On 09/17/2009 04:16 PM, Herbert Xu wrote:
On Thu, Sep 17, 2009 at 01:08:24PM -0400, Neil Horman wrote:
Just so that I'm clear on what your suggesting, you're approach would be to
register two algs in ansi_cprng, a 'raw' cprng, and a 'fips compliant cprng'
underneath that used the raw cprng as a base, but implemented the continuity
test underneath it? If so, yeah, I can get behind that idea. I'll spin a new
set of patches shortly.
Yes, exactly like how we structure the raw CTR and RFC3686 which
is CTR tailored for IPsec.
Yeah, I like that solution as well, does feel less dirty. So
essentially, in fips mode, we'd wind up using fips(ansi_cprng) or
similar, while the self-tests are done against raw ansi_cprng, correct?
--
Jarod Wilson
jarod@xxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
