|
| 1 | +From linux-crypto-vger Tue Mar 03 06:05:09 2026 |
| 2 | +From: Joachim Vandersmissen <git () jvdsn ! com> |
| 3 | +Date: Tue, 03 Mar 2026 06:05:09 +0000 |
| 4 | +To: linux-crypto-vger |
| 5 | +Subject: [PATCH] crypto: testmgr - block Crypto API xxhash64 in FIPS mode |
| 6 | +Message-Id: <20260303060509.246038-1-git () jvdsn ! com> |
| 7 | +X-MARC-Message: https://marc.info/?l=linux-crypto-vger&m=177252066229289 |
| 8 | + |
| 9 | +xxhash64 is not a cryptographic hash algorithm, but is offered in the |
| 10 | +same API (shash) as actual cryptographic hash algorithms such as |
| 11 | +SHA-256. The Cryptographic Module Validation Program (CMVP), managing |
| 12 | +FIPS certification, believes that this could cause confusion. xxhash64 |
| 13 | +must therefore be blocked in FIPS mode. |
| 14 | + |
| 15 | +The only usage of xxhash64 in the kernel is btrfs. Commit fe11ac191ce0 |
| 16 | +("btrfs: switch to library APIs for checksums") recently modified the |
| 17 | +btrfs code to use the lib/crypto API, avoiding the Kernel Cryptographic |
| 18 | +API. Consequently, the removal of xxhash64 from the Crypto API in FIPS |
| 19 | +mode should now have no impact on btrfs usage. |
| 20 | + |
| 21 | +Signed-off-by: Joachim Vandersmissen < [email protected]> |
| 22 | +--- |
| 23 | + crypto/testmgr.c | 1 - |
| 24 | + 1 file changed, 1 deletion(-) |
| 25 | + |
| 26 | +diff --git a/crypto/testmgr.c b/crypto/testmgr.c |
| 27 | +index 49b607f65f63..d7475d6000dd 100644 |
| 28 | +--- a/crypto/testmgr.c |
| 29 | ++++ b/crypto/testmgr.c |
| 30 | +@@ -5609,7 +5609,6 @@ static const struct alg_test_desc alg_test_descs[] = { |
| 31 | + #endif |
| 32 | + .alg = "xxhash64", |
| 33 | + .test = alg_test_hash, |
| 34 | +- .fips_allowed = 1, |
| 35 | + .suite = { |
| 36 | + .hash = __VECS(xxhash64_tv_template) |
| 37 | + } |
| 38 | +-- |
| 39 | +2.53.0 |
| 40 | + |
0 commit comments