- Package:
- src:util-linux
- Source:
- src:util-linux
- Submitter:
- Chris Hofstädtler
- Date:
- 2026-05-06 11:37:03 UTC
- Severity:
- normal
- Tags:
Hi, people claim that the crypto API is a source of security issues when (mis-)used by user space. LWN commenters on the recent algif_aead issue have some more notes: https://lwn.net/Articles/1070682/ partial quotes: https://lwn.net/Articles/1070960/ So it appears there are some tradeoffs to be made. Please take a look and consider turning the crypto user api off. Best, Chris PS: For src:util-linux, a quick look suggests we can easily stop using the kernels crypto API.
Hi, That will be up for further discussion in the kernel-team meeting. I wonder if we already can do that. There was the following follup as well from Eric: https://www.openwall.com/lists/oss-security/2026/05/06/5 Will iwd still work if we disable i now? Regards, Salvatore
Control: clone -1 -2 Control: reassign -2 src:util-linux Control: retitle -2 util-linux: drop AF_ALG support Control: forwarded -2 https://github.com/util-linux/util-linux/issues/4329 [..] Thanks, that is indeed useful commentary. Needs to be seen, I think. For u-l I've asked upstream to drop the AF_ALG stuff, as it seems completely non-critical. Best, Chris