Page MenuHomeFreeBSD
Differential D30001

aesni: Avoid modifying session keys in hmac_update()
ClosedPublic
Actions

Authored by markj on Apr 27 2021, 12:19 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jan 16, 5:25 PM
Unknown Object (File)
Tue, Dec 30, 3:20 AM
Unknown Object (File)
Dec 20 2025, 9:29 PM
Unknown Object (File)
Dec 20 2025, 7:18 AM
Unknown Object (File)
Dec 19 2025, 5:52 AM
Unknown Object (File)
Dec 12 2025, 6:39 AM
Unknown Object (File)
Dec 11 2025, 11:19 AM
Unknown Object (File)
Nov 26 2025, 10:49 PM
View All 98 Files
Subscribers
None

Details

Reviewers
kib
jhb
cem
Commits
rG62e32cf9140e: aesni: Avoid modifying session keys in hmac_update()
Summary

Otherwise aesni_process() is not thread-safe for AES+SHA-HMAC
transforms, since hmac_update() updates the caller-supplied key directly
to create the derived key. Use a buffer on the stack to store a copy of
the key used for computing inner and outer digests.

Note that this applies to stable/12 only.

Diff Detail

Repository
rG FreeBSD src repository
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 38878
Build 35767: arc lint + arc unit

Event Timeline

markj requested review of this revision.Apr 27 2021, 12:19 AM
markj created this revision.
Harbormaster completed remote builds in B38878: Diff 88218.Apr 27 2021, 12:19 AM
kib accepted this revision.Apr 27 2021, 2:09 PM
This revision is now accepted and ready to land.Apr 27 2021, 2:09 PM
Closed by commit rG62e32cf9140e: aesni: Avoid modifying session keys in hmac_update() (authored by markj). · Explain WhyApr 27 2021, 7:16 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rG62e32cf9140e: aesni: Avoid modifying session keys in hmac_update().

Revision Contents
Changeset List

PathSize
sys/
crypto/
aesni/
5 lines
18 lines

Diff 88218

View Options

sys/crypto/aesni/aesni.h

Loading...
View Options

sys/crypto/aesni/aesni.c

Loading...