verification of MACs of size 1

Werner Koch wk at
Wed Oct 18 19:24:26 CEST 2023

On Wed, 18 Oct 2023 13:12, Falko Strenzke said:
> There is one feature of Libgcrypt’s MAC API that in my opinion can be
> a certain security risk for applications.
> Take for instance the HMAC verification:
> |static gcry_err_code_t hmac_verify (gcry_mac_hd_t h, const unsigned

hmac_verify is not an API of Libgcrypt; you probably meant gcry_mac_verify.

> If there a MAC is provided to the verify function that is shorter than
> the regular MAC length, the verification succeeds if that shorter MAC
> is matching the start of the regular MAC.

Sure.  The caller needs to take care of this.



The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <>

More information about the Gcrypt-devel mailing list