[PATCH 06/13] nvme-keyring: restrict match length for version '1' identifiers
hare at kernel.org
hare at kernel.org
Sat Jan 27 01:30:51 PST 2024
From: Hannes Reinecke <hare at suse.de>
TP8018 changed the TLS PSK identifiers to append a PSK hash value,
so to lookup any version '1' identifiers we need to restrict the
match length to exclude the PSK hash value (which we don't have
when looking up keys).
Signed-off-by: Hannes Reinecke <hare at suse.de>
---
drivers/nvme/common/keyring.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/drivers/nvme/common/keyring.c b/drivers/nvme/common/keyring.c
index c16f9496643f..51b99b34e100 100644
--- a/drivers/nvme/common/keyring.c
+++ b/drivers/nvme/common/keyring.c
@@ -44,6 +44,27 @@ static bool nvme_tls_psk_match(const struct key *key,
return false;
}
match_id = match_data->raw_data;
+ if (memcmp(match_id, "NVMe1", 5)) {
+ char *e = (char *)match_id;
+ size_t offset = 0;
+ int n = 0;
+
+ while (*e != ' ' && offset < match_len) {
+ if (*e == ' ') {
+ n++;
+ if (n == 3)
+ break;
+ }
+ e++;
+ offset++;
+ }
+ if (n != 3) {
+ pr_debug("%s: error parsing '%s'\n",
+ __func__, match_id);
+ return false;
+ }
+ match_len = offset;
+ }
pr_debug("%s: match '%s' '%s' len %zd\n",
__func__, match_id, key->description, match_len);
return !memcmp(key->description, match_id, match_len);
--
2.35.3
More information about the Linux-nvme
mailing list