-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Static memory allocation in HMAC is thread-unsafe. #3541
Comments
Yes - we are stuck with the API the way it is for compatibility reasons (unless maybe we want to think about using some kind of thread local storage solution...but perhaps that is over complicating things). The man page does explicitly note that it goes into a static array if the buffer is NULL - but, you're right, it should probably be more explicit about the thread safety implications of that. I actually thought it did, but apparently not. |
The
HMAC
function in crypto/hmac/hmac.c has a subtle dangerous behaviour in some use-cases.The expected usage of the
HMAC
function is to provide anEVP_MD
, a key buffer and length (asvoid *
), a data buffer and length (asunsigned char *
), and an output buffer and key (asunsigned char *
). This is reasonable.Helpfully,
HMAC
allows for the output buffer to be omitted (that is, set asNULL
). In that case,HMAC
will helpfully return a pointer to a buffer it has allocated for the user. Unhelpfully, that pointer is declared inside theHMAC
function as:This buffer, as it's declared
static
, is a single global buffer used by all invocations ofHMAC
. That means thatHMAC
is subtly not thread-safe when used in this mode: concurrent invocations of the apparently one-shotHMAC
functions can clobber each other's data in surprising (and potentially dangerous) ways.At the very least the man page should more emphatically note that
HMAC
is not thread-safe in the absence of a user-allocated buffer. A stronger approach would be to simply forbid the passing of aNULL
pointer formd
by returning an error. Note that the change must not be to allocate a buffer for the user, as this subtly changes the semantics of the returned pointer, which would be very bad.The text was updated successfully, but these errors were encountered: