https://bugzilla.redhat.com/show_bug.cgi?id=2069364
Simo Sorce ssorce@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(psampaio@redhat.c | |om) CC| |ssorce@redhat.com
--- Comment #1 from Simo Sorce ssorce@redhat.com --- After reading the upstream issue I do not understand why you would open a security issue for this bug. There is no vulnerability opened by misusing the API with the wrong cipher block. Simply the CMAC that you get is not interoperable with any correctly used one.
If you see a direct way to exploit this please let us know. Otherwise, please just close this, the parent, and any related bugs as NOTABUG.