On Apr 13, 2005, at 11:16 AM, Nathan J. Williams wrote:

>
> In opencrypto/cryptodev.h, CRYPTO_MAX_MAC_LEN is defined as 20.  This
> value is used in cryptodev.c to set the size of the tmp_mac[] array,
> which is passed down to into crypto engines for them to deposit the
> computed MAC or hash. However, we've got SHA-2 (256 bits), SHA-2-384,
> and SHA-2-512, all of which produce more than 20 bytes of result, so
> using those hashes runs some risk of stomping on the other data
> structures following it.
>
> Any reason not to bump up CRYPTO_MAX_MAC_LEN to 64?

Sounds like a good idea.

>
>         - Nathan
>

-- thorpej