On 5/4/26 7:24 AM, Eric Biggers wrote:
Hi Milan,
AF_ALG is going to have to go away eventually, due to its frequent
vulnerabilities which vastly outweigh its benefits. Userspace crypto
code can be, should be, and generally already is used instead.
Heh, I just send reply to the thread on security list. I know about this.
(It is probably waiting for moderation, cannot find link to paste here yet.)
In general, it is more complicated and need some time, but it can be done.
Is a reasonably definitive list of the algorithms cryptsetup needs from
AF_ALG available anywhere, so that an allowlist can be implemented on
the kernel side?
For Veracrypt support, it would be easy to create list.
But maybe we can do it differently completely without AF_ALG.
(It would need to be unioned with what iwd uses as well.)
Also, what are the biggest blockers to removing the AF_ALG dependency
from cryptsetup, in your view?
Finally, how well would a CAP_SYS_ADMIN or CAP_NET_ADMIN restriction
work for cryptsetup? IIUC, volume formatting and opening require root
anyway, and all the device-mapper ioctls already require CAP_SYS_ADMIN.
I know 'cryptsetup benchmark' would be affected, but that tends to be a
one-off manually-run thing, which people could add 'sudo' to.
Formatting does not require root, basically only device-mapper interaction
requires it now.
LUKS should be completely OK without AF_ALG (it calls userspace backend),
it is about other formats.
I'll reply later.
Milan
