Re: [PATCH] crypto: testmgr - block Crypto API xxhash64 in FIPS mode

Next message: Krzysztof Kozlowski: "Re: [PATCH v3 06/14] ASoC: dt-bindings: qcom: add LPASS LPI MI2S dai ids"
Previous message: Philipp Matthias Hahn: "Re: [PATCH 1/2] mtd: virt_concat: use single allocation for node"
In reply to: Christoph Hellwig: "Re: [PATCH] crypto: testmgr - block Crypto API xxhash64 in FIPS mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Joachim Vandersmissen

Date: Thu Mar 05 2026 - 02:22:27 EST

Thanks for the discussion below, it sounds like I need to ensure dm-integrity can use lib/crypto (at least for xxhash64) before blocking it in the crypto API.

On 3/4/26 7:09 AM, Christoph Hellwig wrote:

On Tue, Mar 03, 2026 at 11:31:02AM -0800, Eric Biggers wrote:

It sounds like xxhash should be removed the crypto API entirely.
There's no user of it, it's not crypto, and doing xxhash through
the userspace crypto API socket is so stupid that I doubt anyone
attempted it.

dm-integrity, which uses crypto_shash and accepts arbitrary hash
algorithm strings from userspace, might be relying on "xxhash64" being
supported in crypto_shash. The integritysetup man page specifically
mentions xxhash64:

Oh, ok. So at least for now we need it, although it would be nice to
convert dm-integrity to lib/crypto/ and limit it to the advertised
algorithms (including xxhash).