On Mon, May 27, 2019 at 05:06:53PM +0200, Stephan Mueller wrote:
> > obj-$(CONFIG_CRYPTO_JITTERENTROPY) += jitterentropy_rng.o
> > CFLAGS_jitterentropy.o = -O0
> > jitterentropy_rng-y := jitterentropy.o jitterentropy-kcapi.o
> > diff --git a/crypto/testmgr.c b/crypto/testmgr.c
> > index 8386038d67c7..322e906b6b6a 100644
> > --- a/crypto/testmgr.c
> > +++ b/crypto/testmgr.c
> > @@ -3879,6 +3879,13 @@ static const struct alg_test_desc alg_test_descs[] =
> > { .alg = "xts512(paes)",
> > .test = alg_test_null,
> > .fips_allowed = 1,
> > + }, {
> > + .alg = "xxhash64",
> > + .test = alg_test_hash,
> > + .fips_allowed = 1,
>
> Why is this intended to be allowed in FIPS mode? This does not seem to be a
> FIPS approved cipher.
>
The other non-cryptographic algorithms like crc32, crc32c, crct10dif, zstd,
zlib-deflate, lzo, lzohc have the fips_allowed flag set too, the argument being
the FIPS restrictions don't apply to non-cryptographic algorithms. I'm not very
familiar with FIPS, but I'd assume the same would be true for xxhash.
- Eric
