Subject: CRYPTO_MAX_MAC_LEN too short?
To: None <tech-crypto@netbsd.org>
From: Nathan J. Williams <nathanw@wasabisystems.com>
List: tech-crypto
Date: 04/13/2005 14:16:46
In opencrypto/cryptodev.h, CRYPTO_MAX_MAC_LEN is defined as 20.  This
value is used in cryptodev.c to set the size of the tmp_mac[] array,
which is passed down to into crypto engines for them to deposit the
computed MAC or hash. However, we've got SHA-2 (256 bits), SHA-2-384,
and SHA-2-512, all of which produce more than 20 bytes of result, so
using those hashes runs some risk of stomping on the other data
structures following it.

Any reason not to bump up CRYPTO_MAX_MAC_LEN to 64?

        - Nathan