Page MenuHomeFreeBSD
Differential D30001

aesni: Avoid modifying session keys in hmac_update()
ClosedPublic
Actions

Authored by markj on Apr 27 2021, 12:19 AM.
Tags
None
Referenced Files
F135219227: D30001.id88218.diff
Fri, Nov 7, 3:51 PM
Unknown Object (File)
Fri, Nov 7, 10:44 AM
Unknown Object (File)
Wed, Oct 22, 8:06 AM
Unknown Object (File)
Sep 24 2025, 3:31 PM
Unknown Object (File)
Sep 9 2025, 12:12 PM
Unknown Object (File)
Sep 4 2025, 5:42 AM
Unknown Object (File)
Aug 15 2025, 11:43 AM
Unknown Object (File)
Aug 4 2025, 9:28 PM
View All 84 Files
Subscribers
None

Details

Reviewers
kib
jhb
cem
Commits
rG62e32cf9140e: aesni: Avoid modifying session keys in hmac_update()
Summary

Otherwise aesni_process() is not thread-safe for AES+SHA-HMAC
transforms, since hmac_update() updates the caller-supplied key directly
to create the derived key. Use a buffer on the stack to store a copy of
the key used for computing inner and outer digests.

Note that this applies to stable/12 only.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj requested review of this revision.Apr 27 2021, 12:19 AM
markj created this revision.
Harbormaster completed remote builds in B38878: Diff 88218.Apr 27 2021, 12:19 AM
kib accepted this revision.Apr 27 2021, 2:09 PM
This revision is now accepted and ready to land.Apr 27 2021, 2:09 PM
Closed by commit rG62e32cf9140e: aesni: Avoid modifying session keys in hmac_update() (authored by markj). · Explain WhyApr 27 2021, 7:16 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rG62e32cf9140e: aesni: Avoid modifying session keys in hmac_update().

Revision Contents
Changeset List

PathSize
sys/
crypto/
aesni/
6 lines
18 lines

Diff 88275

View Options

sys/crypto/aesni/aesni.h

Loading...
View Options

sys/crypto/aesni/aesni.c

Loading...