www.infradead.org Git - users/hch/block.git/commit

author	Hannes Reinecke <hare@kernel.org>
	Mon, 22 Jul 2024 12:02:19 +0000 (14:02 +0200)
committer	Keith Busch <kbusch@kernel.org>
	Thu, 22 Aug 2024 20:22:41 +0000 (13:22 -0700)
commit	363895767fbfa05891b0b4d9e06ebde7a10c6a07
tree	5c9fff476db0a50249e2fe8e8da7cc9a0a4b54d2	tree
parent	79559c75332458985ab8a21f11b08bf7c9b833b0	commit \| diff

nvme-tcp: sanitize TLS key handling

There is a difference between TLS configured (ie the user has
provisioned/requested a key) and TLS enabled (ie the connection
is encrypted with TLS). This becomes important for secure concatenation,
where the initial authentication is run on an unencrypted connection
(ie with TLS configured, but not enabled), and then the queue is reset to
run over TLS (ie TLS configured _and_ enabled).
So to differentiate between those two states store the generated
key in opts->tls_key (as we're using the same TLS key for all queues),
the key serial of the resulting TLS handshake in ctrl->tls_pskid
(to signal that TLS on the admin queue is enabled), and a simple
flag for the queues to indicated that TLS has been enabled.

Signed-off-by: Hannes Reinecke <hare@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <kbusch@kernel.org>

drivers/nvme/host/core.c		diff \| blob \| history
drivers/nvme/host/nvme.h		diff \| blob \| history
drivers/nvme/host/sysfs.c		diff \| blob \| history
drivers/nvme/host/tcp.c		diff \| blob \| history