aesni: Avoid modifying session keys in hmac_update()
Otherwise aesni_process() is not thread-safe for AES+SHA-HMAC
transforms, since hmac_update() updates the caller-supplied key directly
to create the derived key. Use a buffer on the stack to store a copy of
the key used for computing inner and outer digests.
This is a direct commit to stable/12 as the bug is not present in later
branches.
Approved by: so
Security: EN-21:11.aesni
Reviewed by: kib
(cherry picked from commit
62e32cf9140e6c13663dcd69ec3b3c7ca4579782)
projects / FreeBSD / FreeBSD.git / commit