git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Harald Freudenberger <freude@linux.ibm.com>
	Thu, 15 Jan 2026 12:00:25 +0000 (13:00 +0100)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Sat, 31 Jan 2026 02:52:30 +0000 (10:52 +0800)
commit	452770a4fafcdb2d80bb793a91aec9ff84769fdc
tree	c6a43affd69ad33b873f04948fd4a673fdcb8a13	tree
parent	2dfca611197e4ac0fcca03dc82594bab38464964	commit \| diff

crypto: s390/phmac - Refuse clear key material by default

This patch exploits the new xflag PKEY_XFLAG_NOCLEARKEY from the pkey
layer. So now by default the phmac refuses the use of clear key
material ("clear key tokens") in the setkey function with
-EINVAL.

With a new kernel module parameter "clrkey" this behavior can be
controlled. By default clrkey is 'N' but for testing purpose on module
load a true value (1, 'Y') may be given to accept clear key tokens.

Note that during selftest clear keys are always used and thus the
xflag PKEY_XFLAG_NOCLEARKEY is NOT set as long as the algorithm is in
a larval state indicated by crypto_ahash_tested() returning false.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>