diff options
author | Kees Cook <keescook@chromium.org> | 2014-11-20 17:05:53 -0800 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2015-02-20 00:49:36 +0000 |
commit | 9ffea4cb2306945b5df5f28bb8686333fe666bf1 (patch) | |
tree | 0818e276a4b4392c7e2343866f0fc339d3a0284b /include | |
parent | 36323bf0f2f903867d705d8c8bd956a06a5a7be4 (diff) | |
download | linux-stable-9ffea4cb2306945b5df5f28bb8686333fe666bf1.tar.gz linux-stable-9ffea4cb2306945b5df5f28bb8686333fe666bf1.tar.bz2 linux-stable-9ffea4cb2306945b5df5f28bb8686333fe666bf1.zip |
crypto: prefix module autoloading with "crypto-"
commit 5d26a105b5a73e5635eae0629b42fa0a90e07b7b upstream.
This prefixes all crypto module loading with "crypto-" so we never run
the risk of exposing module auto-loading to userspace via a crypto API,
as demonstrated by Mathias Krause:
https://lkml.org/lkml/2013/3/4/70
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[bwh: Backported to 3.2:
- Adjust filenames
- Drop changes to algorithms and drivers we don't have
- Add aliases to generic C implementations that didn't need them before]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/crypto.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/include/linux/crypto.h b/include/linux/crypto.h index 8a94217b298e..ca01ea899114 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -25,6 +25,19 @@ #include <linux/uaccess.h> /* + * Autoloaded crypto modules should only use a prefixed name to avoid allowing + * arbitrary modules to be loaded. Loading from userspace may still need the + * unprefixed names, so retains those aliases as well. + * This uses __MODULE_INFO directly instead of MODULE_ALIAS because pre-4.3 + * gcc (e.g. avr32 toolchain) uses __LINE__ for uniqueness, and this macro + * expands twice on the same line. Instead, use a separate base name for the + * alias. + */ +#define MODULE_ALIAS_CRYPTO(name) \ + __MODULE_INFO(alias, alias_userspace, name); \ + __MODULE_INFO(alias, alias_crypto, "crypto-" name) + +/* * Algorithm masks and types. */ #define CRYPTO_ALG_TYPE_MASK 0x0000000f |