:12:11 -0400 [thread overview]
Message-ID: <F100C726-F841-461B-BE2F-C2018C122426@getmailspring.com> (raw)
In-Reply-To: <20260504173952.GA2291@sol>
On May 4 2026, at 1:39 pm, Eric Biggers <ebiggers@kernel.org> wrote:
>
> That seems to be an implementation of FIPS 140-3's integrity self-check.
> A few observations:
>
> - It could easily use userspace SHA-512 code instead. If including
> libcrypto.so in the "FIPS cryptographic boundary" would cause
> certification difficulties, then a sha512.c file could simply be added
> to 'libkcapi-hmaccalc' which is already in it.
Indeed expanding the crypto boundary to include libcrypto.so would cause
certification difficulties, it would mean certifying all of libcrypto.so
with the kernel. There *may* be a case for saying that it is outside the
module boundary but only if:
* The integrity mechanism is clearly external
* The cryptographic module refuses to operate unless integrity is confirmed
* The trust relationship is clearly documented
I don't see how this could be justified cleanly without significant pushback.
>
> - It's compatible with all of the proposed hardening. It doesn't
> require zero-copy performance. It runs as root, so it would be
> compatible with a capability check. "hmac(sha512)" will need to be on
> the algorithm allowlist anyway for iwd.
>
> - FIPS 140-3 might also allow it to be simplified to use a plain hash
> instead of pointlessly using HMAC with a fixed key.
FIPS 140‑3 (via ISO/IEC 19790) draws a hard distinction between:
* Integrity checking (cryptographic protection)
* Integrity measurement (detection only)
A plain hash provides no protection against an attacker who can modify
both the object and its reference hash.
>
> By the way, also on the topic of FIPS 140-3, some people do use AF_ALG
> for ACVP (even though it's not all that great for that purpose, either).
> But ACVP is a testing thing, not something that is needed on production
> systems. ACVP can just be run as root on a testing build; there's no
> need to enable support for it in the actual production build.
Agreed it's not a good use case. Unless/until pkcs1 is supported, I
don't see how you can use it for all of the test cases. Plus as
evidenced by Ubuntu's new cert, it requires validating the library.
>
> - Eric
>
next prev parent reply other threads:[~2026-05-04 18:12 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-30 1:15 [PATCH] crypto: af_alg - Document the deprecation of AF_ALG Eric Biggers
2026-04-30 2:05 ` Herbert Xu
2026-04-30 2:10 ` Eric Biggers
2026-05-04 14:39 ` Jon Kohler
2026-05-04 17:39 ` Eric Biggers
2026-05-04 18:12 ` Jeff Barnes [this message]
2026-05-04 18:24 ` Eric Biggers
2026-05-04 18:27 ` Simo Sorce
2026-05-04 17:41 ` Jeff Barnes
2026-05-05 9:31 ` Herbert Xu
2026-05-05 23:17 ` Andy Lutomirski
2026-05-06 0:17 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=F100C726-F841-461B-BE2F-C2018C122426@getmailspring.com \
--to=jeffbarnes@linux.microsoft.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=jon@nutanix.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox