On Thu, Sep 15, 2016 at 07:35:43AM +0200, Stephan Mueller wrote: > > Wouldn't it be more prudent to move that flag into the crypto_alg and > crypto_template data structures so that the flag is checked during the > crypto_register_* functions? I.e. if the flag is not set and the FIPS mode is > enabled, the cipher is simply not registered? The problem with that is then if you have 10 implementations of a given algorithm you'd have to change 10 places to modify its FIPS status. Where's the pain point here? For cases like seqiv where you want to say if X is FIPS-allowed then so is seqiv(X) we can certainly add some code to testmgr to cater for that instead of listing them individually. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
