From: Tim Sally <tsally@atomicpeace.com>
To: tyhicks@canonical.com, dustin.kirkland@gazzang.com
Cc: ecryptfs@vger.kernel.org, linux-kernel@vger.kernel.org,
Tim Sally <tsally@atomicpeace.com>
Subject: [PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount
Date: Tue, 10 Jul 2012 21:05:51 -0400 [thread overview]
Message-ID: <1341968751-28331-2-git-send-email-tsally@atomicpeace.com> (raw)
In-Reply-To: <1341968751-28331-1-git-send-email-tsally@atomicpeace.com>
The issue occurs when eCryptfs is mounted with a cipher supported by
the crypto subsystem but not by eCryptfs. The mount succeeds and an
error does not occur until a write. This change checks for eCryptfs
cipher support at mount time.
Resolves Launchpad issue #338914, reported by Tyler Hicks in 03/2009.
https://bugs.launchpad.net/ecryptfs/+bug/338914
Signed-off-by: Tim Sally <tsally@atomicpeace.com>
---
fs/ecryptfs/main.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index df217dc..4eb1fc6 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -279,6 +279,8 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
char *fnek_src;
char *cipher_key_bytes_src;
char *fn_cipher_key_bytes_src;
+ struct ecryptfs_key_tfm *key_tfm = NULL;
+ u8 cipher_code;
*check_ruid = 0;
@@ -456,6 +458,28 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
goto out;
}
}
+
+ if (!ecryptfs_tfm_exists(mount_crypt_stat->global_default_cipher_name,
+ &key_tfm)) {
+ ecryptfs_printk(KERN_ERR,
+ "Cipher %s was not initalized correctly.\n",
+ mount_crypt_stat->global_default_cipher_name);
+ rc = -EINVAL;
+ mutex_unlock(&key_tfm_list_mutex);
+ goto out;
+ }
+
+ cipher_code = ecryptfs_code_for_cipher_string(key_tfm->cipher_name,
+ key_tfm->key_size);
+ if (!cipher_code) {
+ ecryptfs_printk(KERN_ERR,
+ "eCryptfs doesn't support: %s blocksize %zu.\n",
+ key_tfm->cipher_name, key_tfm->key_size);
+ rc = -EINVAL;
+ mutex_unlock(&key_tfm_list_mutex);
+ goto out;
+ }
+
mutex_unlock(&key_tfm_list_mutex);
rc = ecryptfs_init_global_auth_toks(mount_crypt_stat);
if (rc)
--
1.7.10.4
next prev parent reply other threads:[~2012-07-11 1:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-11 1:05 [PATCH 0/1] Check for eCryptfs cipher support at mount time Tim Sally
2012-07-11 1:05 ` Tim Sally [this message]
2012-07-11 17:11 ` [PATCH 1/1] eCryptfs: check for eCryptfs cipher support at mount Tyler Hicks
2012-07-12 23:10 ` Tim Sally
2012-07-14 0:24 ` Tyler Hicks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1341968751-28331-2-git-send-email-tsally@atomicpeace.com \
--to=tsally@atomicpeace.com \
--cc=dustin.kirkland@gazzang.com \
--cc=ecryptfs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tyhicks@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.