lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Jan 2020 15:06:50 -0800 From: Eric Biggers <ebiggers@...nel.org> To: linux-fscrypt@...r.kernel.org Cc: Daniel Rosenberg <drosen@...gle.com>, kernel-team@...roid.com, linux-kernel@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, linux-fsdevel@...r.kernel.org, linux-ext4@...r.kernel.org, Gabriel Krisman Bertazi <krisman@...labora.com>, linux-mtd@...ts.infradead.org, Richard Weinberger <richard@....at> Subject: Re: [PATCH v5 0/6] fscrypt preparations for encryption+casefolding On Mon, Jan 20, 2020 at 02:31:55PM -0800, Eric Biggers wrote: > This is a cleaned up and fixed version of the fscrypt patches to prepare > for directories that are both encrypted and casefolded. > > Patches 1-3 start deriving a SipHash key for the new dirhash method that > will be used by encrypted+casefolded directories. To avoid unnecessary > overhead, we only do this if the directory is actually casefolded. > > Patch 4 fixes a bug in UBIFS where it didn't gracefully handle invalid > hash values in fscrypt no-key names. This is an existing bug, but the > new fscrypt no-key name format (patch 6) made it much easier to trigger; > it started being hit by 'kvm-xfstests -c ubifs -g encrypt'. > > Patch 5 updates UBIFS to make it ready for the new fscrypt no-key name > format that always includes the dirhash. > > Patch 6 modifies the fscrypt no-key names to always include the dirhash, > since with the new dirhash method the dirhash will no longer be > computable from the ciphertext filename without the key. It also fixes > a longstanding issue where there could be collisions in the no-key > names, due to not using a proper cryptographic hash to abbreviate names. > > For more information see the main patch series, which includes the > filesystem-specific changes: > https://lkml.kernel.org/linux-fscrypt/20200117214246.235591-1-drosen@google.com/T/#u > > This applies to fscrypt.git#master. > > Changed v4 => v5: > - Fixed UBIFS encryption to work with the new no-key name format. I've applied this series to fscrypt.git#master; however I'd still like Acked-bys from the UBIFS maintainers on the two UBIFS patches, as well as more Reviewed-bys from anyone interested. If I don't hear anything from anyone, I might drop these to give more time, especially if there isn't an v5.5-rc8. - Eric
Powered by blists - more mailing lists