On Fri, Mar 13, 2015 at 10:09:21PM +0100, Stephan Mueller wrote: > > +struct crypto_tfm *__crypto_alloc_tfm_safe(struct crypto_alg *alg, u32 type, > + u32 mask) > +{ > + /* > + * Prevent all ciphers from being loaded which have a cra_priority > + * of 0. Those cipher implementations are helper ciphers and > + * are not intended for general consumption. > + * > + * The only exceptions are the compression algorithms which > + * have no priority. > + */ > + if (!alg->cra_priority && > + ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) != > + CRYPTO_ALG_TYPE_PCOMPRESS) && > + ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) != > + CRYPTO_ALG_TYPE_COMPRESS)) > + return ERR_PTR(-ENOENT); How about adding a flag to all these internal algorithms and then change crypto_alg_mod_lookup to disable that flag by default? Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html