hmac_sha256 icon indicating copy to clipboard operation
hmac_sha256 copied to clipboard

Published 20 hours ago verified publisher icon h5p9sl

hmac_sha256 is dangerous

Open ghost opened this issue 2 years ago • 1 comments

Use hmac_sha256 with caution, H allocates up to datalen + SHA256_BLOCK_SIZE bytes of memory and cannot be used with data streams. The sample code for MD5 in the appendix of RFC 2104 is a better starting point for those looking to implement a streaming-capable version that does not consume all system memory.

ghost avatar May 15 '22 10:05 ghost

I have added pull request https://github.com/h5p9sl/hmac_sha256/pull/7 to remove the dynamic memory allocation. It's completely unnecessary, anyway, as you can do partial add of data.

cminyard avatar Oct 14 '23 01:10 cminyard