Re: [PATCH] crypto: aead: add service indicator flag for RFC4106 AES-GCM

Next message: Thomas Wei&#xDF;schuh: "[PATCH 02/15] auxvec.h: Move AT_VECTOR_SIZE definitions to linux/auxvec.h"
Previous message: Jonathan Santos: "[PATCH 3/3] iio: adc: ad4130: add new supported parts"
In reply to: Joachim Vandersmissen: "Re: [PATCH] crypto: aead: add service indicator flag for RFC4106 AES-GCM"
Next in thread: Jeff Barnes: "Re: [PATCH] crypto: aead: add service indicator flag for RFC4106 AES-GCM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Herbert Xu

Date: Mon Mar 02 2026 - 07:30:04 EST

On Sun, Mar 01, 2026 at 02:41:28PM -0600, Joachim Vandersmissen wrote:
>
> However, Cryptographic Module Validation Program has also recently made it
> clear that xxhash64 cannot be FIPS approved the way it is currently
> implemented in the kernel. Even though the designers of xxhash publicly
> state that it is a non-cryptographic hash, the kernel offers it as part of
> the shash interface, the same interface as the approved algorithms. The
> interface / API also has "crypto" in the name, which according to CMVP
> implies security. CMVP feels that there could be confusion with the approved
> hash algorithms, so there needs to be some indication that xxhash64 is not
> FIPS approved. I think blocking xxhash64 in FIPS mode would break btrfs,
> where it is used for checksumming.

xxhash64 should be converted to lib/crypto and removed from the
Crypto API.

Thanks,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt