commit 84b89d7cfe452f91fa22f2646ef53a3a7e990456 (tree)
parent 87e07d8671b469431340c615dcdd5a5332d198ec
Author: Frank Denis <124872+jedisct1@users.noreply.github.com>
Date: Wed, 22 Mar 2023 07:17:52 +0100
crypto.hmac: set the recommended key size to the block size (#15031)
HMAC supports arbitrary key sizes, and there are no practical reasons
to use more than 256 bit keys.
It still makes sense to match the security level, though, especially
since a distinction between the block size and the key size can be
confusing.
Using HMAC.key_size instead of HMAC.mac_size caused our TLS
implementation to compute wrong shared secrets when SHA-384 was
used. So, fix it directly in `crypto.hmac` in order to prevent
other misuses.
Diffstat:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/std/crypto/hmac.zig b/lib/std/crypto/hmac.zig
@@ -18,7 +18,7 @@ pub fn Hmac(comptime Hash: type) type {
const Self = @This();
pub const mac_length = Hash.digest_length;
pub const key_length_min = 0;
- pub const key_length = 32; // recommended key length
+ pub const key_length = mac_length; // recommended key length
o_key_pad: [Hash.block_length]u8,
hash: Hash,
