(add Gilad for cc-ree) On Tue, 19 May 2020 at 21:02, Ard Biesheuvel <ardb@xxxxxxxxxx> wrote: > > Stephan reports that the arm64 implementation of cts(cbc(aes)) deviates > from the generic implementation in what it returns as the output IV. So > fix this, and add some test vectors to catch other non-compliant > implementations. > > Stephan, could you provide a reference for the NIST validation tool and > how it flags this behaviour as non-compliant? Thanks. > > Cc: Stephan Mueller <smueller@xxxxxxxxxx> > > Ard Biesheuvel (2): > crypto: arm64/aes - align output IV with generic CBC-CTS driver > crypto: testmgr - add output IVs for AES-CBC with ciphertext stealing > > arch/arm64/crypto/aes-modes.S | 2 ++ > crypto/testmgr.h | 12 ++++++++++++ > 2 files changed, 14 insertions(+) > > -- > 2.20.1 >