#1135834 util-linux: drop AF_ALG support

Package:
src:util-linux
Source:
src:util-linux
Submitter:
Chris Hofstädtler
Date:
2026-05-06 11:37:03 UTC
Severity:
normal
Tags:
#1135834#5
Date:
2026-05-05 09:20:17 UTC
From:
To:
Hi,

people claim that the crypto API is a source of security issues when
(mis-)used by user space. LWN commenters on the recent algif_aead
issue have some more notes:

https://lwn.net/Articles/1070682/

partial quotes:

https://lwn.net/Articles/1070960/
So it appears there are some tradeoffs to be made. Please take a
look and consider turning the crypto user api off.

Best,
Chris

PS: For src:util-linux, a quick look suggests we can easily stop
using the kernels crypto API.

#1135834#10
Date:
2026-05-06 06:22:26 UTC
From:
To:
Hi,

That will be up for further discussion in the kernel-team meeting. I
wonder if we already can do that. There was the following follup as
well from Eric:
https://www.openwall.com/lists/oss-security/2026/05/06/5

Will iwd still work if we disable i now?

Regards,
Salvatore

#1135834#17
Date:
2026-05-06 11:35:34 UTC
From:
To:
Control: clone -1 -2
Control: reassign -2 src:util-linux
Control: retitle -2 util-linux: drop AF_ALG support
Control: forwarded -2 https://github.com/util-linux/util-linux/issues/4329
[..]

Thanks, that is indeed useful commentary.

Needs to be seen, I think.

For u-l I've asked upstream to drop the AF_ALG stuff, as it seems
completely non-critical.

Best,
Chris