[PATCH v1 1/1] nvme-auth: use crypto_memneq for DH-HMAC-CHAP response comparison

Hannes Reinecke hare at suse.de
Thu Jul 2 23:24:15 PDT 2026


On 7/1/26 8:30 AM, Xixin Liu wrote:
> DH-HMAC-CHAP authentication compares HMAC response digests with memcmp().
> Standard memcmp() may stop at the first differing byte, which can leak
> timing information to a remote attacker and allow incremental recovery
> of the expected digest.
> 
> Use crypto_memneq() for constant-time comparison on both the host path
> that validates the controller Success1 response and the target path that
> validates the host Reply digest.  Other memcmp() uses in the NVMe auth
> code (e.g. fixed string prefix checks) are not security-sensitive and
> are left unchanged.
> 
> Signed-off-by: Xixin Liu <liuxixin at kylinos.cn>
> ---
>   drivers/nvme/host/auth.c                 | 3 ++-
>   drivers/nvme/target/fabrics-cmd-auth.c   | 3 ++-
>   2 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/nvme/host/auth.c b/drivers/nvme/host/auth.c
> index 111111111111..222222222222 100644
> --- a/drivers/nvme/host/auth.c
> +++ b/drivers/nvme/host/auth.c
> @@ -8,6 +8,7 @@
>   #include <linux/prandom.h>
>   #include <linux/unaligned.h>
>   #include <crypto/dh.h>
> +#include <crypto/utils.h>
>   #include "nvme.h"
>   #include "fabrics.h"
>   #include <linux/nvme-auth.h>
> @@ -361,7 +362,7 @@ static int nvme_auth_process_dhchap_success1(struct nvme_ctrl *ctrl,
>   		return 0;
>   
>   	/* Validate controller response */
> -	if (memcmp(chap->response, data->rval, data->hl)) {
> +	if (crypto_memneq(chap->response, data->rval, data->hl)) {
>   		dev_dbg(ctrl->device, "%s: qid %d ctrl response %*ph\n",
>   			__func__, chap->qid, (int)chap->hash_len, data->rval);
>   		dev_dbg(ctrl->device, "%s: qid %d host response %*ph\n",
> diff --git a/drivers/nvme/target/fabrics-cmd-auth.c b/drivers/nvme/target/fabrics-cmd-auth.c
> index 333333333333..444444444444 100644
> --- a/drivers/nvme/target/fabrics-cmd-auth.c
> +++ b/drivers/nvme/target/fabrics-cmd-auth.c
> @@ -8,6 +8,7 @@
>   #include <linux/random.h>
>   #include <linux/nvme-auth.h>
>   #include <crypto/kpp.h>
> +#include <crypto/utils.h>
>   #include "nvmet.h"
>   
>   static void nvmet_auth_expired_work(struct work_struct *work)
> @@ -177,7 +178,7 @@ static u16 nvmet_auth_reply(struct nvmet_req *req,
>   		return NVME_AUTH_DHCHAP_FAILURE_FAILED;
>   	}
>   
> -	if (memcmp(data->rval, response, data->hl)) {
> +	if (crypto_memneq(data->rval, response, data->hl)) {
>   		pr_info("ctrl %d qid %d host response mismatch\n",
>   			ctrl->cntlid, req->sq->qid);
>   		pr_debug("ctrl %d qid %d rval %*ph\n",

Reviewed-by: Hannes Reinecke <hare at kernel.org>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare at suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich



More information about the Linux-nvme mailing list