On Wed, Jan 26, 2011 at 12:00:54PM -0500, Jarod Wilson wrote: > A self-test failure in fips mode means a panic. Well, gcm(aes) > self-tests currently fail in fips mode, as gcm is dependent on ghash, > which semi-recently got self-test vectors added, but wasn't marked as a > fips_allowed algorithm. Because of gcm's dependence on what is now seen > as a non-fips_allowed algorithm, its self-tests refuse to run. > Previously, ghash got a pass in fips mode, due to the lack of any test > vectors at all, and thus gcm self-tests were able to run. After this > patch, a 'modprobe tcrypt mode=35' no longer panics in fips mode, and > successful self-test of gcm(aes) is reported. > > Signed-off-by: Jarod Wilson <ja...@redhat.com>
Both patches applied. Thanks Jarod. -- Email: Herbert Xu <herb...@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
