diff options
Diffstat (limited to 'fs/ecryptfs/crypto.c')
-rw-r--r-- | fs/ecryptfs/crypto.c | 66 |
1 files changed, 12 insertions, 54 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index ed35a9712fa1..82e7d02cefae 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
@@ -1573,35 +1573,26 @@ out: | |||
1573 | 1573 | ||
1574 | /** | 1574 | /** |
1575 | * ecryptfs_process_cipher - Perform cipher initialization. | 1575 | * ecryptfs_process_cipher - Perform cipher initialization. |
1576 | * @tfm: Crypto context set by this function | ||
1577 | * @key_tfm: Crypto context for key material, set by this function | 1576 | * @key_tfm: Crypto context for key material, set by this function |
1578 | * @cipher_name: Name of the cipher. | 1577 | * @cipher_name: Name of the cipher |
1579 | * @key_size: Size of the key in bytes. | 1578 | * @key_size: Size of the key in bytes |
1580 | * | 1579 | * |
1581 | * Returns zero on success. Any crypto_tfm structs allocated here | 1580 | * Returns zero on success. Any crypto_tfm structs allocated here |
1582 | * should be released by other functions, such as on a superblock put | 1581 | * should be released by other functions, such as on a superblock put |
1583 | * event, regardless of whether this function succeeds for fails. | 1582 | * event, regardless of whether this function succeeds for fails. |
1584 | */ | 1583 | */ |
1585 | int | 1584 | int |
1586 | ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm, | 1585 | ecryptfs_process_cipher(struct crypto_tfm **key_tfm, char *cipher_name, |
1587 | char *cipher_name, size_t key_size) | 1586 | size_t *key_size) |
1588 | { | 1587 | { |
1589 | char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; | 1588 | char dummy_key[ECRYPTFS_MAX_KEY_BYTES]; |
1590 | int rc; | 1589 | int rc; |
1591 | 1590 | ||
1592 | *tfm = *key_tfm = NULL; | 1591 | *key_tfm = NULL; |
1593 | if (key_size > ECRYPTFS_MAX_KEY_BYTES) { | 1592 | if (*key_size > ECRYPTFS_MAX_KEY_BYTES) { |
1594 | rc = -EINVAL; | 1593 | rc = -EINVAL; |
1595 | printk(KERN_ERR "Requested key size is [%Zd] bytes; maximum " | 1594 | printk(KERN_ERR "Requested key size is [%Zd] bytes; maximum " |
1596 | "allowable is [%d]\n", key_size, ECRYPTFS_MAX_KEY_BYTES); | 1595 | "allowable is [%d]\n", *key_size, ECRYPTFS_MAX_KEY_BYTES); |
1597 | goto out; | ||
1598 | } | ||
1599 | *tfm = crypto_alloc_tfm(cipher_name, (ECRYPTFS_DEFAULT_CHAINING_MODE | ||
1600 | | CRYPTO_TFM_REQ_WEAK_KEY)); | ||
1601 | if (!(*tfm)) { | ||
1602 | rc = -EINVAL; | ||
1603 | printk(KERN_ERR "Unable to allocate crypto cipher with name " | ||
1604 | "[%s]\n", cipher_name); | ||
1605 | goto out; | 1596 | goto out; |
1606 | } | 1597 | } |
1607 | *key_tfm = crypto_alloc_tfm(cipher_name, CRYPTO_TFM_REQ_WEAK_KEY); | 1598 | *key_tfm = crypto_alloc_tfm(cipher_name, CRYPTO_TFM_REQ_WEAK_KEY); |
@@ -1611,46 +1602,13 @@ ecryptfs_process_cipher(struct crypto_tfm **tfm, struct crypto_tfm **key_tfm, | |||
1611 | "[%s]\n", cipher_name); | 1602 | "[%s]\n", cipher_name); |
1612 | goto out; | 1603 | goto out; |
1613 | } | 1604 | } |
1614 | if (key_size < crypto_tfm_alg_min_keysize(*tfm)) { | 1605 | if (*key_size == 0) |
1615 | rc = -EINVAL; | 1606 | *key_size = crypto_tfm_alg_max_keysize(*key_tfm); |
1616 | printk(KERN_ERR "Request key size is [%Zd]; minimum key size " | 1607 | get_random_bytes(dummy_key, *key_size); |
1617 | "supported by cipher [%s] is [%d]\n", key_size, | 1608 | rc = crypto_cipher_setkey(*key_tfm, dummy_key, *key_size); |
1618 | cipher_name, crypto_tfm_alg_min_keysize(*tfm)); | ||
1619 | goto out; | ||
1620 | } | ||
1621 | if (key_size < crypto_tfm_alg_min_keysize(*key_tfm)) { | ||
1622 | rc = -EINVAL; | ||
1623 | printk(KERN_ERR "Request key size is [%Zd]; minimum key size " | ||
1624 | "supported by cipher [%s] is [%d]\n", key_size, | ||
1625 | cipher_name, crypto_tfm_alg_min_keysize(*key_tfm)); | ||
1626 | goto out; | ||
1627 | } | ||
1628 | if (key_size > crypto_tfm_alg_max_keysize(*tfm)) { | ||
1629 | rc = -EINVAL; | ||
1630 | printk(KERN_ERR "Request key size is [%Zd]; maximum key size " | ||
1631 | "supported by cipher [%s] is [%d]\n", key_size, | ||
1632 | cipher_name, crypto_tfm_alg_min_keysize(*tfm)); | ||
1633 | goto out; | ||
1634 | } | ||
1635 | if (key_size > crypto_tfm_alg_max_keysize(*key_tfm)) { | ||
1636 | rc = -EINVAL; | ||
1637 | printk(KERN_ERR "Request key size is [%Zd]; maximum key size " | ||
1638 | "supported by cipher [%s] is [%d]\n", key_size, | ||
1639 | cipher_name, crypto_tfm_alg_min_keysize(*key_tfm)); | ||
1640 | goto out; | ||
1641 | } | ||
1642 | get_random_bytes(dummy_key, key_size); | ||
1643 | rc = crypto_cipher_setkey(*tfm, dummy_key, key_size); | ||
1644 | if (rc) { | ||
1645 | printk(KERN_ERR "Error attempting to set key of size [%Zd] for " | ||
1646 | "cipher [%s]; rc = [%d]\n", key_size, cipher_name, rc); | ||
1647 | rc = -EINVAL; | ||
1648 | goto out; | ||
1649 | } | ||
1650 | rc = crypto_cipher_setkey(*key_tfm, dummy_key, key_size); | ||
1651 | if (rc) { | 1609 | if (rc) { |
1652 | printk(KERN_ERR "Error attempting to set key of size [%Zd] for " | 1610 | printk(KERN_ERR "Error attempting to set key of size [%Zd] for " |
1653 | "cipher [%s]; rc = [%d]\n", key_size, cipher_name, rc); | 1611 | "cipher [%s]; rc = [%d]\n", *key_size, cipher_name, rc); |
1654 | rc = -EINVAL; | 1612 | rc = -EINVAL; |
1655 | goto out; | 1613 | goto out; |
1656 | } | 1614 | } |