diff options
| author | Harald Freudenberger <freude@linux.ibm.com> | 2026-01-15 13:00:26 +0100 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2026-01-31 10:52:30 +0800 |
| commit | 9d58d22f367f6fc08f949b1ba9625e56414be92a (patch) | |
| tree | 24aaf34b93fbe41efee5ca86460c45db604c6c1c /tools/perf/lib/Documentation/tutorial/git@git.tavy.me:linux.git | |
| parent | 452770a4fafcdb2d80bb793a91aec9ff84769fdc (diff) | |
crypto: s390/paes - Refuse clear key material by default
This patch exploits the new xflag PKEY_XFLAG_NOCLEARKEY from the pkey
layer. So now by default all the paes algorithms refuse the use of
clear key material ("clear key tokens") in the setkey function with
-EINVAL.
With a new kernel module parameter "clrkey" this behavior can be
controlled. By default clrkey is 'N' but for testing purpose on module
load a true value (1, 'Y') may be given to accept clear key tokens.
Note that during selftest clear keys are always used and thus the
xflag PKEY_XFLAG_NOCLEARKEY is NOT set as long as the algorithm is in
a larval state indicated by crypto_skcipher_tested() returning false.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'tools/perf/lib/Documentation/tutorial/git@git.tavy.me:linux.git')
0 files changed, 0 insertions, 0 deletions