From: Mike Halcrow <mhalcrow@us.ibm.com>

Remove the hard-coded key size and use the one specified through the mount
parameter.

Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 fs/ecryptfs/crypto.c |   34 +++++++++++++++++++++-------------
 1 file changed, 21 insertions(+), 13 deletions(-)

diff -puN fs/ecryptfs/crypto.c~ecryptfs-set-the-key-size-from-the-default-for-the-mount fs/ecryptfs/crypto.c
--- a/fs/ecryptfs/crypto.c~ecryptfs-set-the-key-size-from-the-default-for-the-mount
+++ a/fs/ecryptfs/crypto.c
@@ -745,8 +745,10 @@ int ecryptfs_init_crypt_ctx(struct ecryp
 		goto out;
 	}
 	ecryptfs_printk(KERN_DEBUG,
-			"Initializing cipher [%s]; strlen = [%d]\n",
-			crypt_stat->cipher, (int)strlen(crypt_stat->cipher));
+			"Initializing cipher [%s]; strlen = [%d]; "
+			"key_size_bits = [%d]\n",
+			crypt_stat->cipher, (int)strlen(crypt_stat->cipher),
+			crypt_stat->key_size_bits);
 	if (crypt_stat->tfm) {
 		rc = 0;
 		goto out;
@@ -831,6 +833,18 @@ out:
 	return rc;
 }
 
+static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)
+{
+	get_random_bytes(crypt_stat->key, (crypt_stat->key_size_bits >> 3));
+	ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID);
+	ecryptfs_compute_root_iv(crypt_stat);
+	if (unlikely(ecryptfs_verbosity > 0)) {
+		ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");
+		ecryptfs_dump_hex(crypt_stat->key,
+				  crypt_stat->key_size_bits / 8);
+	}
+}
+
 /**
  * ecryptfs_set_default_crypt_stat_vals
  * @crypt_stat
@@ -840,19 +854,10 @@ out:
 static void
 ecryptfs_set_default_crypt_stat_vals(struct ecryptfs_crypt_stat *crypt_stat)
 {
-	int key_size_bits = ECRYPTFS_DEFAULT_KEY_BYTES * 8;
-
 	ecryptfs_set_default_sizes(crypt_stat);
 	strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
-	crypt_stat->key_size_bits = key_size_bits;
-	get_random_bytes(crypt_stat->key, key_size_bits / 8);
-	ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID);
-	ecryptfs_compute_root_iv(crypt_stat);
-	if (unlikely(ecryptfs_verbosity > 0)) {
-		ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");
-		ecryptfs_dump_hex(crypt_stat->key,
-				  crypt_stat->key_size_bits / 8);
-	}
+	crypt_stat->key_size_bits = ECRYPTFS_DEFAULT_KEY_BYTES << 3;
+	ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID);
 	crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
 }
 
@@ -902,6 +907,9 @@ int ecryptfs_new_file_context(struct den
 		       mount_crypt_stat->global_default_cipher_name,
 		       cipher_name_len);
 		crypt_stat->cipher[cipher_name_len] = '\0';
+		crypt_stat->key_size_bits =
+			mount_crypt_stat->global_default_cipher_key_bits;
+		ecryptfs_generate_new_key(crypt_stat);
 	} else
 		/* We should not encounter this scenario since we
 		 * should detect lack of global_auth_tok at mount time
_