verification of MACs of size 1
Werner Koch
wk at gnupg.org
Wed Oct 18 19:24:26 CEST 2023
On Wed, 18 Oct 2023 13:12, Falko Strenzke said:
> There is one feature of Libgcrypt’s MAC API that in my opinion can be
> a certain security risk for applications.
>
> Take for instance the HMAC verification:
>
> |static gcry_err_code_t hmac_verify (gcry_mac_hd_t h, const unsigned
hmac_verify is not an API of Libgcrypt; you probably meant gcry_mac_verify.
> If there a MAC is provided to the verify function that is shorter than
> the regular MAC length, the verification succeeds if that shorter MAC
> is matching the start of the regular MAC.
Sure. The caller needs to take care of this.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20231018/3b2fc16c/attachment.sig>
More information about the Gcrypt-devel
mailing list