[Bug 275306] 14.0-RELEASE: ossl(4) causes data corruption on encrypted ZFS filesystems/volumes
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 05 Dec 2023 18:28:42 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275306
--- Comment #19 from commit-hook@FreeBSD.org ---
A commit in branch releng/14.0 references this bug:
URL:
https://cgit.FreeBSD.org/src/commit/?id=9fd62386ad6e6f5c5298cda66c5c1894373e4379
commit 9fd62386ad6e6f5c5298cda66c5c1894373e4379
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-11-29 17:51:55 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-12-04 14:02:05 +0000
ossl: Keep mutable AES-GCM state on the stack
ossl(4)'s AES-GCM implementation keeps mutable state in the session
structure, together with the key schedule. This was done for
convenience, as both are initialized together. However, some OCF
consumers, particularly ZFS, assume that requests may be dispatched to
the same session in parallel. Without serialization, this results in
incorrect output.
Fix the problem by explicitly copying per-session state onto the stack
at the beginning of each operation.
PR: 275306
Reviewed by: jhb
Fixes: 9a3444d91c70 ("ossl: Add a VAES-based AES-GCM
implementation for amd64")
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D42783
Approved by: so
Security: FreeBSD-EN-23:17.ossl
(cherry picked from commit 5c0dac0b7a012f326edab06ad85aee5ad68ff120)
(cherry picked from commit 84ef0a84ecaa4f5d9bcfed3ce10c288953491e7e)
sys/crypto/openssl/ossl_aes.c | 29 +++++++++++++++--------------
1 file changed, 15 insertions(+), 14 deletions(-)
--
You are receiving this mail because:
You are the assignee for the bug.