| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Oct 2023 08:05:16 +0200
From: Hannes Reinecke <hare@...e.de>
To: Mark O'Donovan <shiftee@...teo.net>, linux-kernel@...r.kernel.org
Cc: linux-nvme@...ts.infradead.org, sagi@...mberg.me, hch@....de,
axboe@...nel.dk, kbusch@...nel.org,
Akash Appaiah <Akash.Appaiah@...l.com>
Subject: Re: [PATCH v3 1/3] nvme-auth: alloc nvme_dhchap_key as single buffer
On 10/17/23 00:58, Mark O'Donovan wrote:
> Co-developed-by: Akash Appaiah <Akash.Appaiah@...l.com>
> Signed-off-by: Akash Appaiah <Akash.Appaiah@...l.com>
> Signed-off-by: Mark O'Donovan <shiftee@...teo.net>
> ---
> drivers/nvme/common/auth.c | 26 +++++++++++++++-----------
> include/linux/nvme-auth.h | 3 ++-
> 2 files changed, 17 insertions(+), 12 deletions(-)
>
> diff --git a/drivers/nvme/common/auth.c b/drivers/nvme/common/auth.c
> index d90e4f0c08b7..225fc474e34a 100644
> --- a/drivers/nvme/common/auth.c
> +++ b/drivers/nvme/common/auth.c
> @@ -163,14 +163,9 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
> p = strrchr(secret, ':');
> if (p)
> allocated_len = p - secret;
> - key = kzalloc(sizeof(*key), GFP_KERNEL);
> + key = nvme_auth_alloc_key(allocated_len, 0);
> if (!key)
> return ERR_PTR(-ENOMEM);
> - key->key = kzalloc(allocated_len, GFP_KERNEL);
> - if (!key->key) {
> - ret = -ENOMEM;
> - goto out_free_key;
> - }
>
> key_len = base64_decode(secret, allocated_len, key->key);
> if (key_len < 0) {
> @@ -213,19 +208,28 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
> key->hash = key_hash;
> return key;
> out_free_secret:
> - kfree_sensitive(key->key);
> -out_free_key:
> - kfree(key);
> + nvme_auth_free_key(key);
> return ERR_PTR(ret);
> }
> EXPORT_SYMBOL_GPL(nvme_auth_extract_key);
>
> +struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash)
> +{
> + struct nvme_dhchap_key *key = kzalloc(len + sizeof(*key), GFP_KERNEL);
> +
> + if (key) {
> + key->len = len;
> + key->hash = hash;
> + }
> + return key;
> +}
> +EXPORT_SYMBOL_GPL(nvme_auth_alloc_key);
> +
> void nvme_auth_free_key(struct nvme_dhchap_key *key)
> {
> if (!key)
> return;
> - kfree_sensitive(key->key);
> - kfree(key);
> + kfree_sensitive(key);
> }
> EXPORT_SYMBOL_GPL(nvme_auth_free_key);
>
> diff --git a/include/linux/nvme-auth.h b/include/linux/nvme-auth.h
> index dcb8030062dd..df96940be930 100644
> --- a/include/linux/nvme-auth.h
> +++ b/include/linux/nvme-auth.h
> @@ -9,9 +9,9 @@
> #include <crypto/kpp.h>
>
> struct nvme_dhchap_key {
> - u8 *key;
> size_t len;
> u8 hash;
> + u8 key[];
> };
>
> u32 nvme_auth_get_seqnum(void);
> @@ -27,6 +27,7 @@ u8 nvme_auth_hmac_id(const char *hmac_name);
> struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret,
> u8 key_hash);
> void nvme_auth_free_key(struct nvme_dhchap_key *key);
> +struct nvme_dhchap_key *nvme_auth_alloc_key(u32 len, u8 hash);
> u8 *nvme_auth_transform_key(struct nvme_dhchap_key *key, char *nqn);
> int nvme_auth_generate_key(u8 *secret, struct nvme_dhchap_key **ret_key);
> int nvme_auth_augmented_challenge(u8 hmac_id, u8 *skey, size_t skey_len,
Good idea.
Reviewed-by: Hannes Reinecke <hare@...e.de>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@...e.de +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Ivo Totev, Andrew
Myers, Andrew McDonald, Martje Boudien Moerman
Powered by blists - more mailing lists