* [PATCH 0/1] Check for eCryptfs cipher support at mount time. @ 2012-07-11 1:05 Tim Sally 2012-07-11 1:05 ` [PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount Tim Sally 0 siblings, 1 reply; 5+ messages in thread From: Tim Sally @ 2012-07-11 1:05 UTC (permalink / raw) To: tyhicks, dustin.kirkland; +Cc: ecryptfs, linux-kernel, Tim Sally eCryptfs will mount with any cipher supported by the crypto subsystem, even if the cipher is not supported by eCryptfs itself. An error will not occur until a write. This change checks for eCryptfs cipher support at mount time and will not mount the filesystem if the cipher is not supported. The cipher name and blocksize are retrieved from ecryptfs_key_tfm because it will assign a default block size upon creation if none is specified in the mount options. This issue originally reported by Tyler Hicks in 03/2009. https://bugs.launchpad.net/ecryptfs/+bug/338914 Thanks, Tim Tim Sally (1): eCryptfs: check for eCryptfs cipher support at mount fs/ecryptfs/main.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) -- 1.7.10.4 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount 2012-07-11 1:05 [PATCH 0/1] Check for eCryptfs cipher support at mount time Tim Sally @ 2012-07-11 1:05 ` Tim Sally 2012-07-11 17:11 ` Tyler Hicks 0 siblings, 1 reply; 5+ messages in thread From: Tim Sally @ 2012-07-11 1:05 UTC (permalink / raw) To: tyhicks, dustin.kirkland; +Cc: ecryptfs, linux-kernel, Tim Sally The issue occurs when eCryptfs is mounted with a cipher supported by the crypto subsystem but not by eCryptfs. The mount succeeds and an error does not occur until a write. This change checks for eCryptfs cipher support at mount time. Resolves Launchpad issue #338914, reported by Tyler Hicks in 03/2009. https://bugs.launchpad.net/ecryptfs/+bug/338914 Signed-off-by: Tim Sally <tsally@atomicpeace.com> --- fs/ecryptfs/main.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index df217dc..4eb1fc6 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c @@ -279,6 +279,8 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options, char *fnek_src; char *cipher_key_bytes_src; char *fn_cipher_key_bytes_src; + struct ecryptfs_key_tfm *key_tfm = NULL; + u8 cipher_code; *check_ruid = 0; @@ -456,6 +458,28 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options, goto out; } } + + if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name, + &key_tfm)) { + ecryptfs_printk(KERN_ERR, + "Cipher %s was not initalized correctly.\n", + mount_crypt_stat->global_default_cipher_name); + rc = -EINVAL; + mutex_unlock(&key_tfm_list_mutex); + goto out; + } + + cipher_code = ecryptfs_code_for_cipher_string(key_tfm->cipher_name, + key_tfm->key_size); + if (!cipher_code) { + ecryptfs_printk(KERN_ERR, + "eCryptfs doesn't support: %s blocksize %zu.\n", + key_tfm->cipher_name, key_tfm->key_size); + rc = -EINVAL; + mutex_unlock(&key_tfm_list_mutex); + goto out; + } + mutex_unlock(&key_tfm_list_mutex); rc = ecryptfs_init_global_auth_toks(mount_crypt_stat); if (rc) -- 1.7.10.4 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount 2012-07-11 1:05 ` [PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount Tim Sally @ 2012-07-11 17:11 ` Tyler Hicks 2012-07-12 23:10 ` Tim Sally 0 siblings, 1 reply; 5+ messages in thread From: Tyler Hicks @ 2012-07-11 17:11 UTC (permalink / raw) To: Tim Sally; +Cc: dustin.kirkland, ecryptfs, linux-kernel [-- Attachment #1: Type: text/plain, Size: 2754 bytes --] On 2012-07-10 21:05:51, Tim Sally wrote: > The issue occurs when eCryptfs is mounted with a cipher supported by > the crypto subsystem but not by eCryptfs. The mount succeeds and an > error does not occur until a write. This change checks for eCryptfs > cipher support at mount time. > > Resolves Launchpad issue #338914, reported by Tyler Hicks in 03/2009. > https://bugs.launchpad.net/ecryptfs/+bug/338914 Hey Tim - Thanks for digging this one out of the bug tracker. :) > > Signed-off-by: Tim Sally <tsally@atomicpeace.com> > --- > fs/ecryptfs/main.c | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c > index df217dc..4eb1fc6 100644 > --- a/fs/ecryptfs/main.c > +++ b/fs/ecryptfs/main.c > @@ -279,6 +279,8 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options, > char *fnek_src; > char *cipher_key_bytes_src; > char *fn_cipher_key_bytes_src; > + struct ecryptfs_key_tfm *key_tfm = NULL; > + u8 cipher_code; > > *check_ruid = 0; > > @@ -456,6 +458,28 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options, > goto out; > } > } > + > + if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name, > + &key_tfm)) { > + ecryptfs_printk(KERN_ERR, > + "Cipher %s was not initalized correctly.\n", > + mount_crypt_stat->global_default_cipher_name); > + rc = -EINVAL; > + mutex_unlock(&key_tfm_list_mutex); > + goto out; > + } We already know that the tfm exists because we already checked for its existence and added it if it didn't exist. We shouldn't need to do it again here. > + > + cipher_code = ecryptfs_code_for_cipher_string(key_tfm->cipher_name, > + key_tfm->key_size); > + if (!cipher_code) { > + ecryptfs_printk(KERN_ERR, > + "eCryptfs doesn't support: %s blocksize %zu.\n", > + key_tfm->cipher_name, key_tfm->key_size); > + rc = -EINVAL; > + mutex_unlock(&key_tfm_list_mutex); > + goto out; > + } How about just calling ecryptfs_code_for_cipher_string(mount_crypt_stat->global_default_cipher_name, mount_crypt_stat->global_default_cipher_key_size); even before we lock the key_tfm_list_mutex a little above here? If that fails, we don't even need to check for the tfm's existence or do anything else besides error out. Tyler > + > mutex_unlock(&key_tfm_list_mutex); > rc = ecryptfs_init_global_auth_toks(mount_crypt_stat); > if (rc) > -- > 1.7.10.4 > > -- > To unsubscribe from this list: send the line "unsubscribe ecryptfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 836 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount 2012-07-11 17:11 ` Tyler Hicks @ 2012-07-12 23:10 ` Tim Sally 2012-07-14 0:24 ` Tyler Hicks 0 siblings, 1 reply; 5+ messages in thread From: Tim Sally @ 2012-07-12 23:10 UTC (permalink / raw) To: tyhicks, dustin.kirkland; +Cc: ecryptfs, linux-kernel, Tim Sally The issue occurs when eCryptfs is mounted with a cipher supported by the crypto subsystem but not by eCryptfs. The mount succeeds and an error does not occur until a write. This change checks for eCryptfs cipher support at mount time. Resolves Launchpad issue #338914, reported by Tyler Hicks in 03/2009. https://bugs.launchpad.net/ecryptfs/+bug/338914 Signed-off-by: Tim Sally <tsally@atomicpeace.com> --- fs/ecryptfs/main.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index df217dc..aee998d 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c @@ -279,6 +279,7 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options, char *fnek_src; char *cipher_key_bytes_src; char *fn_cipher_key_bytes_src; + u8 cipher_code; *check_ruid = 0; @@ -420,6 +421,18 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options, && !fn_cipher_key_bytes_set) mount_crypt_stat->global_default_fn_cipher_key_bytes = mount_crypt_stat->global_default_cipher_key_size; + + cipher_code = ecryptfs_code_for_cipher_string( + mount_crypt_stat->global_default_cipher_name, + mount_crypt_stat->global_default_cipher_key_size); + if (!cipher_code) { + ecryptfs_printk(KERN_ERR, + "eCryptfs doesn't support cipher: %s.", + mount_crypt_stat->global_default_cipher_name); + rc = -EINVAL; + goto out; + } + mutex_lock(&key_tfm_list_mutex); if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name, NULL)) { -- 1.7.10.4 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount 2012-07-12 23:10 ` Tim Sally @ 2012-07-14 0:24 ` Tyler Hicks 0 siblings, 0 replies; 5+ messages in thread From: Tyler Hicks @ 2012-07-14 0:24 UTC (permalink / raw) To: Tim Sally; +Cc: dustin.kirkland, ecryptfs, linux-kernel [-- Attachment #1: Type: text/plain, Size: 2132 bytes --] On 2012-07-12 19:10:24, Tim Sally wrote: > The issue occurs when eCryptfs is mounted with a cipher supported by > the crypto subsystem but not by eCryptfs. The mount succeeds and an > error does not occur until a write. This change checks for eCryptfs > cipher support at mount time. > > Resolves Launchpad issue #338914, reported by Tyler Hicks in 03/2009. > https://bugs.launchpad.net/ecryptfs/+bug/338914 > > Signed-off-by: Tim Sally <tsally@atomicpeace.com> Looks good! I've pushed it to the eCryptfs -next branch and it will go in during the 3.6 merge window. I'm looking forward to more eCryptfs patches from you. Thanks! Tyler > --- > fs/ecryptfs/main.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c > index df217dc..aee998d 100644 > --- a/fs/ecryptfs/main.c > +++ b/fs/ecryptfs/main.c > @@ -279,6 +279,7 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options, > char *fnek_src; > char *cipher_key_bytes_src; > char *fn_cipher_key_bytes_src; > + u8 cipher_code; > > *check_ruid = 0; > > @@ -420,6 +421,18 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options, > && !fn_cipher_key_bytes_set) > mount_crypt_stat->global_default_fn_cipher_key_bytes = > mount_crypt_stat->global_default_cipher_key_size; > + > + cipher_code = ecryptfs_code_for_cipher_string( > + mount_crypt_stat->global_default_cipher_name, > + mount_crypt_stat->global_default_cipher_key_size); > + if (!cipher_code) { > + ecryptfs_printk(KERN_ERR, > + "eCryptfs doesn't support cipher: %s.", > + mount_crypt_stat->global_default_cipher_name); > + rc = -EINVAL; > + goto out; > + } > + > mutex_lock(&key_tfm_list_mutex); > if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name, > NULL)) { > -- > 1.7.10.4 > > -- > To unsubscribe from this list: send the line "unsubscribe ecryptfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 836 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2012-07-14 0:24 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2012-07-11 1:05 [PATCH 0/1] Check for eCryptfs cipher support at mount time Tim Sally 2012-07-11 1:05 ` [PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount Tim Sally 2012-07-11 17:11 ` Tyler Hicks 2012-07-12 23:10 ` Tim Sally 2012-07-14 0:24 ` Tyler Hicks
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.