nvme: sanitize nvme-gen-tls-key

Simplify the hostnqn / subsysnqn check and do not insert the key
if 'insert' is not specified.

Signed-off-by: Hannes Reinecke <hare@suse.de>

diff --git a/Documentation/nvme-gen-tls-key.txt b/Documentation/nvme-gen-tls-key.txt
index def8ecc09975a295f3db62d42a9dfa652ce69088..772c7bcb3c7297f0b8de6275533e0918af9064b3 100644 (file)
--- a/Documentation/nvme-gen-tls-key.txt
+++ b/Documentation/nvme-gen-tls-key.txt
@@ -22,8 +22,9 @@ DESCRIPTION
 -----------
 Generate a base64-encoded NVMe TLS pre-shared key (PSK).
 The resulting key is either printed in the PSK interchange format
-'NVMeTLSkey-1:01:<base64 encoded data>:',
-inserted as a 'retained' key into the specified keyring, or both.
+'NVMeTLSkey-1:01:<base64 encoded data>:' or inserted as a
+'retained' key into the specified keyring if the '--insert' option
+is given.
 When the PSK should be inserted into the keyring a 'retained' key
 is derived from the secret key material. The resulting 'retained'
 key is stored with the identity

diff --git a/nvme.c b/nvme.c
index 7c6bbe2cd3c1b6d59e6701efc9d5c69da9628c68..ba4e3d66da8edf0d11ddbc315ab4494ae8589586 100644 (file)
--- a/nvme.c
+++ b/nvme.c
@@ -8702,9 +8702,18 @@ static int gen_tls_key(int argc, char **argv, struct command *command, struct pl
                                cfg.identity);
                return -EINVAL;
        }
-       if (cfg.insert && !cfg.subsysnqn) {
-               nvme_show_error("No subsystem NQN specified");
-               return -EINVAL;
+       if (cfg.insert) {
+               if (!cfg.subsysnqn) {
+                       nvme_show_error("No subsystem NQN specified");
+                       return -EINVAL;
+               }
+               if (!cfg.hostnqn) {
+                       cfg.hostnqn = nvmf_hostnqn_from_file();
+                       if (!cfg.hostnqn) {
+                               nvme_show_error("Failed to read host NQN");
+                               return -EINVAL;
+                       }
+               }
        }
        if (cfg.hmac == 2)
                key_len = 48;
@@ -8736,19 +8745,7 @@ static int gen_tls_key(int argc, char **argv, struct command *command, struct pl
                }
        }
 
-       if (cfg.hostnqn && !cfg.subsysnqn) {
-               nvme_show_error("Need to specify subsystem NQN to insert a TLS key");
-               return -EINVAL;
-       }
-       if (cfg.subsysnqn) {
-               if (!cfg.hostnqn) {
-                       cfg.hostnqn = nvmf_hostnqn_from_file();
-                       if (!cfg.hostnqn) {
-                               nvme_show_error("Failed to read host NQN");
-                               return -EINVAL;
-                       }
-               }
-
+       if (cfg.insert) {
                tls_key = nvme_insert_tls_key_versioned(cfg.keyring,
                                        cfg.keytype, cfg.hostnqn,
                                        cfg.subsysnqn, cfg.identity,
@@ -8758,10 +8755,8 @@ static int gen_tls_key(int argc, char **argv, struct command *command, struct pl
                        return -errno;
                }
 
-               if (cfg.insert) {
-                       printf("Inserted TLS key %08x\n", (unsigned int)tls_key);
-                       return 0;
-               }
+               printf("Inserted TLS key %08x\n", (unsigned int)tls_key);
+               return 0;
        }
        crc = crc32(crc, raw_secret, key_len);
        raw_secret[key_len++] = crc & 0xff;