K 10
svn:author
V 5
markj
K 8
svn:date
V 27
2021-05-26T20:40:11.833646Z
K 7
svn:log
V 609
aesni: Avoid modifying session keys in hmac_update()

Otherwise aesni_process() is not thread-safe for AES+SHA-HMAC
transforms, since hmac_update() updates the caller-supplied key directly
to create the derived key.  Use a buffer on the stack to store a copy of
the key used for computing inner and outer digests.

This is a direct commit to stable/12 as the bug is not present in later
branches.

Approved by:	so
Security:	EN-21:11.aesni
Reviewed by:	kib

(cherry picked from commit 62e32cf9140e6c13663dcd69ec3b3c7ca4579782)

Git Hash:   71c7f71de5789daff5bc6dedba82544fa97eec84
Git Author: markj@FreeBSD.org
END