| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150317112350.GA11671@gondor.apana.org.au>
Date: Tue, 17 Mar 2015 22:23:50 +1100
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Stephan Mueller <smueller@...onox.de>
Cc: linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH] crypto: prevent helper ciphers from being allocated
by users
On Fri, Mar 13, 2015 at 10:09:21PM +0100, Stephan Mueller wrote:
>
> +struct crypto_tfm *__crypto_alloc_tfm_safe(struct crypto_alg *alg, u32 type,
> + u32 mask)
> +{
> + /*
> + * Prevent all ciphers from being loaded which have a cra_priority
> + * of 0. Those cipher implementations are helper ciphers and
> + * are not intended for general consumption.
> + *
> + * The only exceptions are the compression algorithms which
> + * have no priority.
> + */
> + if (!alg->cra_priority &&
> + ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) !=
> + CRYPTO_ALG_TYPE_PCOMPRESS) &&
> + ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) !=
> + CRYPTO_ALG_TYPE_COMPRESS))
> + return ERR_PTR(-ENOENT);
How about adding a flag to all these internal algorithms and then
change crypto_alg_mod_lookup to disable that flag by default?
Cheers,
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists