Allow dash and underscore chars in external token names.

Current alphabet for external token types is alphanumeric
characters including '-' and '_'. Empty strings are also
forbiden.

lib/luks2/luks2.h

@@ -44,6 +44,8 @@
 #define LUKS2_BUILTIN_TOKEN_PREFIX "luks2-"
 #define LUKS2_BUILTIN_TOKEN_PREFIX_LEN 6
 
+#define LUKS2_TOKEN_NAME_MAX 64
+
 #define LUKS2_TOKEN_KEYRING LUKS2_BUILTIN_TOKEN_PREFIX "keyring"
 
 #define LUKS2_DIGEST_MAX 8

lib/luks2/luks2_token.c

@@ -93,6 +93,20 @@ static bool token_validate_v2(struct crypt_device *cd, const struct crypt_token_
 
 	return true;
 }
+
+static bool external_token_name_valid(const char *name)
+{
+	if (!*name || strlen(name) > LUKS2_TOKEN_NAME_MAX)
+		return false;
+
+	while (*name) {
+		if (!isalnum(*name) && *name != '-' && *name != '_')
+			return false;
+		name++;
+	}
+
+	return true;
+}
 #endif
 
 static int
@@ -102,16 +116,17 @@ crypt_token_load_external(struct crypt_device *cd, const char *name, struct cryp
 	struct crypt_token_handler_v2 *token;
 	void *h;
 	char buf[512];
-	int i, r;
+	int r;
 
-	if (!ret || !name || strlen(name) > 64)
+	if (!ret || !name)
 		return -EINVAL;
 
-	token = &ret->u.v2;
+	if (!external_token_name_valid(name)) {
+		log_dbg(cd, "External token name (%.*s) invalid.", LUKS2_TOKEN_NAME_MAX, name);
+		return -EINVAL;
+	}
 
-	for (i = 0; name[i]; i++)
+	token = &ret->u.v2;
-		if (!isalnum(name[i]))
-			return -EINVAL;
 
 	r = snprintf(buf, sizeof(buf), "libcryptsetup-token-%s.so", name);
 	if (r < 0 || (size_t)r >= sizeof(buf))