crypto: prefix module autoloading with "crypto-"

This prefixes all crypto module loading with "crypto-" so we never run the risk of exposing module auto-loading to userspace via a crypto API, as demonstrated by Mathias Krause: https://lkml.org/lkml/2013/3/4/70 Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2025-04-24 14:07:52 -04:00 · 2014-11-20 17:05:53 -08:00 · 2014-11-20 17:05:53 -08:00 · 5d26a105b5
commit 5d26a105b5
parent 5d4a5e770d
95 changed files with 155 additions and 123 deletions
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@ -25,6 +25,19 @@
 #include <linux/string.h>
 #include <linux/uaccess.h>

+/*
+ * Autoloaded crypto modules should only use a prefixed name to avoid allowing
+ * arbitrary modules to be loaded. Loading from userspace may still need the
+ * unprefixed names, so retains those aliases as well.
+ * This uses __MODULE_INFO directly instead of MODULE_ALIAS because pre-4.3
+ * gcc (e.g. avr32 toolchain) uses __LINE__ for uniqueness, and this macro
+ * expands twice on the same line. Instead, use a separate base name for the
+ * alias.
+ */
+#define MODULE_ALIAS_CRYPTO(name)	\
+		__MODULE_INFO(alias, alias_userspace, name);	\
+		__MODULE_INFO(alias, alias_crypto, "crypto-" name)
+
 /*
 * Algorithm masks and types.
 */