]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2414241) | patch
aesni: Avoid modifying session keys in hmac_update()
authorMark Johnston <markj@FreeBSD.org>
Tue, 27 Apr 2021 00:04:25 +0000 (20:04 -0400)
committerMark Johnston <markj@FreeBSD.org>
Tue, 27 Apr 2021 19:10:16 +0000 (15:10 -0400)
commit62e32cf9140e6c13663dcd69ec3b3c7ca4579782
treefa9ea65dba49f4df62fb763bde9e2d67421505cdtree | snapshot
parent2414241b0e56cae959710f13903597f767b53e54commit | diff
aesni: Avoid modifying session keys in hmac_update()

Otherwise aesni_process() is not thread-safe for AES+SHA-HMAC
transforms, since hmac_update() updates the caller-supplied key directly
to create the derived key.  Use a buffer on the stack to store a copy of
the key used for computing inner and outer digests.

This is a direct commit to stable/12 as the bug is not present in later
branches.

Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D30001
sys/crypto/aesni/aesni.c diff | blob | history
sys/crypto/aesni/aesni.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.