[PATCH 2/2] crypto: make the sha1 library optional

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
	"Jason A . Donenfeld " <Jason@zx2c4.com>
Subject: [PATCH 2/2] crypto: make the sha1 library optional
Date: Sat,  9 Jul 2022 14:18:49 -0700	[thread overview]
Message-ID: <20220709211849.210850-3-ebiggers@kernel.org> (raw)
In-Reply-To: <20220709211849.210850-1-ebiggers@kernel.org>

From: Eric Biggers <ebiggers@google.com>

Since the Linux RNG no longer uses sha1_transform(), the SHA-1 library
is no longer needed unconditionally.  Make it possible to build the
Linux kernel without the SHA-1 library by putting it behind a kconfig
option, and selecting this new option from the kconfig options that gate
the remaining users: CRYPTO_SHA1 for crypto/sha1_generic.c, BPF for
kernel/bpf/core.c, and IPV6 for net/ipv6/addrconf.c.

Unfortunately, since BPF is selected by NET, for now this can only make
a difference for kernels built without networking support.

Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 crypto/Kconfig      | 1 +
 init/Kconfig        | 1 +
 lib/crypto/Kconfig  | 3 +++
 lib/crypto/Makefile | 3 ++-
 net/ipv6/Kconfig    | 1 +
 5 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 59489a300cd100..bf15ca5eb9d367 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -880,6 +880,7 @@ config CRYPTO_RMD160
 config CRYPTO_SHA1
 	tristate "SHA1 digest algorithm"
 	select CRYPTO_HASH
+	select CRYPTO_LIB_SHA1
 	help
 	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
 
diff --git a/init/Kconfig b/init/Kconfig
index c984afc489dead..d8d0b4bdfe4195 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1472,6 +1472,7 @@ config HAVE_PCSPKR_PLATFORM
 # interpreter that classic socket filters depend on
 config BPF
 	bool
+	select CRYPTO_LIB_SHA1
 
 menuconfig EXPERT
 	bool "Configure standard kernel features (expert users)"
diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig
index 2082af43d51fbe..9ff549f63540fa 100644
--- a/lib/crypto/Kconfig
+++ b/lib/crypto/Kconfig
@@ -121,6 +121,9 @@ config CRYPTO_LIB_CHACHA20POLY1305
 	select CRYPTO_LIB_POLY1305
 	select CRYPTO_ALGAPI
 
+config CRYPTO_LIB_SHA1
+	tristate
+
 config CRYPTO_LIB_SHA256
 	tristate
 
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile
index d28111ba54fcb2..919cbb2c220d61 100644
--- a/lib/crypto/Makefile
+++ b/lib/crypto/Makefile
@@ -34,7 +34,8 @@ libpoly1305-y					:= poly1305-donna32.o
 libpoly1305-$(CONFIG_ARCH_SUPPORTS_INT128)	:= poly1305-donna64.o
 libpoly1305-y					+= poly1305.o
 
-obj-y						+= sha1.o
+obj-$(CONFIG_CRYPTO_LIB_SHA1)			+= libsha1.o
+libsha1-y					:= sha1.o
 
 obj-$(CONFIG_CRYPTO_LIB_SHA256)			+= libsha256.o
 libsha256-y					:= sha256.o
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index bf2e5e5fe14273..658bfed1df8b17 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -7,6 +7,7 @@
 menuconfig IPV6
 	tristate "The IPv6 protocol"
 	default y
+	select CRYPTO_LIB_SHA1
 	help
 	  Support for IP version 6 (IPv6).
 
-- 
2.37.0

next prev parent reply	other threads:[~2022-07-09 21:21 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-09 21:18 [PATCH 0/2] crypto: make the sha1 library optional Eric Biggers
2022-07-09 21:18 ` [PATCH 1/2] crypto: move lib/sha1.c into lib/crypto/ Eric Biggers
2022-07-11 14:58   ` Jason A. Donenfeld
2022-07-09 21:18 ` Eric Biggers [this message]
2022-07-11 14:59   ` [PATCH 2/2] crypto: make the sha1 library optional Jason A. Donenfeld
2022-07-11 18:03   ` Jakub Kicinski
2022-07-15  1:18     ` Alexei Starovoitov
2022-07-15  8:50 ` [PATCH 0/2] " Herbert Xu
2022-07-18 17:49   ` Randy Dunlap
2022-07-19  3:48     ` Eric Biggers

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:59489a300cd10 dfblob:bf15ca5eb9d36 dfblob:c984afc489dea
dfblob:d8d0b4bdfe419 dfblob:2082af43d51fb dfblob:9ff549f63540f
dfblob:d28111ba54fcb dfblob:919cbb2c220d6 dfblob:bf2e5e5fe1427
dfblob:658bfed1df8b1 )
 OR (
bs:"[PATCH 2/2] crypto: make the sha1 library optional" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220709211849.210850-3-ebiggers@kernel.org \
    --to=ebiggers@kernel.org \
    --cc=Jason@zx2c4.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.