Page MenuHomeFreeBSD

aesni: Avoid modifying session keys in hmac_update()
ClosedPublic

Authored by markj on Apr 27 2021, 12:19 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Sep 24, 3:31 PM
Unknown Object (File)
Sep 9 2025, 12:12 PM
Unknown Object (File)
Sep 4 2025, 5:42 AM
Unknown Object (File)
Aug 15 2025, 11:43 AM
Unknown Object (File)
Aug 4 2025, 9:28 PM
Unknown Object (File)
Jul 14 2025, 10:45 AM
Unknown Object (File)
Jul 13 2025, 9:51 AM
Unknown Object (File)
Jul 13 2025, 7:26 AM
Subscribers
None

Details

Summary

Otherwise aesni_process() is not thread-safe for AES+SHA-HMAC
transforms, since hmac_update() updates the caller-supplied key directly
to create the derived key. Use a buffer on the stack to store a copy of
the key used for computing inner and outer digests.

Note that this applies to stable/12 only.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj created this revision.
This revision is now accepted and ready to land.Apr 27 2021, 2:09 PM