Hi, In February I already tagged some authenc ciphers for FIPS compatibility. I currently revisit this to get testmgr running all the tests in strict FIPS mode. The authenc() class is troublesome. There is a HASH + ENC part of this method, but you can also add associated data, which is not encrypted. (using the ctx->null cipher in crypto/authenc.c) But in FIPS mode the crypto_authenc_init_tfm does: null = crypto_get_default_null_skcipher(); which results in error, as the crypto_alloc_blkcipher("ecb(cipher_null)", 0, 0); results in failure due to "ecb(cipher_null)" not FIPS compliant. How to handle this? I think GCM also does not encrypt, just hashes, the associated data, it just does copy the content itself and does not use a virtual cipher. Ciao, Marcus -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html