tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CRYPTO_MAX_MAC_LEN too short?



In opencrypto/cryptodev.h, CRYPTO_MAX_MAC_LEN is defined as 20.  This
value is used in cryptodev.c to set the size of the tmp_mac[] array,
which is passed down to into crypto engines for them to deposit the
computed MAC or hash. However, we've got SHA-2 (256 bits), SHA-2-384,
and SHA-2-512, all of which produce more than 20 bytes of result, so
using those hashes runs some risk of stomping on the other data
structures following it.

Any reason not to bump up CRYPTO_MAX_MAC_LEN to 64?

        - Nathan




Home | Main Index | Thread Index | Old Index