Am Dienstag, 17. März 2015, 22:23:50 schrieb Herbert Xu: Hi Herbert, >On Fri, Mar 13, 2015 at 10:09:21PM +0100, Stephan Mueller wrote: >> +struct crypto_tfm *__crypto_alloc_tfm_safe(struct crypto_alg *alg, >> u32 type, + u32 mask) >> +{ >> + /* >> + * Prevent all ciphers from being loaded which have a cra_priority >> + * of 0. Those cipher implementations are helper ciphers and >> + * are not intended for general consumption. >> + * >> + * The only exceptions are the compression algorithms which >> + * have no priority. >> + */ >> + if (!alg->cra_priority && >> + ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) != >> + CRYPTO_ALG_TYPE_PCOMPRESS) && >> + ((alg->cra_flags & CRYPTO_ALG_TYPE_MASK) != >> + CRYPTO_ALG_TYPE_COMPRESS)) >> + return ERR_PTR(-ENOENT); > >How about adding a flag to all these internal algorithms and then >change crypto_alg_mod_lookup to disable that flag by default? The issue with flags is the following: first we have to think about whether we want a black list or white list approach. Your suggestion implies a black list. Black lists for ensuring security is not good IMHO as it has a tendency to miss cases. This especially applies to this area where we have already an indicator for internal ciphers: the prio is so low that it will never ever be selected based on the name. Now, adding a flag means that we mark such an internal cipher twice. Therefore, I would not opt for such a flag (at least for a black list) and stay with the prio approach. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html