summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorDemi Marie Obenour <demiobenour@gmail.com>2026-05-23 22:43:03 +0300
committerHerbert Xu <herbert@gondor.apana.org.au>2026-05-29 09:05:30 +0300
commit7524070f26d8d347c26787dc297fb844baa26abf (patch)
tree74f0a7b9a2e653829cdc6a4f2991458e6f5f6c0d /include
parentfcc77d33a34cf271702e8daafb6c593e4626776d (diff)
downloadlinux-7524070f26d8d347c26787dc297fb844baa26abf.tar.xz
crypto: af_alg - Drop support for off-CPU cryptography
AF_ALG is deprecated and exposed to unprivileged userspace. Only use the least buggy algorithm implementations: the pure software ones. This removes one of the main advantages of AF_ALG, which is the ability to use it with off-CPU accelerators. However, using off-CPU accelerators has huge overheads, both in performance and attack surface. I have yet to see real-world, performance-critical workloads where using an accelerator via AF_ALG is actually a win over doing cryptography in userspace. If using an off-CPU accelerator really does turn out to be a win, a new API should be developed that is actually a good fit for it. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'include')
-rw-r--r--include/crypto/if_alg.h14
1 files changed, 13 insertions, 1 deletions
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
index 62867daca47d..7643ba954125 100644
--- a/include/crypto/if_alg.h
+++ b/include/crypto/if_alg.h
@@ -41,7 +41,7 @@ struct af_alg_control {
};
struct af_alg_type {
- void *(*bind)(const char *name, u32 type, u32 mask);
+ void *(*bind)(const char *name);
void (*release)(void *private);
int (*setkey)(void *private, const u8 *key, unsigned int keylen);
int (*setentropy)(void *private, sockptr_t entropy, unsigned int len);
@@ -243,4 +243,16 @@ int af_alg_get_rsgl(struct sock *sk, struct msghdr *msg, int flags,
struct af_alg_async_req *areq, size_t maxsize,
size_t *outlen);
+/*
+ * Mask used to disable unsupported algorithm implementations.
+ *
+ * This is the same as FSCRYPT_CRYPTOAPI_MASK in fs/crypto/fscrypt_private.h.
+ * In additions to the motivations there, this API is exposed to userspace
+ * that might not be fully trusted.
+ */
+#define AF_ALG_CRYPTOAPI_MASK \
+ (CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY | \
+ CRYPTO_ALG_KERN_DRIVER_ONLY)
+
+
#endif /* _CRYPTO_IF_ALG_H */