From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E6601EDA682 for ; Tue, 3 Mar 2026 15:09:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender:List-Subscribe:List-Help :List-Post:List-Archive:List-Unsubscribe:List-Id:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=sLOteAlb1KnKUFn91vnOM93Z12m5uOFjMDhUK2pQp74=; b=gY9lge4GLoFMNXhtcE/nSiUZXt WoXbDoxtK4yDYvkx6R7xIvwjQ93McdiSVp2VldmN+zsm0CZA4hxC8VUXpeMo79/6WcVzHRGtm9rxG fmMtUClNbLNsJQNX2jWsiVtpu/oCdBzs9h7oBZdi+aI0mtXtJ2cWm849f1OSFzNzIKbVvyoQf2OzO dNKwaPc9AlUsVa932OjxBpELKtl5JbfdRj1Fh9FGmpXdwBHkp8fAyJ3pQjgbC50IkiJuROP2HW9Di yEMCCJjXq4wiv6i21G25WDnfsfRmc5mYMTHKAMdy5lLJyvX3ba+tLw3Q5XenTS2sqBj/AR9Uud9xc fdXHPo9g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1vxRNI-0000000FO7T-3yjE; Tue, 03 Mar 2026 15:09:28 +0000 Received: from hch by bombadil.infradead.org with local (Exim 4.98.2 #2 (Red Hat Linux)) id 1vxRNG-0000000FO6L-3qh5; Tue, 03 Mar 2026 15:09:26 +0000 Date: Tue, 3 Mar 2026 07:09:26 -0800 From: Christoph Hellwig To: Joachim Vandersmissen Cc: Herbert Xu , "David S. Miller" , Maxime Coquelin , Alexandre Torgue , linux-crypto@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] crypto: testmgr - block Crypto API xxhash64 in FIPS mode Message-ID: References: <20260303060509.246038-1-git@jvdsn.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20260303060509.246038-1-git@jvdsn.com> X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Mar 03, 2026 at 12:05:09AM -0600, Joachim Vandersmissen wrote: > xxhash64 is not a cryptographic hash algorithm, but is offered in the > same API (shash) as actual cryptographic hash algorithms such as > SHA-256. The Cryptographic Module Validation Program (CMVP), managing > FIPS certification, believes that this could cause confusion. xxhash64 > must therefore be blocked in FIPS mode. > > The only usage of xxhash64 in the kernel is btrfs. Commit fe11ac191ce0 > ("btrfs: switch to library APIs for checksums") recently modified the > btrfs code to use the lib/crypto API, avoiding the Kernel Cryptographic > API. Consequently, the removal of xxhash64 from the Crypto API in FIPS > mode should now have no impact on btrfs usage. It sounds like xxhash should be removed the crypto API entirely. There's no user of it, it's not crypto, and doing xxhash through the userspace crypto API socket is so stupid that I doubt anyone attempted it.