CRYPTO_MAX_MAC_LEN too short?

To: tech-crypto%netbsd.org@localhost
Subject: CRYPTO_MAX_MAC_LEN too short?
From: "Nathan J. Williams" <nathanw%wasabisystems.com@localhost>
Date: 13 Apr 2005 14:16:46 -0400

In opencrypto/cryptodev.h, CRYPTO_MAX_MAC_LEN is defined as 20.  This
value is used in cryptodev.c to set the size of the tmp_mac[] array,
which is passed down to into crypto engines for them to deposit the
computed MAC or hash. However, we've got SHA-2 (256 bits), SHA-2-384,
and SHA-2-512, all of which produce more than 20 bytes of result, so
using those hashes runs some risk of stomping on the other data
structures following it.

Any reason not to bump up CRYPTO_MAX_MAC_LEN to 64?

        - Nathan

Follow-Ups:
- Re: CRYPTO_MAX_MAC_LEN too short?
  - From: Steven M. Bellovin
- Re: CRYPTO_MAX_MAC_LEN too short?
  - From: Jason Thorpe

Prev by Date: size limits on /dev/crypto CIOCCRYPT?
Next by Date: Re: CRYPTO_MAX_MAC_LEN too short?
Previous by Thread: size limits on /dev/crypto CIOCCRYPT?
Next by Thread: Re: CRYPTO_MAX_MAC_LEN too short?
Indexes:

Home | Main Index | Thread Index | Old Index