diff options
| author | Martin Wilck <mwilck@suse.com> | 2023-09-04 17:26:38 +0200 |
|---|---|---|
| committer | Keith Busch <kbusch@kernel.org> | 2023-10-10 08:06:06 -0700 |
| commit | 4ae55a7dce04989f289d5c5c8c8e5c37adc36c71 (patch) | |
| tree | e2b748477a682cfdc6b64b6fd5d5777dd39cc804 /lib/crypto/mpi/mpiutil.c | |
| parent | d920abd1e7c4884f9ecd0749d1921b7ab19ddfbd (diff) | |
nvme-auth: use chap->s2 to indicate bidirectional authentication
Commit 546dea18c999 ("nvme-auth: check chap ctrl_key once constructed")
replaced the condition "if (ctrl->ctrl_key)" (indicating bidirectional
auth) by "if (chap->ctrl_key)", because ctrl->ctrl_key is a resource shared
with sysfs. But chap->ctrl_key is set in
nvme_auth_process_dhchap_challenge() depending on the DHVLEN in the
DH-HMAC-CHAP Challenge message received from the controller, and will thus
be non-NULL for every DH-HMAC-CHAP exchange, even if unidirectional auth
was requested. This will lead to a protocol violation by sending a Success2
message in the unidirectional case (per NVMe base spec 2.0, the
authentication transaction ends after the Success1 message for
unidirectional auth). Use chap->s2 instead, which is non-zero if and only
if the host requested bi-directional authentication from the controller.
Fixes: 546dea18c999 ("nvme-auth: check chap ctrl_key once constructed")
Signed-off-by: Martin Wilck <mwilck@suse.com>
Reviewed-by: Daniel Wagner <dwagner@suse.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <kbusch@kernel.org>
Diffstat (limited to 'lib/crypto/mpi/mpiutil.c')
0 files changed, 0 insertions, 0 deletions