On Apr 13, 2005, at 11:16 AM, Nathan J. Williams wrote:
In opencrypto/cryptodev.h, CRYPTO_MAX_MAC_LEN is defined as 20. This value is used in cryptodev.c to set the size of the tmp_mac[] array, which is passed down to into crypto engines for them to deposit the computed MAC or hash. However, we've got SHA-2 (256 bits), SHA-2-384, and SHA-2-512, all of which produce more than 20 bytes of result, so using those hashes runs some risk of stomping on the other data structures following it. Any reason not to bump up CRYPTO_MAX_MAC_LEN to 64?
Sounds like a good idea.
- Nathan
-- thorpej