From 952185f2b093374b878db91eafa5cbfa0777c100 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Tue, 10 May 2016 16:38:43 +0100
Subject: [PATCH] [Feature] New abstract hashing API in cryptobox

---
 src/libcryptobox/cryptobox.c      | 71 +++++++++++++++++++++++++++++++
 src/libcryptobox/cryptobox.h      | 42 ++++++++++++++++++
 src/libcryptobox/keypairs_cache.c |  4 +-
 src/libmime/filter.c              |  5 ++-
 src/libmime/message.c             | 10 ++++-
 src/libserver/cfg_rcl.c           | 10 ++---
 src/libserver/cfg_utils.c         |  2 +-
 src/libserver/events.c            | 12 +++---
 src/libserver/protocol.c          |  5 ++-
 src/libserver/re_cache.c          | 14 +++---
 src/libstat/tokenizers/osb.c      |  7 +--
 src/libutil/addr.c                | 16 +++----
 src/libutil/bloom.c               | 11 +++--
 src/libutil/logger.c              | 10 +----
 src/libutil/str_util.c            | 38 ++++++-----------
 src/libutil/upstream.c            |  5 ++-
 src/lua/lua_task.c                |  5 ++-
 src/rspamd.c                      | 20 ++++-----
 18 files changed, 197 insertions(+), 90 deletions(-)

diff --git a/src/libcryptobox/cryptobox.c b/src/libcryptobox/cryptobox.c
index 1680f1848..8fb0a7d56 100644
--- a/src/libcryptobox/cryptobox.c
+++ b/src/libcryptobox/cryptobox.c
@@ -31,6 +31,7 @@
 #include "catena/catena.h"
 #include "ottery.h"
 #include "printf.h"
+#include "xxhash.h"
 
 #ifdef HAVE_CPUID_H
 #include <cpuid.h>
@@ -1408,3 +1409,73 @@ void rspamd_cryptobox_hash (guchar *out,
 	rspamd_cryptobox_hash_update (&st, data, len);
 	rspamd_cryptobox_hash_final (&st, out);
 }
+
+
+void
+rspamd_cryptobox_fast_hash_init (rspamd_cryptobox_fast_hash_state_t *st,
+		guint64 seed)
+{
+#if defined(__LP64__) || defined(_LP64)
+	XXH64_state_t *rst = (XXH64_state_t *)st;
+	XXH64_reset (rst, seed);
+#else
+	XXH32_state_t *rst = (XXH32_state_t *)st;
+	XXH32_reset (rst, seed);
+#endif
+}
+
+void
+rspamd_cryptobox_fast_hash_update (rspamd_cryptobox_fast_hash_state_t *st,
+		const void *data, gsize len)
+{
+#if defined(__LP64__) || defined(_LP64)
+	XXH64_state_t *rst = (XXH64_state_t *)st;
+	XXH64_update (rst, data, len);
+#else
+	XXH32_state_t *rst = (XXH32_state_t *)st;
+	XXH32_update (rst, data, len);
+#endif
+}
+
+guint64
+rspamd_cryptobox_fast_hash_final (rspamd_cryptobox_fast_hash_state_t *st)
+{
+#if defined(__LP64__) || defined(_LP64)
+	XXH64_state_t *rst = (XXH64_state_t *)st;
+	return XXH64_digest (rst);
+#else
+	XXH32_state_t *rst = (XXH32_state_t *)st;
+	XXH32_digest (rst);
+#endif
+
+}
+
+/**
+ * One in all function
+ */
+guint64
+rspamd_cryptobox_fast_hash (const void *data,
+		gsize len, guint64 seed)
+{
+#if defined(__LP64__) || defined(_LP64)
+	return XXH64 (data, len, seed);
+#else
+	return XXH32 (data, len, seed);
+#endif
+}
+
+
+guint64
+rspamd_cryptobox_fast_hash_specific (
+		enum rspamd_cryptobox_fast_hash_type type,
+		const void *data,
+		gsize len, guint64 seed)
+{
+	switch (type) {
+	case RSPAMD_CRYPTOBOX_XXHASH32:
+		return XXH32 (data, len, seed);
+	case RSPAMD_CRYPTOBOX_XXHASH64:
+	default:
+		return XXH64 (data, len, seed);
+	}
+}
diff --git a/src/libcryptobox/cryptobox.h b/src/libcryptobox/cryptobox.h
index 9631bd8d0..9bab560ee 100644
--- a/src/libcryptobox/cryptobox.h
+++ b/src/libcryptobox/cryptobox.h
@@ -324,4 +324,46 @@ void rspamd_cryptobox_hash (guchar *out,
 		const guchar *key,
 		gsize keylen);
 
