From 02448cb973a7c22a61fd7fa49b97ff5d597fec1d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 17 Nov 2024 07:43:39 +0100 Subject: Merging upstream version 1.11.1. Signed-off-by: Daniel Baumann --- src/nvme/fabrics.c | 22 ++++++++++++---------- src/nvme/linux.c | 38 ++++++++++++++++++++++++-------------- src/nvme/types.h | 2 ++ 3 files changed, 38 insertions(+), 24 deletions(-) (limited to 'src') diff --git a/src/nvme/fabrics.c b/src/nvme/fabrics.c index 69acf04..6aa62ee 100644 --- a/src/nvme/fabrics.c +++ b/src/nvme/fabrics.c @@ -627,17 +627,19 @@ static int build_options(nvme_host_t h, nvme_ctrl_t c, char **argstr) ctrlkey = nvme_ctrl_get_dhchap_key(c); - ret = __nvme_import_keys_from_config(h, c, &keyring_id, &key_id); - if (ret) { - errno = -ret; - return -1; - } + if (cfg->tls) { + ret = __nvme_import_keys_from_config(h, c, &keyring_id, &key_id); + if (ret) { + errno = -ret; + return -1; + } - if (key_id == 0) { - if (cfg->tls_configured_key) - key_id = cfg->tls_configured_key; - else - key_id = cfg->tls_key; + if (key_id == 0) { + if (cfg->tls_configured_key) + key_id = cfg->tls_configured_key; + else + key_id = cfg->tls_key; + } } if (add_argument(r, argstr, transport, transport) || diff --git a/src/nvme/linux.c b/src/nvme/linux.c index e74fac2..a9ba58b 100644 --- a/src/nvme/linux.c +++ b/src/nvme/linux.c @@ -881,14 +881,14 @@ int nvme_gen_dhchap_key(char *hostnqn, enum nvme_hmac_alg hmac, } static int derive_psk_digest(const char *hostnqn, const char *subsysnqn, - int version, int hmac, + int version, int cipher, unsigned char *retained, size_t key_len, char *digest, size_t digest_len) { static const char hmac_seed[] = "NVMe-over-Fabrics"; - const EVP_MD *md = select_hmac(hmac, &hmac_len); _cleanup_hmac_ctx_ HMAC_CTX *hmac_ctx = NULL; _cleanup_free_ unsigned char *psk_ctx = NULL; + const EVP_MD *md; size_t hmac_len; size_t len; @@ -1517,9 +1517,9 @@ long nvme_revoke_tls_key(const char *keyring, const char *key_type, return keyctl_revoke(key); } -static int __nvme_insert_tls_key(long keyring_id, - const char *hostnqn, const char *subsysnqn, - const char *identity, const char *key) +static long __nvme_insert_tls_key(long keyring_id, + const char *hostnqn, const char *subsysnqn, + const char *identity, const char *key) { _cleanup_free_ unsigned char *key_data = NULL; unsigned char version; @@ -1554,7 +1554,7 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c, const char *hostnqn = nvme_host_get_hostnqn(h); const char *subsysnqn = nvme_ctrl_get_subsysnqn(c); const char *keyring, *key, *identity; - long kr_id, id = 0; + long kr_id = 0, id = 0; if (!hostnqn || !subsysnqn) { nvme_msg(h->r, LOG_ERR, "Invalid NQNs (%s, %s)\n", @@ -1562,10 +1562,17 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c, return -EINVAL; } + /* If we don't have a key avoid all keyring operations */ + key = nvme_ctrl_get_tls_key(c); + if (!key) + goto out; + keyring = nvme_ctrl_get_keyring(c); - if (keyring) + if (keyring) { kr_id = nvme_lookup_keyring(keyring); - else + if (kr_id == 0) + return -errno; + } else kr_id = c->cfg.keyring; /* @@ -1573,18 +1580,17 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c, * keyring to connect command line and to the JSON config output. * That means we are explicitly selecting the keyring. */ - if (!kr_id) + if (!kr_id) { kr_id = nvme_lookup_keyring(".nvme"); + if (kr_id == 0) + return -errno; + } if (nvme_set_keyring(kr_id) < 0) { nvme_msg(h->r, LOG_ERR, "Failed to set keyring\n"); return -errno; } - key = nvme_ctrl_get_tls_key(c); - if (!key) - return 0; - identity = nvme_ctrl_get_tls_key_identity(c); if (identity) id = nvme_lookup_key("psk", identity); @@ -1599,6 +1605,7 @@ int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c, return -errno; } +out: *keyring_id = kr_id; *key_id = id; @@ -1681,7 +1688,10 @@ long nvme_revoke_tls_key(const char *keyring, const char *key_type, int __nvme_import_keys_from_config(nvme_host_t h, nvme_ctrl_t c, long *keyring_id, long *key_id) { - return -ENOTSUP; + *keyring_id = 0; + *key_id = 0; + + return 0; } #endif diff --git a/src/nvme/types.h b/src/nvme/types.h index 7d143d3..fdc4652 100644 --- a/src/nvme/types.h +++ b/src/nvme/types.h @@ -1711,6 +1711,7 @@ enum nvme_id_ctrl_oaes { * @NVME_CTRL_CTRATT_ELBAS: Extended LBA Formats supported * @NVME_CTRL_CTRATT_MEM: MDTS and Size Limits Exclude Metadata supported * @NVME_CTRL_CTRATT_HMBR: HMB Restrict Non-Operational Power State Access + * @NVME_CTRL_CTRATT_RHII: Reservations and Host Identifier Interaction * @NVME_CTRL_CTRATT_FDPS: Flexible Data Placement supported */ enum nvme_id_ctrl_ctratt { @@ -1732,6 +1733,7 @@ enum nvme_id_ctrl_ctratt { NVME_CTRL_CTRATT_ELBAS = 1 << 15, NVME_CTRL_CTRATT_MEM = 1 << 16, NVME_CTRL_CTRATT_HMBR = 1 << 17, + NVME_CTRL_CTRATT_RHII = 1 << 18, NVME_CTRL_CTRATT_FDPS = 1 << 19, }; -- cgit v1.2.3