diff options
Diffstat (limited to 'fs/ecryptfs/keystore.c')
| -rw-r--r-- | fs/ecryptfs/keystore.c | 55 |
1 files changed, 30 insertions, 25 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 09e2340ab783..89d9710dd63d 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
| @@ -436,7 +436,8 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
| 436 | size_t netlink_message_length; | 436 | size_t netlink_message_length; |
| 437 | int rc; | 437 | int rc; |
| 438 | 438 | ||
| 439 | if ((rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok))) { | 439 | rc = ecryptfs_get_auth_tok_sig(&auth_tok_sig, auth_tok); |
| 440 | if (rc) { | ||
| 440 | printk(KERN_ERR "Unrecognized auth tok type: [%d]\n", | 441 | printk(KERN_ERR "Unrecognized auth tok type: [%d]\n", |
| 441 | auth_tok->token_type); | 442 | auth_tok->token_type); |
| 442 | goto out; | 443 | goto out; |
| @@ -569,8 +570,9 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 569 | goto out; | 570 | goto out; |
| 570 | } | 571 | } |
| 571 | (*new_auth_tok) = &auth_tok_list_item->auth_tok; | 572 | (*new_auth_tok) = &auth_tok_list_item->auth_tok; |
| 572 | if ((rc = parse_packet_length(&data[(*packet_size)], &body_size, | 573 | rc = parse_packet_length(&data[(*packet_size)], &body_size, |
| 573 | &length_size))) { | 574 | &length_size); |
| 575 | if (rc) { | ||
| 574 | printk(KERN_WARNING "Error parsing packet length; " | 576 | printk(KERN_WARNING "Error parsing packet length; " |
| 575 | "rc = [%d]\n", rc); | 577 | "rc = [%d]\n", rc); |
| 576 | goto out_free; | 578 | goto out_free; |
| @@ -702,8 +704,9 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 702 | goto out; | 704 | goto out; |
| 703 | } | 705 | } |
| 704 | (*new_auth_tok) = &auth_tok_list_item->auth_tok; | 706 | (*new_auth_tok) = &auth_tok_list_item->auth_tok; |
| 705 | if ((rc = parse_packet_length(&data[(*packet_size)], &body_size, | 707 | rc = parse_packet_length(&data[(*packet_size)], &body_size, |
| 706 | &length_size))) { | 708 | &length_size); |
| 709 | if (rc) { | ||
| 707 | printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n", | 710 | printk(KERN_WARNING "Error parsing packet length; rc = [%d]\n", |
| 708 | rc); | 711 | rc); |
| 709 | goto out_free; | 712 | goto out_free; |
| @@ -849,8 +852,9 @@ parse_tag_11_packet(unsigned char *data, unsigned char *contents, | |||
| 849 | rc = -EINVAL; | 852 | rc = -EINVAL; |
| 850 | goto out; | 853 | goto out; |
| 851 | } | 854 | } |
| 852 | if ((rc = parse_packet_length(&data[(*packet_size)], &body_size, | 855 | rc = parse_packet_length(&data[(*packet_size)], &body_size, |
| 853 | &length_size))) { | 856 | &length_size); |
| 857 | if (rc) { | ||
| 854 | printk(KERN_WARNING "Invalid tag 11 packet format\n"); | 858 | printk(KERN_WARNING "Invalid tag 11 packet format\n"); |
| 855 | goto out; | 859 | goto out; |
| 856 | } | 860 | } |
| @@ -1052,9 +1056,10 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
| 1052 | crypt_stat->cipher, rc); | 1056 | crypt_stat->cipher, rc); |
| 1053 | goto out; | 1057 | goto out; |
| 1054 | } | 1058 | } |
| 1055 | if ((rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key, | 1059 | rc = virt_to_scatterlist(auth_tok->session_key.encrypted_key, |
| 1056 | auth_tok->session_key.encrypted_key_size, | 1060 | auth_tok->session_key.encrypted_key_size, |
| 1057 | &src_sg, 1)) != 1) { | 1061 | &src_sg, 1); |
| 1062 | if (rc != 1) { | ||
| 1058 | printk(KERN_ERR "Internal error whilst attempting to convert " | 1063 | printk(KERN_ERR "Internal error whilst attempting to convert " |
| 1059 | "auth_tok->session_key.encrypted_key to scatterlist; " | 1064 | "auth_tok->session_key.encrypted_key to scatterlist; " |
| 1060 | "expected rc = 1; got rc = [%d]. " | 1065 | "expected rc = 1; got rc = [%d]. " |
| @@ -1064,9 +1069,10 @@ decrypt_passphrase_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
| 1064 | } | 1069 | } |
| 1065 | auth_tok->session_key.decrypted_key_size = | 1070 | auth_tok->session_key.decrypted_key_size = |
