Subject: Re: CRYPTO_MAX_MAC_LEN too short?
To: Nathan J.Williams <nathanw@wasabisystems.com>
From: Jason Thorpe <thorpej@shagadelic.org>
List: tech-crypto
Date: 04/13/2005 11:54:09
On Apr 13, 2005, at 11:16 AM, Nathan J. Williams wrote:
>
> In opencrypto/cryptodev.h, CRYPTO_MAX_MAC_LEN is defined as 20. This
> value is used in cryptodev.c to set the size of the tmp_mac[] array,
> which is passed down to into crypto engines for them to deposit the
> computed MAC or hash. However, we've got SHA-2 (256 bits), SHA-2-384,
> and SHA-2-512, all of which produce more than 20 bytes of result, so
> using those hashes runs some risk of stomping on the other data
> structures following it.
>
> Any reason not to bump up CRYPTO_MAX_MAC_LEN to 64?
Sounds like a good idea.
>
> - Nathan
>
-- thorpej