[PATCH] crypto: testmgr - block Crypto API xxhash64 in FIPS mode
Joachim Vandersmissen
git at jvdsn.com
Wed Mar 4 23:19:34 PST 2026
Thanks for the discussion below, it sounds like I need to ensure
dm-integrity can use lib/crypto (at least for xxhash64) before blocking
it in the crypto API.
On 3/4/26 7:09 AM, Christoph Hellwig wrote:
> On Tue, Mar 03, 2026 at 11:31:02AM -0800, Eric Biggers wrote:
>>> It sounds like xxhash should be removed the crypto API entirely.
>>> There's no user of it, it's not crypto, and doing xxhash through
>>> the userspace crypto API socket is so stupid that I doubt anyone
>>> attempted it.
>> dm-integrity, which uses crypto_shash and accepts arbitrary hash
>> algorithm strings from userspace, might be relying on "xxhash64" being
>> supported in crypto_shash. The integritysetup man page specifically
>> mentions xxhash64:
> Oh, ok. So at least for now we need it, although it would be nice to
> convert dm-integrity to lib/crypto/ and limit it to the advertised
> algorithms (including xxhash).
>
>
More information about the linux-arm-kernel
mailing list