+/* Non crypto hash IUF interface */
+typedef struct RSPAMD_ALIGNED(32) rspamd_cryptobox_fast_hash_state_s  {
+	unsigned char opaque[88];
+} rspamd_cryptobox_fast_hash_state_t;
+
+/**
+ * Init cryptobox hash state using key if needed, `st` must point to the buffer
+ * with at least rspamd_cryptobox_HASHSTATEBYTES bytes length. If keylen == 0, then
+ * non-keyed hash is generated
+ */
+void rspamd_cryptobox_fast_hash_init (rspamd_cryptobox_fast_hash_state_t *st,
+		guint64 seed);
+
+/**
+ * Update hash with data portion
+ */
+void rspamd_cryptobox_fast_hash_update (rspamd_cryptobox_fast_hash_state_t *st,
+		const void *data, gsize len);
+
+/**
+ * Output hash to the buffer of rspamd_cryptobox_HASHBYTES length
+ */
+guint64 rspamd_cryptobox_fast_hash_final (rspamd_cryptobox_fast_hash_state_t *st);
+
+/**
+ * One in all function
+ */
+guint64 rspamd_cryptobox_fast_hash (const void *data,
+		gsize len, guint64 seed);
+
+enum rspamd_cryptobox_fast_hash_type {
+	RSPAMD_CRYPTOBOX_XXHASH64 = 0,
+	RSPAMD_CRYPTOBOX_XXHASH32
+};
+/**
+ * Platform independent version
+ */
+guint64 rspamd_cryptobox_fast_hash_specific (
+		enum rspamd_cryptobox_fast_hash_type type,
+		const void *data,
+		gsize len, guint64 seed);
+
 #endif /* CRYPTOBOX_H_ */
diff --git a/src/libcryptobox/keypairs_cache.c b/src/libcryptobox/keypairs_cache.c
index 069158789..887aaa85d 100644
--- a/src/libcryptobox/keypairs_cache.c
+++ b/src/libcryptobox/keypairs_cache.c
@@ -18,7 +18,6 @@
 #include "keypairs_cache.h"
 #include "keypair_private.h"
 #include "hash.h"
-#include "xxhash.h"
 
 struct rspamd_keypair_elt {
 	struct rspamd_cryptobox_nm *nm;
@@ -43,7 +42,8 @@ rspamd_keypair_hash (gconstpointer ptr)
 {
 	struct rspamd_keypair_elt *elt = (struct rspamd_keypair_elt *)ptr;
 
-	return XXH64 (elt->pair, sizeof (elt->pair), rspamd_hash_seed ());
+	return rspamd_cryptobox_fast_hash (elt->pair, sizeof (elt->pair),
+			rspamd_hash_seed ());
 }
 
 static gboolean
diff --git a/src/libmime/filter.c b/src/libmime/filter.c
index e1a33f3e2..6aaa19aaf 100644
--- a/src/libmime/filter.c
+++ b/src/libmime/filter.c
@@ -19,7 +19,7 @@
 #include "rspamd.h"
 #include "message.h"
 #include "lua/lua_common.h"
-#include "xxhash.h"
+#include "cryptobox.h"
 #include <math.h>
 
 
@@ -273,7 +273,8 @@ rspamd_action_from_str (const gchar *data, gint *result)
 {
 	guint64 h;
 
-	h = XXH64 (data, strlen (data), 0xdeadbabe);
+	h = rspamd_cryptobox_fast_hash_specific (RSPAMD_CRYPTOBOX_XXHASH64,
+			data, strlen (data), 0xdeadbabe);
 
 	switch (h) {
 	case 0x9917BFDB46332B8CULL: /* reject */
diff --git a/src/libmime/message.c b/src/libmime/message.c
index 4877fde9f..d1fca6b87 100644
--- a/src/libmime/message.c
+++ b/src/libmime/message.c
@@ -24,7 +24,7 @@
 #include "email_addr.h"
 #include "utlist.h"
 #include "tokenizers/tokenizers.h"
-#include "xxhash.h"
+#include "cryptobox.h"
 
 #ifdef WITH_SNOWBALL
 #include "libstemmer.h"
@@ -42,6 +42,7 @@
 static const gchar gtube_pattern[] = "XJS*C4JDBQADN1.NSBN3*2IDNEN*"
 		"GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X";
 static rspamd_regexp_t *utf_compatible_re = NULL;
+static const guint64 words_hash_seed = 0xdeadbabe;
 
 static GQuark
 rspamd_message_quark (void)
@@ -1074,7 +1075,12 @@ rspamd_normalize_text_part (struct rspamd_task *task,
 			}
 
 			if (w->len > 0) {
-				h = XXH64 (w->begin, w->len, rspamd_hash_seed ());
+				/*
+				 * We use static hash seed if we would want to use that in shingles
+				 * computation in future
+				 */
+				h = rspamd_cryptobox_fast_hash_specific (RSPAMD_CRYPTOBOX_XXHASH64,
+						w->begin, w->len, words_hash_seed);
 				g_array_append_val (part->normalized_hashes, h);
 			}
 		}
diff --git a/src/libserver/cfg_rcl.c b/src/libserver/cfg_rcl.c
index b07819b78..f774ac126 100644
--- a/src/libserver/cfg_rcl.c
+++ b/src/libserver/cfg_rcl.c
@@ -2976,13 +2976,13 @@ static guint
 rspamd_worker_param_key_hash (gconstpointer p)
 {
 	const struct rspamd_worker_param_key *k = p;
-	XXH64_state_t st;
+	rspamd_cryptobox_fast_hash_state_t st;
 
-	XXH64_reset (&st, rspamd_hash_seed ());
-	XXH64_update (&st, k->name, strlen (k->name));
-	XXH64_update (&st, &k->ptr, sizeof (gpointer));
+	rspamd_cryptobox_fast_hash_init (&st, rspamd_hash_seed ());
+	rspamd_cryptobox_fast_hash_update (&st, k->name, strlen (k->name));
+	rspamd_cryptobox_fast_hash_update (&st, &k->ptr, sizeof (gpointer));
 
-	return XXH64_digest (&st);
+	return rspamd_cryptobox_fast_hash_final (&st);
 }
 
 static gboolean
diff --git a/src/libserver/cfg_utils.c b/src/libserver/cfg_utils.c
index 233051dcb..85fd6af80 100644
--- a/src/libserver/cfg_utils.c
+++ b/src/libserver/cfg_utils.c
@@ -1177,7 +1177,7 @@ rspamd_ucl_fin_cb (struct map_cb_data *data)
 		return;
 	}
 
-	checksum = XXH64 (cbdata->buf->str, cbdata->buf->len, 0);
+	checksum = rspamd_cryptobox_fast_hash (cbdata->buf->str, cbdata->buf->len, 0);
 	/* New data available */
 	parser = ucl_parser_new (0);
 	if (!ucl_parser_add_chunk (parser, cbdata->buf->str,
diff --git a/src/libserver/events.c b/src/libserver/events.c
index a8cb086cb..44a5d9191 100644
--- a/src/libserver/events.c
+++ b/src/libserver/events.c
@@ -16,7 +16,7 @@
 #include "config.h"
 #include "rspamd.h"
 #include "events.h"
-#include "xxhash.h"
+#include "cryptobox.h"
 
 #define RSPAMD_SESSION_FLAG_WATCHING (1 << 0)
 #define RSPAMD_SESSION_FLAG_DESTROYING (1 << 1)
@@ -81,7 +81,7 @@ static guint
 rspamd_event_hash (gconstpointer a)
 {
 	const struct rspamd_async_event *ev = a;
-	XXH64_state_t st;
+	rspamd_cryptobox_fast_hash_state_t st;
 	union {
 		event_finalizer_t f;
 		gpointer p;
@@ -89,11 +89,11 @@ rspamd_event_hash (gconstpointer a)
 
 	u.f = ev->fin;
 
-	XXH64_reset (&st, rspamd_hash_seed ());
-	XXH64_update (&st, &ev->user_data, sizeof (gpointer));
-	XXH64_update (&st, &u, sizeof (u));
+	rspamd_cryptobox_fast_hash_init (&st, rspamd_hash_seed ());
+	rspamd_cryptobox_fast_hash_update (&st, &ev->user_data, sizeof (gpointer));
+	rspamd_cryptobox_fast_hash_update (&st, &u, sizeof (u));
 
-	return XXH64_digest (&st);
+	return rspamd_cryptobox_fast_hash_final (&st);
 }
 
 
diff --git a/src/libserver/protocol.c b/src/libserver/protocol.c
index a394ddaff..d314d3fdc 100644
--- a/src/libserver/protocol.c
+++ b/src/libserver/protocol.c
@@ -23,7 +23,7 @@
 #include "http.h"
 #include "email_addr.h"
 #include "worker_private.h"
-#include "xxhash.h"
+#include "cryptobox.h"
 
 /* Max line size */
 #define OUTBUFSIZ BUFSIZ
@@ -401,7 +401,8 @@ rspamd_protocol_handle_headers (struct rspamd_task *task,
 				guint64 h;
 				guint32 *hp;
 
-				h = XXH64 (hv_tok->begin, hv_tok->len, 0xdeadbabe);
+				h = rspamd_cryptobox_fast_hash_specific (RSPAMD_CRYPTOBOX_XXHASH64,
+						hv_tok->begin, hv_tok->len, 0xdeadbabe);
 				hp = rspamd_mempool_alloc (task->task_pool, sizeof (*hp));
 				memcpy (hp, &h, sizeof (*hp));
 				rspamd_mempool_set_variable (task->task_pool, "settings_hash",
diff --git a/src/libserver/re_cache.c b/src/libserver/re_cache.c
index 5882114f9..3e308415d 100644
--- a/src/libserver/re_cache.c
+++ b/src/libserver/re_cache.c
@@ -15,7 +15,6 @@
  */
 #include "libmime/message.h"
 #include "re_cache.h"
-#include "xxhash.h"
 #include "cryptobox.h"
 #include "ref.h"
 #include "libserver/url.h"
@@ -123,16 +122,16 @@ rspamd_re_cache_class_id (enum rspamd_re_type type,
 		gpointer type_data,
 		gsize datalen)
 {
-	XXH64_state_t st;
+	rspamd_cryptobox_fast_hash_state_t st;
 
-	XXH64_reset (&st, 0xdeadbabe);
-	XXH64_update (&st, &type, sizeof (type));
+	rspamd_cryptobox_fast_hash_init (&st, 0xdeadbabe);
+	rspamd_cryptobox_fast_hash_update (&st, &type, sizeof (type));
 
 	if (datalen > 0) {
-		XXH64_update (&st, type_data, datalen);
+		rspamd_cryptobox_fast_hash_update (&st, type_data, datalen);
 	}
 
-	return XXH64_digest (&st);
+	return rspamd_cryptobox_fast_hash_final (&st);
 }
 
 static void
@@ -1174,7 +1173,8 @@ rspamd_re_cache_type_from_string (const char *str)
 	 */
 
 	if (str != NULL) {
-		h = XXH64 (str, strlen (str), 0xdeadbabe);
+		h = rspamd_cryptobox_fast_hash_specific (RSPAMD_CRYPTOBOX_XXHASH64,
+				str, strlen (str), 0xdeadbabe);
 
 		switch (h) {
 		case G_GUINT64_CONSTANT(0x298b9c8a58887d44): /* header */
diff --git a/src/libstat/tokenizers/osb.c b/src/libstat/tokenizers/osb.c
index 906c1de25..c2e050f23 100644
--- a/src/libstat/tokenizers/osb.c
+++ b/src/libstat/tokenizers/osb.c
@@ -19,7 +19,6 @@
 
 #include "tokenizers.h"
 #include "stat_internal.h"
-#include "xxhash.h"
 #include "cryptobox.h"
 
 /* Size for features pipe */
@@ -280,7 +279,8 @@ rspamd_tokenizer_osb (struct rspamd_stat_ctx *ctx,
 	window_size = osb_cf->window_size;
 
 	if (prefix) {
-		seed = XXH64 (prefix, strlen (prefix), osb_cf->seed);
+		seed = rspamd_cryptobox_fast_hash_specific (RSPAMD_CRYPTOBOX_XXHASH64,
+				prefix, strlen (prefix), osb_cf->seed);
 	}
 	else {
 		seed = osb_cf->seed;
@@ -300,7 +300,8 @@ rspamd_tokenizer_osb (struct rspamd_stat_ctx *ctx,
 		else {
 			/* We know that the words are normalized */
 			if (osb_cf->ht == RSPAMD_OSB_HASH_XXHASH) {
-				cur = XXH64 (token->begin, token->len, osb_cf->seed);
+				cur = rspamd_cryptobox_fast_hash_specific (RSPAMD_CRYPTOBOX_XXHASH64,
+						token->begin, token->len, osb_cf->seed);
 			}
 			else {
 				rspamd_cryptobox_siphash ((guchar *)&cur, token->begin,
diff --git a/src/libutil/addr.c b/src/libutil/addr.c
index 8fc85e6c7..18414a98c 100644
--- a/src/libutil/addr.c
+++ b/src/libutil/addr.c
@@ -17,7 +17,7 @@
 #include "addr.h"
 #include "util.h"
 #include "logger.h"
-#include "xxhash.h"
+#include "cryptobox.h"
 #include "radix.h"
 #include "unix-std.h"
 /* pwd and grp */
@@ -1352,28 +1352,28 @@ guint
 rspamd_inet_address_hash (gconstpointer a)
 {
 	const rspamd_inet_addr_t *addr = a;
-	XXH64_state_t st;
+	rspamd_cryptobox_fast_hash_state_t st;
 
-	XXH64_reset (&st, rspamd_hash_seed ());
-	XXH64_update (&st, &addr->af, sizeof (addr->af));
+	rspamd_cryptobox_fast_hash_init (&st, rspamd_hash_seed ());
+	rspamd_cryptobox_fast_hash_update (&st, &addr->af, sizeof (addr->af));
 
 
 	if (addr->af == AF_UNIX && addr->u.un) {
-		XXH64_update (&st, addr->u.un, sizeof (*addr->u.un));
+		rspamd_cryptobox_fast_hash_update (&st, addr->u.un, sizeof (*addr->u.un));
 	}
 	else {
 		/* We ignore port part here */
 		if (addr->af == AF_INET) {
-			XXH64_update (&st, &addr->u.in.addr.s4.sin_addr,
+			rspamd_cryptobox_fast_hash_update (&st, &addr->u.in.addr.s4.sin_addr,
 					sizeof (addr->u.in.addr.s4.sin_addr));
 		}
 		else {
-			XXH64_update (&st, &addr->u.in.addr.s6.sin6_addr,
+			rspamd_cryptobox_fast_hash_update (&st, &addr->u.in.addr.s6.sin6_addr,
 					sizeof (addr->u.in.addr.s6.sin6_addr));
 		}
 	}
 
-	return XXH64_digest (&st);
+	return rspamd_cryptobox_fast_hash_final (&st);
 }
 
 gboolean
diff --git a/src/libutil/bloom.c b/src/libutil/bloom.c
index 8c8b80ae6..2447b1b10 100644
--- a/src/libutil/bloom.c
+++ b/src/libutil/bloom.c
@@ -15,7 +15,7 @@
  */
 #include "config.h"
 #include "bloom.h"
-#include "xxhash.h"
+#include "cryptobox.h"
 
