On 24/09/15 17:58, Stephan Mueller wrote: > Am Donnerstag, 24. September 2015, 17:02:03 schrieb John Haxby: > > Hi John, > >> >Tests that contain non-FIPS ciphers and hashes cannot themselves be >> >.fips-allowed because they will necessarily fail. >> > >> >Signed-off-by: John Haxby <john.haxby@xxxxxxxxxx> > This is a good finding. > > In fact, all authenc() ciphers are not FIPS approved ciphers. > > The flag for that should be removed for all of those. > > After checking in detail, the following FIPS flags should be removed as well: > > - ecb(des) > > - ansi_cprng (at least at the end of this year) Thanks Stephan. Updated patch on its way. jch -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html