From: Eric Biggers <ebiggers@kernel.org>
To: Ross Philipson <ross.philipson@oracle.com>
Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
Jason@zx2c4.com, ardb@kernel.org, dpsmith@apertussolutions.com,
kanth.ghatraju@oracle.com, andrew.cooper3@citrix.com,
trenchboot-devel@googlegroups.com
Subject: Re: [PATCH] crypto: lib/sha1 - use __DISABLE_EXPORTS for SHA1 library
Date: Wed, 17 Dec 2025 23:57:45 +0000 [thread overview]
Message-ID: <20251217235745.GB89113@google.com> (raw)
In-Reply-To: <20251217233826.1761939-1-ross.philipson@oracle.com>
On Wed, Dec 17, 2025 at 03:38:26PM -0800, Ross Philipson wrote:
> Allow the SHA1 library code in lib/crypto/sha1.c to be used in a pre-boot
> environments. Use the __DISABLE_EXPORTS macro to disable function exports and
> define the proper values for that environment as was done earlier for SHA256.
>
> This issue was brought up during the review of the Secure Launch v15 patches
> that use SHA1 in a pre-boot environment (link in tags below). This is being
> sent as a standalone patch to address this.
>
> Link: https://lore.kernel.org/r/20251216002150.GA11579@quark
> Cc: Eric Biggers <ebiggers@kernel.org>
> Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
> ---
> lib/crypto/sha1.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/crypto/sha1.c b/lib/crypto/sha1.c
> index 52788278cd17..e5a9e1361058 100644
> --- a/lib/crypto/sha1.c
> +++ b/lib/crypto/sha1.c
> @@ -154,7 +154,7 @@ static void __maybe_unused sha1_blocks_generic(struct sha1_block_state *state,
> memzero_explicit(workspace, sizeof(workspace));
> }
>
> -#ifdef CONFIG_CRYPTO_LIB_SHA1_ARCH
> +#if defined(CONFIG_CRYPTO_LIB_SHA1_ARCH) && !defined(__DISABLE_EXPORTS)
> #include "sha1.h" /* $(SRCARCH)/sha1.h */
> #else
> #define sha1_blocks sha1_blocks_generic
Shouldn't this be part of the patchset that needs this?
Also, when __DISABLE_EXPORTS is defined, only the functionality actually
used by pre-boot environments should be included. HMAC support for
example probably isn't needed.
The commit title is also misleading. How about:
"lib/crypto: sha1: Add support for pre-boot environments".
- Eric
next prev parent reply other threads:[~2025-12-17 23:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-17 23:38 [PATCH] crypto: lib/sha1 - use __DISABLE_EXPORTS for SHA1 library Ross Philipson
2025-12-17 23:57 ` Eric Biggers [this message]
2025-12-18 18:25 ` ross.philipson
2025-12-18 18:35 ` Eric Biggers
2025-12-18 18:58 ` ross.philipson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251217235745.GB89113@google.com \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=andrew.cooper3@citrix.com \
--cc=ardb@kernel.org \
--cc=dpsmith@apertussolutions.com \
--cc=kanth.ghatraju@oracle.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ross.philipson@oracle.com \
--cc=trenchboot-devel@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.