From e191cc8118cbb5eee3710167edc8e822cdbf4214 Mon Sep 17 00:00:00 2001 From: Collin Funk Date: Mon, 22 Jun 2026 18:03:40 -0700 Subject: [PATCH] crypto/af_alg: Deprecate. * modules/crypto/af_alg (Status, Notice): New sections. (configure.ac): Add a module indicator. * lib/md5-stream.c (md5_stream): Only use the AF_ALG API if the module indicator is defined. * lib/sha1-stream.c (sha1_stream): Likewise. * lib/sha256-stream.c (shaxxx_stream): Likewise. * lib/sha3-stream.c (sha3_xxx_stream): Likewise. * lib/sha512-stream.c (shaxxx_stream): Likewise. * modules/crypto/md5 (Depends-on): Remove crypto/af_alg dependency. * modules/crypto/sha1 (Depends-on): Likewise. * modules/crypto/sha256 (Depends-on): Likewise. * modules/crypto/sha3 (Depends-on): Likewise. * modules/crypto/sha512 (Depends-on): Likewise. * NEWS: Mention the deprecation. --- ChangeLog | 18 ++++++++++++++++++ NEWS | 8 ++++++++ lib/md5-stream.c | 6 +++++- lib/sha1-stream.c | 6 +++++- lib/sha256-stream.c | 6 +++++- lib/sha3-stream.c | 6 +++++- lib/sha512-stream.c | 6 +++++- modules/crypto/af_alg | 7 +++++++ modules/crypto/md5 | 1 - modules/crypto/sha1 | 1 - modules/crypto/sha256 | 1 - modules/crypto/sha3 | 1 - modules/crypto/sha512 | 1 - 13 files changed, 58 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6ee89378ea..58eb4f8609 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,21 @@ +2026-06-22 Collin Funk + + crypto/af_alg: Deprecate. + * modules/crypto/af_alg (Status, Notice): New sections. + (configure.ac): Add a module indicator. + * lib/md5-stream.c (md5_stream): Only use the AF_ALG API if the module + indicator is defined. + * lib/sha1-stream.c (sha1_stream): Likewise. + * lib/sha256-stream.c (shaxxx_stream): Likewise. + * lib/sha3-stream.c (sha3_xxx_stream): Likewise. + * lib/sha512-stream.c (shaxxx_stream): Likewise. + * modules/crypto/md5 (Depends-on): Remove crypto/af_alg dependency. + * modules/crypto/sha1 (Depends-on): Likewise. + * modules/crypto/sha256 (Depends-on): Likewise. + * modules/crypto/sha3 (Depends-on): Likewise. + * modules/crypto/sha512 (Depends-on): Likewise. + * NEWS: Mention the deprecation. + 2026-06-20 Paul Eggert gethrxtime: don’t use nanouptime, microuptime diff --git a/NEWS b/NEWS index 8456732c43..6eef535dfa 100644 --- a/NEWS +++ b/NEWS @@ -78,6 +78,14 @@ User visible incompatible changes Date Modules Changes +2026-06-22 crypto/af_alg This module has been deprecated following the + deprecation of the AF_ALG API in Linux 7.2. If your + package requires optimized hash algorithms, place + gl_SET_CRYPTO_CHECK_DEFAULT([auto-gpl-compat]) in + your configure.ac to use OpenSSL when + possible. Alternatively, use 'crypto/gc' + which uses libgcrypt when possible. + 2026-06-08 strerror The return type of the strerror function is now 'const char *' on most platforms. You may need to adjust assignments of the form diff --git a/lib/md5-stream.c b/lib/md5-stream.c index ffe077f52a..a406d17b53 100644 --- a/lib/md5-stream.c +++ b/lib/md5-stream.c @@ -30,7 +30,9 @@ # include "unlocked-io.h" #endif -#include "af_alg.h" +#if GNULIB_AF_ALG +# include "af_alg.h" +#endif #ifdef _LIBC # include @@ -57,11 +59,13 @@ int md5_stream (FILE *stream, void *resblock) { +#if GNULIB_AF_ALG switch (afalg_stream (stream, "md5", resblock, MD5_DIGEST_SIZE)) { case 0: return 0; case -EIO: return 1; } +#endif char *buffer = malloc (BLOCKSIZE); if (!buffer) diff --git a/lib/sha1-stream.c b/lib/sha1-stream.c index c6e2c836e9..3de4a0156a 100644 --- a/lib/sha1-stream.c +++ b/lib/sha1-stream.c @@ -32,7 +32,9 @@ # include "unlocked-io.h" #endif -#include "af_alg.h" +#if GNULIB_AF_ALG +# include "af_alg.h" +#endif #define BLOCKSIZE 32768 #if BLOCKSIZE % 64 != 0 @@ -45,11 +47,13 @@ int sha1_stream (FILE *restrict stream, void *restrict resblock) { +#if GNULIB_AF_ALG switch (afalg_stream (stream, "sha1", resblock, SHA1_DIGEST_SIZE)) { case 