Hi Eric, On Tue, Jun 23, 2026 at 2:05 PM Eric Biggers <[email protected]> wrote: > > On Tue, Jun 23, 2026 at 09:52:08AM -0700, Eric Biggers wrote: > > On Tue, Jun 23, 2026 at 11:04:14AM -0400, Luiz Augusto von Dentz wrote: > > > > +=== ================================================================== > > > > +0 AF_ALG is unrestricted. > > > > + > > > > +1 AF_ALG is supported with a limited list of algorithms. The list > > > > + is designed for compatibility with known users such as iwd and > > > > + bluez that haven't yet been fixed to use userspace crypto code. > > > > > > Is the expectation that we go shopping for userspace crypto here? > > > > Yes, same as what 99% of userspace already does. Probably you'll just > > want to link to OpenSSL, but it could be something else if you want. > > > > - Eric > > By the way you do know that bluez already has a local implementation of > ECDH, right? See src/shared/ecc.c.
It's never been audited; it's only used for hardware emulation, I didn't even remember we had that thingy. What we really use is src/shared/crypto.c, and I'm not looking forward to having it changed. With something like Zephyr, changing crypto libraries every so often just because one didn't fit on a platform wasn't a great experience, and that is a much bigger project. In the end it seems they are using a forked mbedtls: https://github.com/zephyrproject-rtos/mbedtls I'm quite sure whatever choice we make will be the wrong choice for someone. Then someone will have the brilliant idea to add some sort of backend support to let everyone plug in their preferred crypto library, possibly adding even more code to audit. > - Eric -- Luiz Augusto von Dentz
