On Thu, Mar 19, 2015 at 08:23:58AM +0100, Stephan Mueller wrote: > > How can you distinguish between calls coming from crypto_*_spawn (which > we need to allow) and calls that come from the normal API calls (which > we should block? crypto_*_spawn should not be the place where you make the call on whether internals are allowed. You should put that information into places such as ablk_init_common or wherever these internals are allocated. So in ablk_init_common you would do cryptd_tfm = cryptd_alloc_ablkcipher(drv_name, CRYPTO_ALG_INTERNAL, CRYPTO_ALG_INTERNAL); IOW internals are disallowed if you don't specify it in the mask, but you can get them if you do specify it in the mask (and the corresponding bit in the type). Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html