nvmet-auth: always free derived key data

JIRA: https://issues.redhat.com/browse/RHEL-72531

After calling nvme_auth_derive_tls_psk() we need to free the resulting
psk data, as either TLS is disable (and we don't need the data anyway)
or the psk data is copied into the resulting key (and can be free, too).

Fixes: fa2e0f8 ("nvmet-tcp: support secure channel concatenation")
Reported-by: Yi Zhang <[email protected]>
Suggested-by: Maurizio Lombardi <[email protected]>
Signed-off-by: Hannes Reinecke <[email protected]>
Reviewed-by: Sagi Grimberg <[email protected]>
Tested-by: Yi Zhang <[email protected]>
Signed-off-by: Christoph Hellwig <[email protected]>
(cherry picked from commit 8edb86b)
Signed-off-by: Maurizio Lombardi <[email protected]>

Author: maurizio-lombardi

drivers/nvme/target/auth.c

@@ -600,13 +600,12 @@ void nvmet_auth_insert_psk(struct nvmet_sq *sq)
 		pr_warn("%s: ctrl %d qid %d failed to refresh key, error %ld\n",
 			__func__, sq->ctrl->cntlid, sq->qid, PTR_ERR(tls_key));
 		tls_key = NULL;
-		kfree_sensitive(tls_psk);
 	}
 	if (sq->ctrl->tls_key)
 		key_put(sq->ctrl->tls_key);
 	sq->ctrl->tls_key = tls_key;
 #endif
-
+	kfree_sensitive(tls_psk);
 out_free_digest:
 	kfree_sensitive(digest);
 out_free_psk: