Documentation/filesystems/fsverity.rst | 3 +-
crypto/Kconfig | 3 -
crypto/Makefile | 1 -
fs/verity/Kconfig | 6 +-
fs/verity/enable.c | 8 +-
fs/verity/fsverity_private.h | 24 +--
fs/verity/hash_algs.c | 194 +++++++++----------------
fs/verity/open.c | 36 ++---
fs/verity/verify.c | 7 +-
lib/crypto/Kconfig | 3 +
lib/crypto/Makefile | 2 +
{crypto => lib/crypto}/hash_info.c | 0
12 files changed, 107 insertions(+), 180 deletions(-)
rename {crypto => lib/crypto}/hash_info.c (100%)
This series, including all its prerequisites, is also available at:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git fsverity-libcrypto-v1
This series makes fs/verity/ use the SHA-2 library API instead of the
old-school crypto API. This is simpler and more efficient.
This depends on my SHA-2 library improvements for 6.17 (many patches),
so this patchset might need to wait until 6.18. But I'm also thinking
about just basing the fsverity tree on libcrypto-next for 6.17.
Eric Biggers (2):
lib/crypto: hash_info: Move hash_info.c into lib/crypto/
fsverity: Switch from crypto_shash to SHA-2 library
Documentation/filesystems/fsverity.rst | 3 +-
crypto/Kconfig | 3 -
crypto/Makefile | 1 -
fs/verity/Kconfig | 6 +-
fs/verity/enable.c | 8 +-
fs/verity/fsverity_private.h | 24 +--
fs/verity/hash_algs.c | 194 +++++++++----------------
fs/verity/open.c | 36 ++---
fs/verity/verify.c | 7 +-
lib/crypto/Kconfig | 3 +
lib/crypto/Makefile | 2 +
{crypto => lib/crypto}/hash_info.c | 0
12 files changed, 107 insertions(+), 180 deletions(-)
rename {crypto => lib/crypto}/hash_info.c (100%)
--
2.50.0
On Mon, Jun 30, 2025 at 10:22:22AM -0700, Eric Biggers wrote:
> This series, including all its prerequisites, is also available at:
>
> git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git fsverity-libcrypto-v1
>
> This series makes fs/verity/ use the SHA-2 library API instead of the
> old-school crypto API. This is simpler and more efficient.
>
> This depends on my SHA-2 library improvements for 6.17 (many patches),
> so this patchset might need to wait until 6.18. But I'm also thinking
> about just basing the fsverity tree on libcrypto-next for 6.17.
>
> Eric Biggers (2):
> lib/crypto: hash_info: Move hash_info.c into lib/crypto/
> fsverity: Switch from crypto_shash to SHA-2 library
FYI, I've applied this series to
https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-next
so that it gets linux-next coverage.
As mentioned, it depends on the SHA-256 and SHA-512 improvements in
lib/crypto/. But Linus has also expressed a preference to not put too
much in one pull request.
My current plan is to do 3 pull requests:
1. "Crypto library updates" - most patches, mainly SHA-256 and
SHA-512 library improvements
2. "Crypto library tests" - based on (1) but adds:
lib/crypto: tests: Add hash-test-template.h and gen-hash-testvecs.py
lib/crypto: tests: Add KUnit tests for SHA-224 and SHA-256
lib/crypto: tests: Add KUnit tests for SHA-384 and SHA-512
lib/crypto: tests: Add KUnit tests for Poly1305
3. "Crypto library conversions" - based on (1) but adds:
apparmor: use SHA-256 library API instead of crypto_shash API
fsverity: Explicitly include <linux/export.h>
fsverity: Switch from crypto_shash to SHA-2 library
I'll put all of these in libcrypto-next for linux-next coverage, but (3)
will have a slightly different base commit in the final version.
- Eric
On Wed, Jul 09, 2025 at 12:26:50PM -0700, Eric Biggers wrote: > On Mon, Jun 30, 2025 at 10:22:22AM -0700, Eric Biggers wrote: > > This series, including all its prerequisites, is also available at: > > > > git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git fsverity-libcrypto-v1 > > > > This series makes fs/verity/ use the SHA-2 library API instead of the > > old-school crypto API. This is simpler and more efficient. > > > > This depends on my SHA-2 library improvements for 6.17 (many patches), > > so this patchset might need to wait until 6.18. But I'm also thinking > > about just basing the fsverity tree on libcrypto-next for 6.17. > > > > Eric Biggers (2): > > lib/crypto: hash_info: Move hash_info.c into lib/crypto/ > > fsverity: Switch from crypto_shash to SHA-2 library > > FYI, I've applied this series to > https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/log/?h=libcrypto-next > so that it gets linux-next coverage. > > As mentioned, it depends on the SHA-256 and SHA-512 improvements in > lib/crypto/. But Linus has also expressed a preference to not put too > much in one pull request. > > My current plan is to do 3 pull requests: > > 1. "Crypto library updates" - most patches, mainly SHA-256 and > SHA-512 library improvements > > 2. "Crypto library tests" - based on (1) but adds: > lib/crypto: tests: Add hash-test-template.h and gen-hash-testvecs.py > lib/crypto: tests: Add KUnit tests for SHA-224 and SHA-256 > lib/crypto: tests: Add KUnit tests for SHA-384 and SHA-512 > lib/crypto: tests: Add KUnit tests for Poly1305 > > 3. "Crypto library conversions" - based on (1) but adds: > apparmor: use SHA-256 library API instead of crypto_shash API > fsverity: Explicitly include <linux/export.h> > fsverity: Switch from crypto_shash to SHA-2 library > > I'll put all of these in libcrypto-next for linux-next coverage, but (3) > will have a slightly different base commit in the final version. Correction: everything can have the same commit ID in libcrypto-next as in the final pull requests, if I put (2) and (3) on their own branches and merge them together. I've done that. - Eric
On Mon, 30 Jun 2025 at 19:24, Eric Biggers <ebiggers@kernel.org> wrote:
>
> This series, including all its prerequisites, is also available at:
>
> git fetch https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git fsverity-libcrypto-v1
>
> This series makes fs/verity/ use the SHA-2 library API instead of the
> old-school crypto API. This is simpler and more efficient.
>
> This depends on my SHA-2 library improvements for 6.17 (many patches),
> so this patchset might need to wait until 6.18. But I'm also thinking
> about just basing the fsverity tree on libcrypto-next for 6.17.
>
> Eric Biggers (2):
> lib/crypto: hash_info: Move hash_info.c into lib/crypto/
> fsverity: Switch from crypto_shash to SHA-2 library
>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
> Documentation/filesystems/fsverity.rst | 3 +-
> crypto/Kconfig | 3 -
> crypto/Makefile | 1 -
> fs/verity/Kconfig | 6 +-
> fs/verity/enable.c | 8 +-
> fs/verity/fsverity_private.h | 24 +--
> fs/verity/hash_algs.c | 194 +++++++++----------------
> fs/verity/open.c | 36 ++---
> fs/verity/verify.c | 7 +-
> lib/crypto/Kconfig | 3 +
> lib/crypto/Makefile | 2 +
> {crypto => lib/crypto}/hash_info.c | 0
> 12 files changed, 107 insertions(+), 180 deletions(-)
> rename {crypto => lib/crypto}/hash_info.c (100%)
>
> --
> 2.50.0
>
© 2016 - 2026 Red Hat, Inc.