The following changes since commit fd6988496e79a6a4bdb514a4655d2920209eb85d: Linux 5.5-rc4 (2019-12-29 15:29:16 -0800) are available in the Git repository at: https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git tags/fscrypt-for-linus for you to fetch changes up to edc440e3d27fb31e6f9663cf413fad97d714c060: fscrypt: improve format of no-key names (2020-01-22 14:50:03 -0800) ---------------------------------------------------------------- - Extend the FS_IOC_ADD_ENCRYPTION_KEY ioctl to allow the raw key to be provided via a keyring key. - Prepare for the new dirhash method (SipHash of plaintext name) that will be used by directories that are both encrypted and casefolded. - Switch to a new format for "no-key names" that prepares for the new dirhash method, and also fixes a longstanding bug where multiple filenames could map to the same no-key name. - Allow the crypto algorithms used by fscrypt to be built as loadable modules when the fscrypt-capable filesystems are. - Optimize fscrypt_zeroout_range(). - Various cleanups. ---------------------------------------------------------------- Daniel Rosenberg (3): fscrypt: don't allow v1 policies with casefolding fscrypt: derive dirhash key for casefolded directories fscrypt: improve format of no-key names Eric Biggers (22): fscrypt: support passing a keyring key to FS_IOC_ADD_ENCRYPTION_KEY fscrypt: use crypto_skcipher_driver_name() fscrypt: verify that the crypto_skcipher has the correct ivsize fscrypt: constify struct fscrypt_hkdf parameter to fscrypt_hkdf_expand() fscrypt: constify inode parameter to filename encryption functions fscrypt: move fscrypt_d_revalidate() to fname.c fscrypt: introduce fscrypt_needs_contents_encryption() fscrypt: split up fscrypt_supported_policy() by policy version fscrypt: check for appropriate use of DIRECT_KEY flag earlier fscrypt: move fscrypt_valid_enc_modes() to policy.c fscrypt: remove fscrypt_is_direct_key_policy() fscrypt: don't check for ENOKEY from fscrypt_get_encryption_info() fscrypt: include <linux/ioctl.h> in UAPI header fscrypt: remove redundant bi_status check fscrypt: optimize fscrypt_zeroout_range() fscrypt: document gfp_flags for bounce page allocation ubifs: use IS_ENCRYPTED() instead of ubifs_crypt_is_encrypted() fscrypt: don't print name of busy file when removing key fscrypt: add "fscrypt_" prefix to fname_encrypt() fscrypt: clarify what is meant by a per-file key ubifs: don't trigger assertion on invalid no-key filename ubifs: allow both hash and disk name to be provided in no-key names Herbert Xu (1): fscrypt: Allow modular crypto algorithms Documentation/filesystems/fscrypt.rst | 75 ++++++-- fs/crypto/Kconfig | 22 ++- fs/crypto/bio.c | 114 ++++++++---- fs/crypto/crypto.c | 57 +----- fs/crypto/fname.c | 316 +++++++++++++++++++++++++++------- fs/crypto/fscrypt_private.h | 58 +++---- fs/crypto/hkdf.c | 2 +- fs/crypto/hooks.c | 47 ++++- fs/crypto/keyring.c | 147 +++++++++++++--- fs/crypto/keysetup.c | 102 ++++++----- fs/crypto/keysetup_v1.c | 19 +- fs/crypto/policy.c | 170 ++++++++++++------ fs/ext4/Kconfig | 1 + fs/ext4/dir.c | 2 +- fs/f2fs/Kconfig | 1 + fs/f2fs/dir.c | 2 +- fs/inode.c | 3 +- fs/ubifs/Kconfig | 1 + fs/ubifs/dir.c | 16 +- fs/ubifs/file.c | 4 +- fs/ubifs/journal.c | 10 +- fs/ubifs/key.h | 1 - fs/ubifs/ubifs.h | 7 - include/linux/fscrypt.h | 122 +++++-------- include/uapi/linux/fscrypt.h | 14 +- 25 files changed, 864 insertions(+), 449 deletions(-)