aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--drivers/block/drbd/drbd_receiver.c31
1 files changed, 22 insertions, 9 deletions
diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
index dbd451984e0d..e3716fadc6a5 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
@@ -878,9 +878,13 @@ retry:
878 878
879 if (mdev->cram_hmac_tfm) { 879 if (mdev->cram_hmac_tfm) {
880 /* drbd_request_state(mdev, NS(conn, WFAuth)); */ 880 /* drbd_request_state(mdev, NS(conn, WFAuth)); */
881 if (!drbd_do_auth(mdev)) { 881 switch (drbd_do_auth(mdev)) {
882 case -1:
882 dev_err(DEV, "Authentication of peer failed\n"); 883 dev_err(DEV, "Authentication of peer failed\n");
883 return -1; 884 return -1;
885 case 0:
886 dev_err(DEV, "Authentication of peer failed, trying again.\n");
887 return 0;
884 } 888 }
885 } 889 }
886 890
@@ -3831,10 +3835,17 @@ static int drbd_do_auth(struct drbd_conf *mdev)
3831{ 3835{
3832 dev_err(DEV, "This kernel was build without CONFIG_CRYPTO_HMAC.\n"); 3836 dev_err(DEV, "This kernel was build without CONFIG_CRYPTO_HMAC.\n");
3833 dev_err(DEV, "You need to disable 'cram-hmac-alg' in drbd.conf.\n"); 3837 dev_err(DEV, "You need to disable 'cram-hmac-alg' in drbd.conf.\n");
3834 return 0; 3838 return -1;
3835} 3839}
3836#else 3840#else
3837#define CHALLENGE_LEN 64 3841#define CHALLENGE_LEN 64
3842
3843/* Return value:
3844 1 - auth succeeded,
3845 0 - failed, try again (network error),
3846 -1 - auth failed, don't try again.
3847*/
3848
3838static int drbd_do_auth(struct drbd_conf *mdev) 3849static int drbd_do_auth(struct drbd_conf *mdev)
3839{ 3850{
3840 char my_challenge[CHALLENGE_LEN]; /* 64 Bytes... */ 3851 char my_challenge[CHALLENGE_LEN]; /* 64 Bytes... */
@@ -3855,7 +3866,7 @@ static int drbd_do_auth(struct drbd_conf *mdev)
3855 (u8 *)mdev->net_conf->shared_secret, key_len); 3866 (u8 *)mdev->net_conf->shared_secret, key_len);
3856 if (rv) { 3867 if (rv) {
3857 dev_err(DEV, "crypto_hash_setkey() failed with %d\n", rv); 3868 dev_err(DEV, "crypto_hash_setkey() failed with %d\n", rv);
3858 rv = 0; 3869 rv = -1;
3859 goto fail; 3870 goto fail;
3860 } 3871 }
3861 3872
@@ -3878,14 +3889,14 @@ static int drbd_do_auth(struct drbd_conf *mdev)
3878 3889
3879 if (p.length > CHALLENGE_LEN*2) { 3890 if (p.length > CHALLENGE_LEN*2) {
3880 dev_err(DEV, "expected AuthChallenge payload too big.\n"); 3891 dev_err(DEV, "expected AuthChallenge payload too big.\n");
3881 rv = 0; 3892 rv = -1;
3882 goto fail; 3893 goto fail;
3883 } 3894 }
3884 3895
3885 peers_ch = kmalloc(p.length, GFP_NOIO); 3896 peers_ch = kmalloc(p.length, GFP_NOIO);
3886 if (peers_ch == NULL) { 3897 if (peers_ch == NULL) {
3887 dev_err(DEV, "kmalloc of peers_ch failed\n"); 3898 dev_err(DEV, "kmalloc of peers_ch failed\n");
3888 rv = 0; 3899 rv = -1;
3889 goto fail; 3900 goto fail;
3890 } 3901 }
3891 3902
@@ -3901,7 +3912,7 @@ static int drbd_do_auth(struct drbd_conf *mdev)
3901 response = kmalloc(resp_size, GFP_NOIO); 3912 response = kmalloc(resp_size, GFP_NOIO);
3902 if (response == NULL) { 3913 if (response == NULL) {
3903 dev_err(DEV, "kmalloc of response failed\n"); 3914 dev_err(DEV, "kmalloc of response failed\n");
3904 rv = 0; 3915 rv = -1;
3905 goto fail; 3916 goto fail;
3906 } 3917 }
3907 3918
@@ -3911,7 +3922,7 @@ static int drbd_do_auth(struct drbd_conf *mdev)
3911 rv = crypto_hash_digest(&desc, &sg, sg.length, response); 3922 rv = crypto_hash_digest(&desc, &sg, sg.length, response);
3912 if (rv) { 3923 if (rv) {
3913 dev_err(DEV, "crypto_hash_digest() failed with %d\n", rv); 3924 dev_err(DEV, "crypto_hash_digest() failed with %d\n", rv);
3914 rv = 0; 3925 rv = -1;
3915 goto fail; 3926 goto fail;
3916 } 3927 }
3917 3928
@@ -3947,7 +3958,7 @@ static int drbd_do_auth(struct drbd_conf *mdev)
3947 right_response = kmalloc(resp_size, GFP_NOIO); 3958 right_response = kmalloc(resp_size, GFP_NOIO);
3948 if (right_response == NULL) { 3959 if (right_response == NULL) {
3949 dev_err(DEV, "kmalloc of right_response failed\n"); 3960 dev_err(DEV, "kmalloc of right_response failed\n");
3950 rv = 0; 3961 rv = -1;
3951 goto fail; 3962 goto fail;
3952 } 3963 }
3953 3964
@@ -3956,7 +3967,7 @@ static int drbd_do_auth(struct drbd_conf *mdev)
3956 rv = crypto_hash_digest(&desc, &sg, sg.length, right_response); 3967 rv = crypto_hash_digest(&desc, &sg, sg.length, right_response);
3957 if (rv) { 3968 if (rv) {
3958 dev_err(DEV, "crypto_hash_digest() failed with %d\n", rv); 3969 dev_err(DEV, "crypto_hash_digest() failed with %d\n", rv);
3959 rv = 0; 3970 rv = -1;
3960 goto fail; 3971 goto fail;
3961 } 3972 }
3962 3973
@@ -3965,6 +3976,8 @@ static int drbd_do_auth(struct drbd_conf *mdev)
3965 if (rv) 3976 if (rv)
3966 dev_info(DEV, "Peer authenticated using %d bytes of '%s' HMAC\n", 3977 dev_info(DEV, "Peer authenticated using %d bytes of '%s' HMAC\n",
3967 resp_size, mdev->net_conf->cram_hmac_alg); 3978 resp_size, mdev->net_conf->cram_hmac_alg);
3979 else
3980 rv = -1;
3968 3981
3969 fail: 3982 fail:
3970 kfree(peers_ch); 3983 kfree(peers_ch);