tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

nvme-auth: common: explicitly verify psk_len == hash_len

nvme_auth_derive_tls_psk() is always called with psk_len == hash_len.
And based on the comments above nvme_auth_generate_psk() and
nvme_auth_derive_tls_psk(), this isn't an implementation choice but
rather just the length the spec uses. Add a check which makes this
explicit, so that when cleaning up nvme_auth_derive_tls_psk() we don't
have to retain support for arbitrary values of psk_len.

Acked-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Keith Busch <kbusch@kernel.org>

authored by

Eric Biggers and committed by
Keith Busch 4454820b 0beeca72

+5
+5
drivers/nvme/common/auth.c
··· 788 788 return -EINVAL; 789 789 } 790 790 791 + if (psk_len != nvme_auth_hmac_hash_len(hmac_id)) { 792 + pr_warn("%s: unexpected psk_len %zu\n", __func__, psk_len); 793 + return -EINVAL; 794 + } 795 + 791 796 hmac_tfm = crypto_alloc_shash(hmac_name, 0, 0); 792 797 if (IS_ERR(hmac_tfm)) 793 798 return PTR_ERR(hmac_tfm);