On Mon, Aug 15, 2022 at 02:30:13PM -0700, Eric Biggers wrote: > > Note that this is only a problem because tcrypt calls alg_test() directly. The > normal way that alg_test() gets called is for the registration-time self-test. > It's not clear to me why tcrypt calls alg_test() directly; the registration-time > test should be enough. Herbert, do you know? The tcrypt code predates testmgr. So at the beginning we only had the enumerative testing. Registration-time testing was added later. We could remove the enumerative testing, but I think the FIPS people have grown rather attached to it because it ticks some sort of a box at boot-time. Stephane, would it be a problem for FIPS if we simply got rid of the enumerative testing in tcrypt and instead relied on registration-time testing? Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt