Subject: Re: CRYPTO_MAX_MAC_LEN too short?
To: Nathan J.Williams <>
From: Jason Thorpe <>
List: tech-crypto
Date: 04/13/2005 11:54:09
On Apr 13, 2005, at 11:16 AM, Nathan J. Williams wrote:

> In opencrypto/cryptodev.h, CRYPTO_MAX_MAC_LEN is defined as 20.  This
> value is used in cryptodev.c to set the size of the tmp_mac[] array,
> which is passed down to into crypto engines for them to deposit the
> computed MAC or hash. However, we've got SHA-2 (256 bits), SHA-2-384,
> and SHA-2-512, all of which produce more than 20 bytes of result, so
> using those hashes runs some risk of stomping on the other data
> structures following it.
> Any reason not to bump up CRYPTO_MAX_MAC_LEN to 64?

Sounds like a good idea.

>         - Nathan

-- thorpej