mirror/zig
1
0
Fork 0
mirror of https://github.com/ziglang/zig.git synced 2026-01-21 06:45:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

crypto.hmac: set the recommended key size to the block size (#15031)

Browse Source 
HMAC supports arbitrary key sizes, and there are no practical reasons
to use more than 256 bit keys.

It still makes sense to match the security level, though, especially
since a distinction between the block size and the key size can be
confusing.

Using HMAC.key_size instead of HMAC.mac_size caused our TLS
implementation to compute wrong shared secrets when SHA-384 was
used. So, fix it directly in `crypto.hmac` in order to prevent
other misuses.
This commit is contained in:
Frank Denis 2023-03-22 07:17:52 +01:00 committed by GitHub
parent 87e07d8671
commit 84b89d7cfe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/std/crypto/hmac.zig
View File

@ -18,7 +18,7 @@ pub fn Hmac(comptime Hash: type) type {
const Self = @This();
pub const mac_length = Hash.digest_length;
pub const key_length_min = 0;
pub const key_length = 32; // recommended key length
pub const key_length = mac_length; // recommended key length
o_key_pad: [Hash.block_length]u8,
hash: Hash,