Am Donnerstag, 24. September 2015, 17:02:03 schrieb John Haxby: Hi John, >Tests that contain non-FIPS ciphers and hashes cannot themselves be >.fips-allowed because they will necessarily fail. > >Signed-off-by: John Haxby <john.haxby@xxxxxxxxxx> This is a good finding. In fact, all authenc() ciphers are not FIPS approved ciphers. The flag for that should be removed for all of those. After checking in detail, the following FIPS flags should be removed as well: - ecb(des) - ansi_cprng (at least at the end of this year) Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
