The Linux Kernel Mailing List
 help / color / mirror / Atom feed
* [PATCH v1 0/1] nvme-auth: constant-time DH-HMAC-CHAP response comparison
@ 2026-07-01  6:30 Xixin Liu
  2026-07-01  6:30 ` [PATCH v1 1/1] nvme-auth: use crypto_memneq for " Xixin Liu
  0 siblings, 1 reply; 4+ messages in thread
From: Xixin Liu @ 2026-07-01  6:30 UTC (permalink / raw)
  To: linux-nvme; +Cc: kbusch, axboe, hch, sagi, kch, hare, linux-kernel, liuxixin

DH-HMAC-CHAP compares HMAC digests during in-band authentication.  The
host and target paths currently use memcmp(), which may short-circuit on
the first differing byte and leak timing information to a remote party.

This series switches both security-sensitive comparisons to
crypto_memneq().  Non-secret memcmp() uses (fixed prefix strings, NGUID
checks) are unchanged.

Xixin Liu (1):
  nvme-auth: use crypto_memneq for DH-HMAC-CHAP response comparison

 drivers/nvme/host/auth.c               | 3 ++-
 drivers/nvme/target/fabrics-cmd-auth.c | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)
-- 
2.43.0


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2026-07-03  6:24 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-01  6:30 [PATCH v1 0/1] nvme-auth: constant-time DH-HMAC-CHAP response comparison Xixin Liu
2026-07-01  6:30 ` [PATCH v1 1/1] nvme-auth: use crypto_memneq for " Xixin Liu
2026-07-02 14:13   ` Christoph Hellwig
2026-07-03  6:24   ` Hannes Reinecke

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox