crypto: vmac - remove insecure version with hardcoded nonce
Remove the original version of the VMAC template that had the nonce hardcoded to 0 and produced a digest with the wrong endianness. I'm unsure whether this had users or not (there are no explicit in-kernel references to it), but given that the hardcoded nonce made it wildly insecure unless a unique key was used for each message, let's try removing it and see if anyone complains. Leave the new "vmac64" template that requires the nonce to be explicitly specified as the first 16 bytes of data and uses the correct endianness for the digest. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Eric Biggers
@@ -1939,7 +1939,7 @@ static int do_test(const char *alg, u32 type, u32 mask, int m, u32 num_mb)
|
||||
break;
|
||||
|
||||
case 109:
|
||||
ret += tcrypt_test("vmac(aes)");
|
||||
ret += tcrypt_test("vmac64(aes)");
|
||||
break;
|
||||
|
||||
case 111:
|
||||
|
||||
Reference in New Issue
Block a user