lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200128014653.GA960@sol.localdomain>
Date:   Mon, 27 Jan 2020 17:46:53 -0800
From:   Eric Biggers <ebiggers@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-fscrypt@...r.kernel.org, linux-ext4@...r.kernel.org,
        linux-f2fs-devel@...ts.sourceforge.net,
        linux-mtd@...ts.infradead.org, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org, Theodore Ts'o <tytso@....edu>,
        Jaegeuk Kim <jaegeuk@...nel.org>,
        Daniel Rosenberg <drosen@...gle.com>
Subject: [GIT PULL] fscrypt updates for 5.6

The following changes since commit fd6988496e79a6a4bdb514a4655d2920209eb85d:

  Linux 5.5-rc4 (2019-12-29 15:29:16 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git tags/fscrypt-for-linus

for you to fetch changes up to edc440e3d27fb31e6f9663cf413fad97d714c060:

  fscrypt: improve format of no-key names (2020-01-22 14:50:03 -0800)

----------------------------------------------------------------

- Extend the FS_IOC_ADD_ENCRYPTION_KEY ioctl to allow the raw key to be
  provided via a keyring key.

- Prepare for the new dirhash method (SipHash of plaintext name) that
  will be used by directories that are both encrypted and casefolded.

- Switch to a new format for "no-key names" that prepares for the new
  dirhash method, and also fixes a longstanding bug where multiple
  filenames could map to the same no-key name.

- Allow the crypto algorithms used by fscrypt to be built as loadable
  modules when the fscrypt-capable filesystems are.

- Optimize fscrypt_zeroout_range().

- Various cleanups.

----------------------------------------------------------------
Daniel Rosenberg (3):
      fscrypt: don't allow v1 policies with casefolding
      fscrypt: derive dirhash key for casefolded directories
      fscrypt: improve format of no-key names

Eric Biggers (22):
      fscrypt: support passing a keyring key to FS_IOC_ADD_ENCRYPTION_KEY
      fscrypt: use crypto_skcipher_driver_name()
      fscrypt: verify that the crypto_skcipher has the correct ivsize
      fscrypt: constify struct fscrypt_hkdf parameter to fscrypt_hkdf_expand()
      fscrypt: constify inode parameter to filename encryption functions
      fscrypt: move fscrypt_d_revalidate() to fname.c
      fscrypt: introduce fscrypt_needs_contents_encryption()
      fscrypt: split up fscrypt_supported_policy() by policy version
      fscrypt: check for appropriate use of DIRECT_KEY flag earlier
      fscrypt: move fscrypt_valid_enc_modes() to policy.c
      fscrypt: remove fscrypt_is_direct_key_policy()
      fscrypt: don't check for ENOKEY from fscrypt_get_encryption_info()
      fscrypt: include <linux/ioctl.h> in UAPI header
      fscrypt: remove redundant bi_status check
      fscrypt: optimize fscrypt_zeroout_range()
      fscrypt: document gfp_flags for bounce page allocation
      ubifs: use IS_ENCRYPTED() instead of ubifs_crypt_is_encrypted()
      fscrypt: don't print name of busy file when removing key
      fscrypt: add "fscrypt_" prefix to fname_encrypt()
      fscrypt: clarify what is meant by a per-file key
      ubifs: don't trigger assertion on invalid no-key filename
      ubifs: allow both hash and disk name to be provided in no-key names

Herbert Xu (1):
      fscrypt: Allow modular crypto algorithms

 Documentation/filesystems/fscrypt.rst |  75 ++++++--
 fs/crypto/Kconfig                     |  22 ++-
 fs/crypto/bio.c                       | 114 ++++++++----
 fs/crypto/crypto.c                    |  57 +-----
 fs/crypto/fname.c                     | 316 +++++++++++++++++++++++++++-------
 fs/crypto/fscrypt_private.h           |  58 +++----
 fs/crypto/hkdf.c                      |   2 +-
 fs/crypto/hooks.c                     |  47 ++++-
 fs/crypto/keyring.c                   | 147 +++++++++++++---
 fs/crypto/keysetup.c                  | 102 ++++++-----
 fs/crypto/keysetup_v1.c               |  19 +-
 fs/crypto/policy.c                    | 170 ++++++++++++------
 fs/ext4/Kconfig                       |   1 +
 fs/ext4/dir.c                         |   2 +-
 fs/f2fs/Kconfig                       |   1 +
 fs/f2fs/dir.c                         |   2 +-
 fs/inode.c                            |   3 +-
 fs/ubifs/Kconfig                      |   1 +
 fs/ubifs/dir.c                        |  16 +-
 fs/ubifs/file.c                       |   4 +-
 fs/ubifs/journal.c                    |  10 +-
 fs/ubifs/key.h                        |   1 -
 fs/ubifs/ubifs.h                      |   7 -
 include/linux/fscrypt.h               | 122 +++++--------
 include/uapi/linux/fscrypt.h          |  14 +-
 25 files changed, 864 insertions(+), 449 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