 /* 4 bits are used for counting (implementing delete operation) */
 #define SIZE_BIT 4
@@ -107,7 +107,8 @@ rspamd_bloom_add (rspamd_bloom_filter_t * bloom, const gchar *s)
 	}
 	len = strlen (s);
 	for (n = 0; n < bloom->nfuncs; ++n) {
-		v = XXH64 (s, len, bloom->seeds[n]) % bloom->asize;
+		v = rspamd_cryptobox_fast_hash_specific (RSPAMD_CRYPTOBOX_XXHASH64,
+				s, len, bloom->seeds[n]) % bloom->asize;
 		INCBIT (bloom->a, v, t);
 	}
 
@@ -126,7 +127,8 @@ rspamd_bloom_del (rspamd_bloom_filter_t * bloom, const gchar *s)
 	}
 	len = strlen (s);
 	for (n = 0; n < bloom->nfuncs; ++n) {
-		v = XXH64 (s, len, bloom->seeds[n]) % bloom->asize;
+		v = rspamd_cryptobox_fast_hash_specific (RSPAMD_CRYPTOBOX_XXHASH64,
+				s, len, bloom->seeds[n]) % bloom->asize;
 		DECBIT (bloom->a, v, t);
 	}
 
@@ -145,7 +147,8 @@ rspamd_bloom_check (rspamd_bloom_filter_t * bloom, const gchar *s)
 	}
 	len = strlen (s);
 	for (n = 0; n < bloom->nfuncs; ++n) {
-		v = XXH64 (s, len, bloom->seeds[n]) % bloom->asize;
+		v = rspamd_cryptobox_fast_hash_specific (RSPAMD_CRYPTOBOX_XXHASH64,
+				s, len, bloom->seeds[n]) % bloom->asize;
 		if (!(GETBIT (bloom->a, v))) {
 			return FALSE;
 		}
diff --git a/src/libutil/logger.c b/src/libutil/logger.c
index 21e489b09..f81730448 100644
--- a/src/libutil/logger.c
+++ b/src/libutil/logger.c
@@ -18,7 +18,7 @@
 #include "util.h"
 #include "rspamd.h"
 #include "map.h"
-#include "xxhash.h"
+#include "cryptobox.h"
 #include "unix-std.h"
 
 #ifdef HAVE_SYSLOG_H
@@ -82,12 +82,6 @@ static rspamd_logger_t *default_logger = NULL;
 	}											\
 } while (0)
 
-#if defined(__LP64__) || defined(_LP64)
-#define XXH_ONESHOT XXH64
-#else
-#define XXH_ONESHOT XXH32
-#endif
-
 static void
 		syslog_log_function (const gchar *log_domain, const gchar *module,
 		const gchar *id, const gchar *function,
@@ -106,7 +100,7 @@ static void
 static inline guint64
 rspamd_log_calculate_cksum (const gchar *message, size_t mlen)
 {
-	return XXH_ONESHOT (message, mlen, rspamd_hash_seed ());
+	return rspamd_cryptobox_fast_hash (message, mlen, rspamd_hash_seed ());
 }
 
 /*
diff --git a/src/libutil/str_util.c b/src/libutil/str_util.c
index 7d40b15fa..a25dc32d5 100644
--- a/src/libutil/str_util.c
+++ b/src/libutil/str_util.c
@@ -15,7 +15,7 @@
  */
 #include "config.h"
 #include "util.h"
-#include "xxhash.h"
+#include "cryptobox.h"
 #include "url.h"
 #include <math.h>
 
@@ -182,20 +182,6 @@ rspamd_strcase_equal (gconstpointer v, gconstpointer v2)
 	return FALSE;
 }
 