| 1066 | auth_tok->session_key.encrypted_key_size; | 1071 | auth_tok->session_key.encrypted_key_size; |
| 1067 | if ((rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key, | 1072 | rc = virt_to_scatterlist(auth_tok->session_key.decrypted_key, |
| 1068 | auth_tok->session_key.decrypted_key_size, | 1073 | auth_tok->session_key.decrypted_key_size, |
| 1069 | &dst_sg, 1)) != 1) { | 1074 | &dst_sg, 1); |
| 1075 | if (rc != 1) { | ||
| 1070 | printk(KERN_ERR "Internal error whilst attempting to convert " | 1076 | printk(KERN_ERR "Internal error whilst attempting to convert " |
| 1071 | "auth_tok->session_key.decrypted_key to scatterlist; " | 1077 | "auth_tok->session_key.decrypted_key to scatterlist; " |
| 1072 | "expected rc = 1; got rc = [%d]\n", rc); | 1078 | "expected rc = 1; got rc = [%d]\n", rc); |
| @@ -1236,18 +1242,17 @@ find_next_matching_auth_tok: | |||
| 1236 | "Considering cadidate auth tok:\n"); | 1242 | "Considering cadidate auth tok:\n"); |
| 1237 | ecryptfs_dump_auth_tok(candidate_auth_tok); | 1243 | ecryptfs_dump_auth_tok(candidate_auth_tok); |
| 1238 | } | 1244 | } |
| 1239 | if ((rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig, | 1245 | rc = ecryptfs_get_auth_tok_sig(&candidate_auth_tok_sig, |
| 1240 | candidate_auth_tok))) { | 1246 | candidate_auth_tok); |
| 1247 | if (rc) { | ||
| 1241 | printk(KERN_ERR | 1248 | printk(KERN_ERR |
| 1242 | "Unrecognized candidate auth tok type: [%d]\n", | 1249 | "Unrecognized candidate auth tok type: [%d]\n", |
| 1243 | candidate_auth_tok->token_type); | 1250 | candidate_auth_tok->token_type); |
| 1244 | rc = -EINVAL; | 1251 | rc = -EINVAL; |
| 1245 | goto out_wipe_list; | 1252 | goto out_wipe_list; |
| 1246 | } | 1253 | } |
| 1247 | if ((rc = ecryptfs_find_auth_tok_for_sig( | 1254 | ecryptfs_find_auth_tok_for_sig(&matching_auth_tok, crypt_stat, |
| 1248 | &matching_auth_tok, crypt_stat, | 1255 | candidate_auth_tok_sig); |
| 1249 | candidate_auth_tok_sig))) | ||
| 1250 | rc = 0; | ||
| 1251 | if (matching_auth_tok) { | 1256 | if (matching_auth_tok) { |
| 1252 | found_auth_tok = 1; | 1257 | found_auth_tok = 1; |
| 1253 | goto found_matching_auth_tok; | 1258 | goto found_matching_auth_tok; |
| @@ -1605,9 +1610,9 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, | |||
| 1605 | ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n"); | 1610 | ecryptfs_printk(KERN_DEBUG, "Session key encryption key:\n"); |
| 1606 | ecryptfs_dump_hex(session_key_encryption_key, 16); | 1611 | ecryptfs_dump_hex(session_key_encryption_key, 16); |
| 1607 | } | 1612 | } |
| 1608 | if ((rc = virt_to_scatterlist(crypt_stat->key, | 1613 | rc = virt_to_scatterlist(crypt_stat->key, key_rec->enc_key_size, |
| 1609 | key_rec->enc_key_size, &src_sg, 1)) | 1614 | &src_sg, 1); |
| 1610 | != 1) { | 1615 | if (rc != 1) { |
| 1611 | ecryptfs_printk(KERN_ERR, "Error generating scatterlist " | 1616 | ecryptfs_printk(KERN_ERR, "Error generating scatterlist " |
| 1612 | "for crypt_stat session key; expected rc = 1; " | 1617 | "for crypt_stat session key; expected rc = 1; " |
| 1613 | "got rc = [%d]. key_rec->enc_key_size = [%d]\n", | 1618 | "got rc = [%d]. key_rec->enc_key_size = [%d]\n", |
| @@ -1615,9 +1620,9 @@ write_tag_3_packet(char *dest, size_t *remaining_bytes, | |||
| 1615 | rc = -ENOMEM; | 1620 | rc = -ENOMEM; |
| 1616 | goto out; | 1621 | goto out; |
| 1617 | } | 1622 | } |
| 1618 | if ((rc = virt_to_scatterlist(key_rec->enc_key, | 1623 | rc = virt_to_scatterlist(key_rec->enc_key, key_rec->enc_key_size, |
| 1619 | key_rec->enc_key_size, &dst_sg, 1)) | 1624 | &dst_sg, 1); |
| 1620 | != 1) { | 1625 | if (rc != 1) { |
| 1621 | ecryptfs_printk(KERN_ERR, "Error generating scatterlist " | 1626 | ecryptfs_printk(KERN_ERR, "Error generating scatterlist " |
| 1622 | "for crypt_stat encrypted session key; " | 1627 | "for crypt_stat encrypted session key; " |
| 1623 | "expected rc = 1; got rc = [%d]. " | 1628 | "expected rc = 1; got rc = [%d]. " |