Re: [PATCH 3/3] nvmet-auth: Don't log DHCHAP shared secret in nvmet_auth_ctrl_sesskey()

Next message: Maximilian Pezzullo via B4 Relay: "[PATCH v2 1/2] igb: fix typos in comments"
Previous message: Hannes Reinecke: "Re: [PATCH 2/3] nvmet-auth: Don't log DHCHAP keys in nvmet_setup_auth()"
In reply to: Thorsten Blum: "[PATCH 3/3] nvmet-auth: Don't log DHCHAP shared secret in nvmet_auth_ctrl_sesskey()"
Next in thread: Thorsten Blum: "[PATCH 2/3] nvmet-auth: Don't log DHCHAP keys in nvmet_setup_auth()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hannes Reinecke

Date: Wed Mar 04 2026 - 02:21:08 EST

On 3/3/26 20:03, Thorsten Blum wrote:

When debug logging is enabled, nvmet_auth_ctrl_sesskey() logs the DHCHAP
shared secret. Remove the log to avoid exposing key material.

Fixes: 7a277c37d352 ("nvmet-auth: Diffie-Hellman key exchange support")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Thorsten Blum <thorsten.blum@xxxxxxxxx>
---
drivers/nvme/target/auth.c | 4 ----
1 file changed, 4 deletions(-)

diff --git a/drivers/nvme/target/auth.c b/drivers/nvme/target/auth.c
index f24add0bb86f..f62fed6bd897 100644
--- a/drivers/nvme/target/auth.c
+++ b/drivers/nvme/target/auth.c
@@ -544,10 +544,6 @@ int nvmet_auth_ctrl_sesskey(struct nvmet_req *req,
req->sq->dhchap_skey_len);
if (ret)
pr_debug("failed to compute shared secret, err %d\n", ret);
- else
- pr_debug("%s: shared secret %*ph\n", __func__,
- (int)req->sq->dhchap_skey_len,
- req->sq->dhchap_skey);
return ret;
}

As indicated in the previous patch, we should use a compile time option
to disable the messages.

Cheers,

Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@xxxxxxx +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich