On Thu, Sep 15, 2016 at 08:23:05AM +0200, Stephan Mueller wrote: > > Where shall we draw the line here? Shall that be only for authenc, or seqiv? > Or shall we also consider rfc4106 too, knowing that there are implementations > which provide a full rfc4106 GCM combo (x86 for example). What about the > current pkcspad1 template where we could expect that there may be entire HW > implementations with that? That's something that only you can tell us :) For such templates we could move that info into the generic template implementation code and have them declare themselves as such that for any X if X is FIPS allowed then so is T(X). This info can then be used in testmgr. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
