linux/crypto
Stephan Mueller 06ca7f68d4 crypto: api - prevent helper ciphers from being used
Several hardware related cipher implementations are implemented as
follows: a "helper" cipher implementation is registered with the
kernel crypto API.

Such helper ciphers are never intended to be called by normal users. In
some cases, calling them via the normal crypto API may even cause
failures including kernel crashes. In a normal case, the "wrapping"
ciphers that use the helpers ensure that these helpers are invoked
such that they cannot cause any calamity.

Considering the AF_ALG user space interface, unprivileged users can
call all ciphers registered with the crypto API, including these
helper ciphers that are not intended to be called directly. That
means, with AF_ALG user space may invoke these helper ciphers
and may cause undefined states or side effects.

To avoid any potential side effects with such helpers, the patch
prevents the helpers to be called directly. A new cipher type
flag is added: CRYPTO_ALG_INTERNAL. This flag shall be used
to mark helper ciphers. These ciphers can only be used if the
caller invoke the cipher with CRYPTO_ALG_INTERNAL in the type and
mask field.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2015-03-31 21:21:03 +08:00
..
asymmetric_keys Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2014-10-12 10:13:55 -04:00
async_tx dmaengine: fix xor sources continuation 2014-08-21 10:20:52 -07:00
842.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
ablk_helper.c crypto: ablk_helper - Replace memcpy with struct assignment 2013-10-07 14:16:57 +08:00
ablkcipher.c crypto: replace scatterwalk_sg_next with sg_next 2015-01-26 11:34:22 +11:00
aead.c crypto: aead - fixed style error in aead.c 2014-12-22 23:02:35 +11:00
aes_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
af_alg.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-02-14 09:47:01 -08:00
ahash.c crypto: replace scatterwalk_sg_next with sg_next 2015-01-26 11:34:22 +11:00
algapi.c crypto: api - fixed style erro in algapi.c 2014-12-22 23:02:37 +11:00
algboss.c crypto: algboss - Hold ref count on larval 2013-06-25 19:15:17 +08:00
algif_aead.c crypto: algif - add AEAD support 2015-03-04 22:12:39 +13:00
algif_hash.c crypto: switch af_alg_make_sg() to iov_iter 2015-02-04 01:34:15 -05:00
algif_rng.c crypto: algif_rng - zeroize buffer with random data 2015-03-16 21:46:25 +11:00
algif_skcipher.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-02-14 09:47:01 -08:00
ansi_cprng.c crypto: rng - RNGs must return 0 in success case 2015-03-09 21:06:18 +11:00
anubis.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
api.c crypto: api - prevent helper ciphers from being used 2015-03-31 21:21:03 +08:00
arc4.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
authenc.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
authencesn.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
blkcipher.c crypto: allow blkcipher walks over AEAD data 2014-03-10 20:17:11 +08:00
blowfish_common.c crypto: blowfish - split generic and common c code 2011-09-22 21:25:25 +10:00
blowfish_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
camellia_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast5_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast6_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cast_common.c crypto: make tables used from assembler __visible 2013-08-14 20:42:03 +10:00
cbc.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
ccm.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
chainiv.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
cipher.c crypto: cipher - Fix checkpatch errors 2010-02-16 20:31:37 +08:00
cmac.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
compress.c crypto: compress - Fix checkpatch errors 2010-02-16 20:31:04 +08:00
crc32.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
crc32c_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
crct10dif_common.c crypto: crct10dif - Add fallback for broken initrds 2013-09-12 15:31:34 +10:00
crct10dif_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
cryptd.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
crypto_null.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
crypto_user.c crypto: user - add MODULE_ALIAS 2014-11-26 20:06:29 +08:00
crypto_wq.c crypto: crypto_wq - Fix late crypto work queue initialization 2014-03-21 21:54:28 +08:00
ctr.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
cts.c crypto: cts - Weed out non-CBC algorithms 2015-01-20 14:44:15 +11:00
deflate.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
des_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
drbg.c crypto: rng - RNGs must return 0 in success case 2015-03-09 21:06:18 +11:00
ecb.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
eseqiv.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
fcrypt.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
fips.c crypto: api - Add fips_enable flag 2008-08-29 15:50:02 +10:00
gcm.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
gf128mul.c crypto: gf128mul - fix call to memset() 2011-07-08 17:21:21 +08:00
ghash-generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
hash_info.c crypto: provide single place for hash algo information 2013-10-25 17:14:03 -04:00
hmac.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
internal.h crypto: algboss - Hold ref count on larval 2013-06-25 19:15:17 +08:00
Kconfig crypto: arm - move ARM specific Kconfig definitions to a dedicated file 2015-03-12 21:13:35 +11:00
khazad.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
krng.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
lrw.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
lz4.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
lz4hc.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
lzo.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
Makefile crypto: algif - enable AEAD interface compilation 2015-03-04 22:12:39 +13:00
mcryptd.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
md4.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
md5.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
memneq.c crypto: memneq - fix for archs without efficient unaligned access 2013-12-09 20:09:12 +08:00
michael_mic.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
pcbc.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
pcompress.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
pcrypt.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
proc.c crypto: add module.h to those files that are explicitly using it 2011-10-31 19:31:11 -04:00
ripemd.h [CRYPTO] ripemd: Put all common RIPEMD values in header file 2008-07-10 20:35:12 +08:00
rmd128.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd160.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd256.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rmd320.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
rng.c crypto: user - fix info leaks in report API 2013-02-19 20:27:03 +08:00
salsa20_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
scatterwalk.c crypto: replace scatterwalk_sg_next with sg_next 2015-01-26 11:34:22 +11:00
seed.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00
seqiv.c crypto: seqiv - Ensure that IV size is at least 8 bytes 2015-01-20 14:44:16 +11:00
serpent_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
sha1_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
sha256_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
sha512_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
shash.c crypto: LLVMLinux: aligned-attribute.patch 2014-06-07 11:44:39 -07:00
tcrypt.c crypto: tcrypt - fix uninit sg entries in test_acipher_speed 2015-03-12 01:11:05 +11:00
tcrypt.h crypto: tcrypt - Added speed tests for AEAD crypto alogrithms in tcrypt test suite 2013-12-20 20:06:25 +08:00
tea.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
testmgr.c crypto: testmgr - fix RNG return code enforcement 2015-03-13 21:37:15 +11:00
testmgr.h crypto: testmgr - add test for lz4 and lz4hc 2014-08-29 21:46:36 +08:00
tgr192.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
twofish_common.c crypto: twofish-x86_64-3way - add lrw support 2011-11-09 11:53:32 +08:00
twofish_generic.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
vmac.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
wp512.c crypto: add missing crypto module aliases 2015-01-13 22:29:11 +11:00
xcbc.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
xor.c add further __init annotations to crypto/xor.c 2012-10-11 13:42:32 +11:00
xts.c crypto: include crypto- module prefix in template 2014-11-26 20:06:30 +08:00
zlib.c crypto: prefix module autoloading with "crypto-" 2014-11-24 22:43:57 +08:00