aboutsummaryrefslogtreecommitdiffstats
path: root/crypto
diff options
authorEric Biggers <ebiggers@kernel.org>2026-04-29 18:15:44 -0700
committerHerbert Xu <herbert@gondor.apana.org.au>2026-05-07 16:10:03 +0800
commita67afb1884ba815079bd43d5c998e155e03b08b6 (patch)
tree5f7e1d7319dafa8dd9fc166adccdee4a5aa5ce64 /crypto
parentea5e57cc97185329dcc5ebdcaae7e1500bf0ad0b (diff)
downloadath-a67afb1884ba815079bd43d5c998e155e03b08b6.tar.gz
crypto: af_alg - Document the deprecation of AF_ALG
AF_ALG is almost completely unnecessary, and it exposes a massive attack surface that hasn't been standing up to modern vulnerability discovery tools. The latest one even has its own website, providing a small Python script that reliably roots most Linux distros: https://copy.fail/ This isn't sustainable, especially as LLMs have accelerated the rate the vulnerabilities are coming in. The effort that is being put into this thing is vastly disproportional to the few programs that actually use it, and those programs would be better served by userspace code anyway. These issues have been noted in many mailing list discussions already. But until now they haven't been reflected in the documentation or kconfig menu itself, and the vulnerabilities are still coming in. Let's go ahead and document the deprecation. This isn't intended to change anything overnight. After all, most Linux distros won't be able to disable the kconfig options quite yet, mainly because of iwd. But this should create a bit more impetus for these userspace programs to be fixed, and the documentation update should also help prevent more users from appearing. Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/Kconfig69
1 files changed, 51 insertions, 18 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 608b2c739193f..00b7ce4227ae1 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1252,44 +1252,68 @@ config CRYPTO_DF80090A
select CRYPTO_CTR
endmenu
-menu "Userspace interface"
+menu "Userspace interface (deprecated)"
config CRYPTO_USER_API
tristate
config CRYPTO_USER_API_HASH
- tristate "Hash algorithms"
+ tristate "Hash algorithms (deprecated)"
depends on NET
select CRYPTO_HASH
select CRYPTO_USER_API
help
- Enable the userspace interface for hash algorithms.
+ Enable the AF_ALG userspace interface for hash algorithms. This
+ provides unprivileged userspace programs access to arbitrary hash
+ algorithms implemented in the kernel's privileged execution context.
- See Documentation/crypto/userspace-if.rst and
- https://www.chronox.de/libkcapi/html/index.html
+ This interface is deprecated and is supported only for backwards
+ compatibility. It regularly has vulnerabilities, and the capabilities
+ it provides are redundant with userspace crypto libraries.
+
+ Enable this only if needed for support for a program that hasn't yet
+ been converted to userspace crypto, for example iwd.
+
+ See also Documentation/crypto/userspace-if.rst
config CRYPTO_USER_API_SKCIPHER
- tristate "Symmetric key cipher algorithms"
+ tristate "Symmetric key cipher algorithms (deprecated)"
depends on NET
select CRYPTO_SKCIPHER
select CRYPTO_USER_API
help
- Enable the userspace interface for symmetric key cipher algorithms.
+ Enable the AF_ALG userspace interface for symmetric key algorithms.
+ This provides unprivileged userspace programs access to arbitrary
+ symmetric key algorithms implemented in the kernel's privileged
+ execution context.
+
+ This interface is deprecated and is supported only for backwards
+ compatibility. It regularly has vulnerabilities, and the capabilities
+ it provides are redundant with userspace crypto libraries.
+
+ Enable this only if needed for support for a program that hasn't yet
+ been converted to userspace crypto, for example iwd, or cryptsetup
+ with certain algorithms.
- See Documentation/crypto/userspace-if.rst and
- https://www.chronox.de/libkcapi/html/index.html
+ See also Documentation/crypto/userspace-if.rst
config CRYPTO_USER_API_RNG
- tristate "RNG (random number generator) algorithms"
+ tristate "Random number generation algorithms (deprecated)"
depends on NET
select CRYPTO_RNG
select CRYPTO_USER_API
help
- Enable the userspace interface for RNG (random number generator)
- algorithms.
+ Enable the AF_ALG userspace interface for random number generation
+ (RNG) algorithms. This provides unprivileged userspace programs
+ access to arbitrary RNG algorithms implemented in the kernel's
+ privileged execution context.
- See Documentation/crypto/userspace-if.rst and
- https://www.chronox.de/libkcapi/html/index.html
+ This interface is deprecated and is supported only for backwards
+ compatibility. It regularly has vulnerabilities, and the capabilities
+ it provides are redundant with userspace crypto libraries as well as
+ the normal kernel RNG (e.g., /dev/urandom and getrandom(2)).
+
+ See also Documentation/crypto/userspace-if.rst
config CRYPTO_USER_API_RNG_CAVP
bool "Enable CAVP testing of DRBG"
@@ -1304,16 +1328,25 @@ config CRYPTO_USER_API_RNG_CAVP
no unless you know what this is.
config CRYPTO_USER_API_AEAD
- tristate "AEAD cipher algorithms"
+ tristate "AEAD cipher algorithms (deprecated)"
depends on NET
select CRYPTO_AEAD
select CRYPTO_SKCIPHER
select CRYPTO_USER_API
help
- Enable the userspace interface for AEAD cipher algorithms.
+ Enable the AF_ALG userspace interface for authenticated encryption
+ with associated data (AEAD) algorithms. This provides unprivileged
+ userspace programs access to arbitrary AEAD algorithms implemented in
+ the kernel's privileged execution context.
+
+ This interface is deprecated and is supported only for backwards
+ compatibility. It regularly has vulnerabilities, and the capabilities
+ it provides are redundant with userspace crypto libraries.
+
+ Enable this only if needed for support for a program that hasn't yet
+ been converted to userspace crypto, for example iwd.
- See Documentation/crypto/userspace-if.rst and
- https://www.chronox.de/libkcapi/html/index.html
+ See also Documentation/crypto/userspace-if.rst
config CRYPTO_USER_API_ENABLE_OBSOLETE
bool "Obsolete cryptographic algorithms"