-#if defined(__LP64__) || defined(_LP64)
-#define XXH_STATE XXH64_state_t
-#define XXH_RESET XXH64_reset
-#define XXH_UPDATE XXH64_update
-#define XXH_DIGEST XXH64_digest
-#define XXH_ONESHOT XXH64
-#else
-#define XXH_STATE XXH32_state_t
-#define XXH_RESET XXH32_reset
-#define XXH_UPDATE XXH32_update
-#define XXH_DIGEST XXH32_digest
-#define XXH_ONESHOT XXH32
-#endif
-
 static guint
 rspamd_icase_hash (const gchar *in, gsize len)
 {
@@ -208,10 +194,10 @@ rspamd_icase_hash (const gchar *in, gsize len)
 		} c;
 		guint32 pp;
 	} u;
-	XXH_STATE st;
+	rspamd_cryptobox_fast_hash_state_t st;
 
 	fp = len - leftover;
-	XXH_RESET (&st, rspamd_hash_seed ());
+	rspamd_cryptobox_fast_hash_init (&st, rspamd_hash_seed ());
 
 	for (i = 0; i != fp; i += 4) {
 		u.c.c1 = s[i], u.c.c2 = s[i + 1], u.c.c3 = s[i + 2], u.c.c4 = s[i + 3];
@@ -219,7 +205,7 @@ rspamd_icase_hash (const gchar *in, gsize len)
 		u.c.c2 = lc_map[u.c.c2];
 		u.c.c3 = lc_map[u.c.c3];
 		u.c.c4 = lc_map[u.c.c4];
-		XXH_UPDATE (&st, &u.pp, sizeof (u));
+		rspamd_cryptobox_fast_hash_update (&st, &u.pp, sizeof (u));
 	}
 
 	u.pp = 0;
@@ -230,11 +216,11 @@ rspamd_icase_hash (const gchar *in, gsize len)
 		u.c.c2 = lc_map[(guchar)s[i++]];
 	case 1:
 		u.c.c1 = lc_map[(guchar)s[i]];
-		XXH_UPDATE (&st, &u.pp, leftover);
+		rspamd_cryptobox_fast_hash_update (&st, &u.pp, leftover);
 		break;
 	}
 
-	return XXH_DIGEST (&st);
+	return rspamd_cryptobox_fast_hash_final (&st);
 }
 
 guint
@@ -255,7 +241,7 @@ rspamd_str_hash (gconstpointer key)
 
 	len = strlen ((const gchar *)key);
 
-	return XXH_ONESHOT (key, len, rspamd_hash_seed ());
+	return rspamd_cryptobox_fast_hash (key, len, rspamd_hash_seed ());
 }
 
 gboolean
@@ -1814,17 +1800,17 @@ guint
 rspamd_url_hash (gconstpointer u)
 {
 	const struct rspamd_url *url = u;
-	XXH_STATE st;
+	rspamd_cryptobox_fast_hash_state_t st;
 
-	XXH_RESET (&st, rspamd_hash_seed ());
+	rspamd_cryptobox_fast_hash_init (&st, rspamd_hash_seed ());
 
 	if (url->urllen > 0) {
-		XXH_UPDATE (&st, url->string, url->urllen);
+		rspamd_cryptobox_fast_hash_update (&st, url->string, url->urllen);
 	}
 
-	XXH_UPDATE (&st, &url->flags, sizeof (url->flags));
+	rspamd_cryptobox_fast_hash_update (&st, &url->flags, sizeof (url->flags));
 
-	return XXH_DIGEST (&st);
+	return rspamd_cryptobox_fast_hash_final (&st);
 }
 
 /* Compare two emails for building emails tree */
diff --git a/src/libutil/upstream.c b/src/libutil/upstream.c
index 020039d71..fe07e89d2 100644
--- a/src/libutil/upstream.c
+++ b/src/libutil/upstream.c
@@ -19,7 +19,7 @@
 #include "ref.h"
 #include "cfg_file.h"
 #include "rdns.h"
-#include "xxhash.h"
+#include "cryptobox.h"
 #include "utlist.h"
 
 struct upstream_inet_addr_entry {
@@ -785,7 +785,8 @@ rspamd_upstream_get_hashed (struct upstream_list *ups, const guint8 *key, guint
 	guint32 idx;
 
