Subject: Re: CRYPTO_MAX_MAC_LEN too short?
To: Nathan J. Williams <nathanw@wasabisystems.com>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-crypto
Date: 04/13/2005 21:56:15
In message <mtu4qeaa6ep.fsf@contents-vnder-pressvre.mit.edu>, "Nathan J. Willia
ms" writes:
>
>In opencrypto/cryptodev.h, CRYPTO_MAX_MAC_LEN is defined as 20. This
>value is used in cryptodev.c to set the size of the tmp_mac[] array,
>which is passed down to into crypto engines for them to deposit the
>computed MAC or hash. However, we've got SHA-2 (256 bits), SHA-2-384,
>and SHA-2-512, all of which produce more than 20 bytes of result, so
>using those hashes runs some risk of stomping on the other data
>structures following it.
>
>Any reason not to bump up CRYPTO_MAX_MAC_LEN to 64?
>
It certainly wouldn't hurt, but is the field for a hash function output
or for an HMAC output? The latter, even for SHA-512, is unlikely to be
longer than 20 bytes.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb