I just realized that the memzero_explicit of ctx->rand_data_bytes[] (a late addition, done just a few minutes before posting), while it prevents backtracking, also totally breaks FIPS anti-repetition checking. So ignore that line (171 of the modified file). Sorry. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html