Re: [RFC PATCH] crypto: prevent helper ciphers from being allocated by users
From: Herbert Xu
Date: Tue Mar 17 2015 - 07:24:05 EST
On Fri, Mar 13, 2015 at 10:09:21PM +0100, Stephan Mueller wrote:
>
> +struct crypto_tfm *__crypto_alloc_tfm_safe(struct crypto_alg *alg, u32 type,
> + u32 mask)
> +{
> + /*
> + * Prevent all ciphers from being loaded which have a cra_priority
> + * of 0. Those cipher implementations are helper ciphers and
> + * are not intended for general consumption.
> + *
> + * The only exceptions are the compression algorithms which
> + * have no priority.
> + */
> + if (!alg->cra_priority &&
> + ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) !=
> + CRYPTO_ALG_TYPE_PCOMPRESS) &&
> + ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) !=
> + CRYPTO_ALG_TYPE_COMPRESS))
> + return ERR_PTR(-ENOENT);
How about adding a flag to all these internal algorithms and then
change crypto_alg_mod_lookup to disable that flag by default?
Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/