On Tue, Jun 23, 2026 at 01:29:20PM -0400, Demi Marie Obenour wrote: > On 6/23/26 12:52, Eric Biggers wrote: > > On Tue, Jun 23, 2026 at 11:04:14AM -0400, Luiz Augusto von Dentz wrote: > >>> +=== ================================================================== > >>> +0 AF_ALG is unrestricted. > >>> + > >>> +1 AF_ALG is supported with a limited list of algorithms. The list > >>> + is designed for compatibility with known users such as iwd and > >>> + bluez that haven't yet been fixed to use userspace crypto code. > >> > >> Is the expectation that we go shopping for userspace crypto here? > > > > Yes, same as what 99% of userspace already does. Probably you'll just > > want to link to OpenSSL, but it could be something else if you want. > > Hard disagree on OpenSSL. It's not a good library. > > See <https://cryptography.io/en/latest/statements/state-of-openssl/>. > > Distributions should ship AWS-LC and either rebuild reverse > dependencies when needed, or work with upstream to catch ABI breaks.
I don't like OpenSSL either, but it's the de facto standard on most distros. While perhaps distros should make that switch, there's no need to wait for that to move away from AF_ALG. - Eric
