From 12da39b389d4b78fd486d5ab607a0a639cbe7c58 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 26 Jan 2020 17:04:54 +0200 Subject: [PATCH] crypto: Allow up to 10 fragments for hmac_sha*_vector() This increases the limit of how many data fragments can be supported with the internal HMAC implementation. The previous limit was hit with some FT use cases. Signed-off-by: Jouni Malinen --- src/crypto/sha256.c | 6 +++--- src/crypto/sha384.c | 6 +++--- src/crypto/sha512.c | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/crypto/sha256.c b/src/crypto/sha256.c index b55e976f3..17af964ad 100644 --- a/src/crypto/sha256.c +++ b/src/crypto/sha256.c @@ -28,10 +28,10 @@ int hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, { unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */ unsigned char tk[32]; - const u8 *_addr[6]; - size_t _len[6], i; + const u8 *_addr[11]; + size_t _len[11], i; - if (num_elem > 5) { + if (num_elem > 10) { /* * Fixed limit on the number of fragments to avoid having to * allocate memory (which could fail). diff --git a/src/crypto/sha384.c b/src/crypto/sha384.c index ee136ce99..fd84b82b1 100644 --- a/src/crypto/sha384.c +++ b/src/crypto/sha384.c @@ -28,10 +28,10 @@ int hmac_sha384_vector(const u8 *key, size_t key_len, size_t num_elem, { unsigned char k_pad[128]; /* padding - key XORd with ipad/opad */ unsigned char tk[48]; - const u8 *_addr[6]; - size_t _len[6], i; + const u8 *_addr[11]; + size_t _len[11], i; - if (num_elem > 5) { + if (num_elem > 10) { /* * Fixed limit on the number of fragments to avoid having to * allocate memory (which could fail). diff --git a/src/crypto/sha512.c b/src/crypto/sha512.c index 66311c373..f60a57672 100644 --- a/src/crypto/sha512.c +++ b/src/crypto/sha512.c @@ -28,10 +28,10 @@ int hmac_sha512_vector(const u8 *key, size_t key_len, size_t num_elem, { unsigned char k_pad[128]; /* padding - key XORd with ipad/opad */ unsigned char tk[64]; - const u8 *_addr[6]; - size_t _len[6], i; + const u8 *_addr[11]; + size_t _len[11], i; - if (num_elem > 5) { + if (num_elem > 10) { /* * Fixed limit on the number of fragments to avoid having to * allocate memory (which could fail).