 	/* Generate 64 bits input key */
-	k = XXH64 (key, keylen, ups->hash_seed);
+	k = rspamd_cryptobox_fast_hash_specific (RSPAMD_CRYPTOBOX_XXHASH64,
+			key, keylen, ups->hash_seed);
 
 	rspamd_mutex_lock (ups->lock);
 	idx = rspamd_consistent_hash (k, ups->alive->len);
diff --git a/src/lua/lua_task.c b/src/lua/lua_task.c
index 31b0aac76..7a756679b 100644
--- a/src/lua/lua_task.c
+++ b/src/lua/lua_task.c
@@ -23,7 +23,7 @@
 #include "cfg_file.h"
 #include "email_addr.h"
 #include "utlist.h"
-#include "xxhash.h"
+#include "cryptobox.h"
 
 /***
  * @module rspamd_task
@@ -1568,7 +1568,8 @@ lua_task_str_to_get_type (lua_State *L, gint pos)
 		type = lua_tolstring (L, pos, &sz);
 
 		if (type && sz > 0) {
-			h = XXH64 (type, sz, 0xdeadbabe);
+			h = rspamd_cryptobox_fast_hash_specific (RSPAMD_CRYPTOBOX_XXHASH64,
+					type, sz, 0xdeadbabe);
 
 			switch (h) {
 			case 0xDA081341FB600389ULL: /* mime */
diff --git a/src/rspamd.c b/src/rspamd.c
index e67977cbd..72e676267 100644
--- a/src/rspamd.c
+++ b/src/rspamd.c
@@ -21,7 +21,7 @@
 #include "libserver/worker_util.h"
 #include "libserver/rspamd_control.h"
 #include "ottery.h"
-#include "xxhash.h"
+#include "cryptobox.h"
 #include "utlist.h"
 #include "unix-std.h"
 /* sysexits */
@@ -409,30 +409,30 @@ systemd_get_socket (struct rspamd_main *rspamd_main, gint number)
 static inline uintptr_t
 make_listen_key (struct rspamd_worker_bind_conf *cf)
 {
-	XXH64_state_t st;
+	rspamd_cryptobox_fast_hash_state_t st;
 	guint i, keylen;
 	guint8 *key;
 	rspamd_inet_addr_t *addr;
 	guint16 port;
 
-	XXH64_reset (&st, rspamd_hash_seed ());
+	rspamd_cryptobox_fast_hash_init (&st, rspamd_hash_seed ());
 	if (cf->is_systemd) {
-		XXH64_update (&st, "systemd", sizeof ("systemd"));
-		XXH64_update (&st, &cf->cnt, sizeof (cf->cnt));
+		rspamd_cryptobox_fast_hash_update (&st, "systemd", sizeof ("systemd"));
+		rspamd_cryptobox_fast_hash_update (&st, &cf->cnt, sizeof (cf->cnt));
 	}
 	else {
-		XXH64_update (&st, cf->name, strlen (cf->name));
+		rspamd_cryptobox_fast_hash_update (&st, cf->name, strlen (cf->name));
 		for (i = 0; i < cf->cnt; i ++) {
 			addr = g_ptr_array_index (cf->addrs, i);
 			key = rspamd_inet_address_get_radix_key (
 					addr, &keylen);
-			XXH64_update (&st, key, keylen);
+			rspamd_cryptobox_fast_hash_update (&st, key, keylen);
 			port = rspamd_inet_address_get_port (addr);
-			XXH64_update (&st, &port, sizeof (port));
+			rspamd_cryptobox_fast_hash_update (&st, &port, sizeof (port));
 		}
 	}
 
-	return XXH64_digest (&st);
+	return rspamd_cryptobox_fast_hash_final (&st);
 }
 
 static void
@@ -959,7 +959,7 @@ rspamd_control_handler (gint fd, short what, gpointer arg)
 static guint
 rspamd_spair_hash (gconstpointer p)
 {
-	return XXH64 (p, PAIR_ID_LEN, rspamd_hash_seed ());
+	return rspamd_cryptobox_fast_hash (p, PAIR_ID_LEN, rspamd_hash_seed ());
 }
 
 static gboolean
-- 
2.39.5