0: return 0; case -EIO: return 1; } +#endif char *buffer = malloc (BLOCKSIZE); if (!buffer) diff --git a/lib/sha256-stream.c b/lib/sha256-stream.c index cde823a597..a2c0e20677 100644 --- a/lib/sha256-stream.c +++ b/lib/sha256-stream.c @@ -31,7 +31,9 @@ # include "unlocked-io.h" #endif -#include "af_alg.h" +#if GNULIB_AF_ALG +# include "af_alg.h" +#endif #define BLOCKSIZE 32768 #if BLOCKSIZE % 64 != 0 @@ -49,11 +51,13 @@ shaxxx_stream (FILE *restrict stream, char const *restrict alg, void *(*finish_ctx) (struct sha256_ctx *restrict, void *restrict)) { +#if GNULIB_AF_ALG switch (afalg_stream (stream, alg, resblock, hashlen)) { case 0: return 0; case -EIO: return 1; } +#endif char *buffer = malloc (BLOCKSIZE); if (!buffer) diff --git a/lib/sha3-stream.c b/lib/sha3-stream.c index 7bc3a7d7fe..fcbce936ce 100644 --- a/lib/sha3-stream.c +++ b/lib/sha3-stream.c @@ -27,7 +27,9 @@ # include "unlocked-io.h" #endif -#include "af_alg.h" +#if GNULIB_AF_ALG +# include "af_alg.h" +#endif #define BLOCKSIZE 31824 #if (BLOCKSIZE % 144 != 0 && BLOCKSIZE % 136 != 0 && BLOCKSIZE % 104 != 0 \ @@ -44,11 +46,13 @@ sha3_xxx_stream (FILE *restrict stream, char const *restrict alg, void *restrict resblock, ssize_t hashlen, bool (*init_ctx) (struct sha3_ctx *)) { +#if GNULIB_AF_ALG switch (afalg_stream (stream, alg, resblock, hashlen)) { case 0: return 0; case -EIO: return 1; } +#endif char *buffer = malloc (BLOCKSIZE); if (!buffer) diff --git a/lib/sha512-stream.c b/lib/sha512-stream.c index 8901eb40aa..dfa4a7dcfd 100644 --- a/lib/sha512-stream.c +++ b/lib/sha512-stream.c @@ -31,7 +31,9 @@ # include "unlocked-io.h" #endif -#include "af_alg.h" +#if GNULIB_AF_ALG +# include "af_alg.h" +#endif #define BLOCKSIZE 32768 #if BLOCKSIZE % 128 != 0 @@ -49,11 +51,13 @@ shaxxx_stream (FILE *restrict stream, char const *restrict alg, void *(*finish_ctx) (struct sha512_ctx *restrict, void *restrict)) { +#if GNULIB_AF_ALG switch (afalg_stream (stream, alg, resblock, hashlen)) { case 0: return 0; case -EIO: return 1; } +#endif char *buffer = malloc (BLOCKSIZE); if (!buffer) diff --git a/modules/crypto/af_alg b/modules/crypto/af_alg index 86384c4775..579bae3542 100644 --- a/modules/crypto/af_alg +++ b/modules/crypto/af_alg @@ -1,6 +1,12 @@ Description: Compute message digest using kernel-supported cryptography algorithms. +Status: +deprecated + +Notice: +This module is deprecated because AF_ALG was deprecated in Linux 7.2. + Files: lib/af_alg.h lib/af_alg.c @@ -18,6 +24,7 @@ sys_stat-h configure.ac: gl_AF_ALG +gl_MODULE_INDICATOR([af_alg]) Makefile.am: lib_SOURCES += af_alg.c diff --git a/modules/crypto/md5 b/modules/crypto/md5 index ea9722ed3b..dcc6fb31ea 100644 --- a/modules/crypto/md5 +++ b/modules/crypto/md5 @@ -5,7 +5,6 @@ Files: lib/md5-stream.c Depends-on: -crypto/af_alg crypto/md5-buffer configure.ac: diff --git a/modules/crypto/sha1 b/modules/crypto/sha1 index 96e5c8fe18..0ad4564d59 100644 --- a/modules/crypto/sha1 +++ b/modules/crypto/sha1 @@ -5,7 +5,6 @@ Files: lib/sha1-stream.c Depends-on: -crypto/af_alg crypto/sha1-buffer configure.ac: diff --git a/modules/crypto/sha256 b/modules/crypto/sha256 index 68bc1900e3..8385b49a2c 100644 --- a/modules/crypto/sha256 +++ b/modules/crypto/sha256 @@ -5,7 +5,6 @@ Files: lib/sha256-stream.c Depends-on: -crypto/af_alg crypto/sha256-buffer configure.ac: diff --git a/modules/crypto/sha3 b/modules/crypto/sha3 index 50e2ead34f..a3a4a32aac 100644 --- a/modules/crypto/sha3 +++ b/modules/crypto/sha3 @@ -5,7 +5,6 @@ Files: lib/sha3-stream.c Depends-on: -crypto/af_alg crypto/sha3-buffer free-posix diff --git a/modules/crypto/sha512 b/modules/crypto/sha512 index 37a09e181d..6d51e648ff 100644 --- a/modules/crypto/sha512 +++ b/modules/crypto/sha512 @@ -5,7 +5,6 @@ Files: lib/sha512-stream.c Depends-on: -crypto/af_alg crypto/sha512-buffer configure.ac: -- 2.47.3