On 7/5/26 8:44 PM, Eric Biggers wrote:
Add "xts(camellia)", "xts(serpent)", and "xts(twofish)" to the allowlist
for af_alg_restrict=1.  These niche AES alternatives have continued to
see rare but persistent use via cryptsetup, which has historically
relied on the AF_ALG support for these ciphers in XTS mode for
performing the keyslot encryption.  (cryptsetup v2.8.7 and later fall
back to a temporary dm-crypt mapping, but that requires root.)

Signed-off-by: Eric Biggers <[email protected]>
---
  crypto/algif_skcipher.c | 3 +++
  1 file changed, 3 insertions(+)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 2b8069667974..49ae779b3b6b 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -45,6 +45,9 @@ static const struct af_alg_allowlist_entry 
skcipher_allowlist[] = {
        { "ecb(des)", true }, /* iwd */
        { "hctr2(aes)", false }, /* cryptsetup */
        { "xts(aes)", false }, /* cryptsetup benchmark */
+       { "xts(camellia)", false }, /* cryptsetup */
+       { "xts(serpent)", false }, /* cryptsetup */
+       { "xts(twofish)", false }, /* cryptsetup */
        {},

Well, if we are going this way, I would also add Aria and SM4 (currently usable 
only in cryptsetup main branch).

Milan

p.s.
There is another user of AF_ALG hash, hardlink in util-linux, see
https://github.com/util-linux/util-linux/blob/master/lib/fileeq.c


Reply via email to