crypto.hmac: set the recommended key size to the block size

HMAC supports arbitrary key sizes, and there are no practical reasons to use more than 256 bit keys. In still make sense to match the security level, though, especially since a distinction between the block size and the key size can be confusing. Using HMAC.key_size instead of HMAC.mac_size caused our TLS implementation to compute wrong shared secrets when SHA-384 was used. So, fix it directly in `crypto.hmac` in order to prevent other misuses.
ziglang · Mar 21, 2023 · 19482c8 · 19482c8
1 parent 0787b11
commit 19482c8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/std/crypto/hmac.zig b/lib/std/crypto/hmac.zig
@@ -18,7 +18,7 @@ pub fn Hmac(comptime Hash: type) type {
         const Self = @This();
         pub const mac_length = Hash.digest_length;
         pub const key_length_min = 0;
-        pub const key_length = 32; // recommended key length
+        pub const key_length = mac_length; // recommended key length
 
         o_key_pad: [Hash.block_length]u8,
         hash: Hash,