Am Montag, 27. Mai 2019, 21:15:51 CEST schrieb Eric Biggers:
Hi Eric,
> On Mon, May 27, 2019 at 05:06:53PM +0200, Stephan Mueller wrote:
> > > obj-$(CONFIG_CRYPTO_JITTERENTROPY) += jitterentropy_rng.o
> > > CFLAGS_jitterentropy.o = -O0
> > > jitterentropy_rng-y := jitterentropy.o jitterentropy-kcapi.o
> > >
> > > diff --git a/crypto/testmgr.c b/crypto/testmgr.c
> > > index 8386038d67c7..322e906b6b6a 100644
> > > --- a/crypto/testmgr.c
> > > +++ b/crypto/testmgr.c
> > > @@ -3879,6 +3879,13 @@ static const struct alg_test_desc
> > > alg_test_descs[] =
> > > { .alg = "xts512(paes)",
> > >
> > > .test = alg_test_null,
> > > .fips_allowed = 1,
> > >
> > > + }, {
> > > + .alg = "xxhash64",
> > > + .test = alg_test_hash,
> > > + .fips_allowed = 1,
> >
> > Why is this intended to be allowed in FIPS mode? This does not seem to be
> > a
> > FIPS approved cipher.
>
> The other non-cryptographic algorithms like crc32, crc32c, crct10dif, zstd,
> zlib-deflate, lzo, lzohc have the fips_allowed flag set too, the argument
> being the FIPS restrictions don't apply to non-cryptographic algorithms.
> I'm not very familiar with FIPS, but I'd assume the same would be true for
> xxhash.
FIPS relates to cryptographic mechanisms protecting user data. The mechanisms
you refer to are non-cryptographic and thus do not fall under
FIPS-"jurisdiction".
Please correct me if I am wrong, but as far as I see, however, xxhash seems to
be a cryptographic hash function.
Ciao
Stephan
