Stephan reports that the arm64 implementation of cts(cbc(aes)) deviates from the generic implementation in what it returns as the output IV. So fix this, and add some test vectors to catch other non-compliant implementations. Stephan, could you provide a reference for the NIST validation tool and how it flags this behaviour as non-compliant? Thanks. Cc: Stephan Mueller <smueller@xxxxxxxxxx> Ard Biesheuvel (2): crypto: arm64/aes - align output IV with generic CBC-CTS driver crypto: testmgr - add output IVs for AES-CBC with ciphertext stealing arch/arm64/crypto/aes-modes.S | 2 ++ crypto/testmgr.h | 12 ++++++++++++ 2 files changed, 14 insertions(+) -- 2.20.1