Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Operating System:
ALL
Sprint:
Server Security 2026-04-10
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

When reuse key is enabled and the context has already been used, the code intended to call HMAC_Init_ex with a null key to reuse the existing key. An unconditional second HMAC_Init_ex call always re-passed the key, overwriting that path.

Use an else branch so only one initialization runs, matching the reuse semantics and aligning with similar crypto context lifecycle fixes (e.g. ~~SERVER-119317~~ for MD5 hash state).

is related to

SERVER-119317 Improve object lifecycle of MD5 hash state

Closed

SERVER-106078 Implement key reuse for HMAC Contexts when appropriate

Closed

Assignee:: Erwin Pe
Reporter:: cui N/A
Participants:: cui N/A, Erwin Pe, Sahachel Flores
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Mar 21 2026 06:16:53 PM UTC
Updated:: Apr 06 2026 06:15:28 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates