git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Eric Biggers <ebiggers@kernel.org>
	Mon, 20 Apr 2026 06:34:01 +0000 (23:34 -0700)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Thu, 7 May 2026 08:10:00 +0000 (16:10 +0800)
commit	89cfd38c788e9d8a2d05d1487c4513043e6d46a2
tree	af87a2e7f3d915557401b2b89f16d790aee5d466	tree \| snapshot
parent	8237a5f626a2fdfbc8325c4ab672b4e04f564619	commit \| diff

crypto: drbg - Remove support for HMAC-SHA256 and HMAC-SHA384

Remove support for the HMAC-SHA256 and HMAC-SHA384 variants of
HMAC_DRBG, leaving only the HMAC-SHA512 variant of HMAC_DRBG.

HMAC-SHA512 is already the default.  The default did used to be
HMAC-SHA256, but several years ago it was upgraded to HMAC-SHA512 "to
support compliance with SP800-90B and SP800-90C".  Given that the point
of crypto/drbg.c is compliance with those standards, and there's also no
technical reason to prefer HMAC-SHA384 in this situation even if
acceptable, there's really no point in offering anything else.

Note: now that only HMAC-SHA512 remains, a lot of unnecessary
abstractions can be removed.  A later commit will do that.  This commit
just straightforwardly removes the HMAC-SHA256 and HMAC-SHA384 code.

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

crypto/drbg.c		diff \| blob \| blame \| history
crypto/testmgr.c		diff \| blob \| blame \| history
crypto/testmgr.h		diff \| blob \| blame \| history