From: Eric Biggers <ebiggers@kernel.org>
To: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
"Jason A . Donenfeld" <Jason@zx2c4.com>,
linux-arm-kernel@lists.infradead.org, linux-mips@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, linux-s390@vger.kernel.org,
sparclinux@vger.kernel.org, x86@kernel.org,
Eric Biggers <ebiggers@kernel.org>
Subject: [PATCH 26/26] lib/crypto: sha1: Remove low-level functions from API
Date: Sat, 12 Jul 2025 16:23:17 -0700 [thread overview]
Message-ID: <20250712232329.818226-27-ebiggers@kernel.org> (raw)
In-Reply-To: <20250712232329.818226-1-ebiggers@kernel.org>
Now that there are no users of the low-level SHA-1 interface, remove it.
Specifically:
- Remove SHA1_DIGEST_WORDS (no longer used)
- Remove sha1_init_raw() (no longer used)
- Rename sha1_transform() to sha1_block_generic() and make it static
- Move SHA1_WORKSPACE_WORDS into lib/crypto/sha1.c
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
include/crypto/sha1.h | 10 -------
lib/crypto/sha1.c | 63 ++++++++++++-------------------------------
2 files changed, 17 insertions(+), 56 deletions(-)
diff --git a/include/crypto/sha1.h b/include/crypto/sha1.h
index 162a529ec8413..34658f4d76e3b 100644
--- a/include/crypto/sha1.h
+++ b/include/crypto/sha1.h
@@ -24,20 +24,10 @@ struct sha1_state {
u32 state[SHA1_DIGEST_SIZE / 4];
u64 count;
u8 buffer[SHA1_BLOCK_SIZE];
};
-/*
- * An implementation of SHA-1's compression function. Don't use in new code!
- * You shouldn't be using SHA-1, and even if you *have* to use SHA-1, this isn't
- * the correct way to hash something with SHA-1 (use crypto_shash instead).
- */
-#define SHA1_DIGEST_WORDS (SHA1_DIGEST_SIZE / 4)
-#define SHA1_WORKSPACE_WORDS 16
-void sha1_init_raw(__u32 *buf);
-void sha1_transform(__u32 *digest, const char *data, __u32 *W);
-
/* State for the SHA-1 compression function */
struct sha1_block_state {
u32 h[SHA1_DIGEST_SIZE / 4];
};
diff --git a/lib/crypto/sha1.c b/lib/crypto/sha1.c
index 89831f7f27793..87a76bf97f445 100644
--- a/lib/crypto/sha1.c
+++ b/lib/crypto/sha1.c
@@ -49,11 +49,11 @@ static const struct sha1_block_state sha1_iv = {
#else
#define setW(x, val) (W(x) = (val))
#endif
/* This "rolls" over the 512-bit array */
-#define W(x) (array[(x)&15])
+#define W(x) (workspace[(x)&15])
/*
* Where do we get the source from? The first 16 iterations get it from
* the input data, the next mix it from the 512-bit array.
*/
@@ -70,38 +70,24 @@ static const struct sha1_block_state sha1_iv = {
#define T_16_19(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, (((C^D)&B)^D) , 0x5a827999, A, B, C, D, E )
#define T_20_39(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, (B^C^D) , 0x6ed9eba1, A, B, C, D, E )
#define T_40_59(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, ((B&C)+(D&(B^C))) , 0x8f1bbcdc, A, B, C, D, E )
#define T_60_79(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, (B^C^D) , 0xca62c1d6, A, B, C, D, E )
-/**
- * sha1_transform - single block SHA1 transform (deprecated)
- *
- * @digest: 160 bit digest to update
- * @data: 512 bits of data to hash
- * @array: 16 words of workspace (see note)
- *
- * This function executes SHA-1's internal compression function. It updates the
- * 160-bit internal state (@digest) with a single 512-bit data block (@data).
- *
- * Don't use this function. SHA-1 is no longer considered secure. And even if
- * you do have to use SHA-1, this isn't the correct way to hash something with
- * SHA-1 as this doesn't handle padding and finalization.
- *
- * Note: If the hash is security sensitive, the caller should be sure
- * to clear the workspace. This is left to the caller to avoid
- * unnecessary clears between chained hashing operations.
- */
-void sha1_transform(__u32 *digest, const char *data, __u32 *array)
+#define SHA1_WORKSPACE_WORDS 16
+
+static void sha1_block_generic(struct sha1_block_state *state,
+ const u8 data[SHA1_BLOCK_SIZE],
+ u32 workspace[SHA1_WORKSPACE_WORDS])
{
__u32 A, B, C, D, E;
unsigned int i = 0;
- A = digest[0];
- B = digest[1];
- C = digest[2];
- D = digest[3];
- E = digest[4];
+ A = state->h[0];
+ B = state->h[1];
+ C = state->h[2];
+ D = state->h[3];
+ E = state->h[4];
/* Round 1 - iterations 0-16 take their input from 'data' */
for (; i < 16; ++i)
T_0_15(i, A, B, C, D, E);
@@ -119,39 +105,24 @@ void sha1_transform(__u32 *digest, const char *data, __u32 *array)
/* Round 4 */
for (; i < 80; ++i)
T_60_79(i, A, B, C, D, E);
- digest[0] += A;
- digest[1] += B;
- digest[2] += C;
- digest[3] += D;
- digest[4] += E;
-}
-EXPORT_SYMBOL(sha1_transform);
-
-/**
- * sha1_init_raw - initialize the vectors for a SHA1 digest
- * @buf: vector to initialize
- */
-void sha1_init_raw(__u32 *buf)
-{
- buf[0] = 0x67452301;
- buf[1] = 0xefcdab89;
- buf[2] = 0x98badcfe;
- buf[3] = 0x10325476;
- buf[4] = 0xc3d2e1f0;
+ state->h[0] += A;
+ state->h[1] += B;
+ state->h[2] += C;
+ state->h[3] += D;
+ state->h[4] += E;
}
-EXPORT_SYMBOL(sha1_init_raw);
static void __maybe_unused sha1_blocks_generic(struct sha1_block_state *state,
const u8 *data, size_t nblocks)
{
u32 workspace[SHA1_WORKSPACE_WORDS];
do {
- sha1_transform(state->h, data, workspace);
+ sha1_block_generic(state, data, workspace);
data += SHA1_BLOCK_SIZE;
} while (--nblocks);
memzero_explicit(workspace, sizeof(workspace));
}
--
2.50.1
next prev parent reply other threads:[~2025-07-12 23:26 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-12 23:22 [PATCH 00/26] SHA-1 library functions Eric Biggers
2025-07-12 23:22 ` [PATCH 01/26] crypto: x86/sha1 - Rename conflicting symbol Eric Biggers
2025-07-12 23:22 ` [PATCH 02/26] lib/crypto: sha1: Rename sha1_init() to sha1_init_raw() Eric Biggers
2025-07-12 23:22 ` [PATCH 03/26] lib/crypto: sha1: Add SHA-1 library functions Eric Biggers
2025-07-13 15:05 ` Elliott, Robert (Servers)
2025-07-13 16:54 ` Eric Biggers
2025-07-12 23:22 ` [PATCH 04/26] lib/crypto: sha1: Add HMAC support Eric Biggers
2025-07-12 23:22 ` [PATCH 05/26] crypto: sha1 - Wrap library and add " Eric Biggers
2025-07-12 23:22 ` [PATCH 06/26] crypto: sha1 - Use same state format as legacy drivers Eric Biggers
2025-07-12 23:22 ` [PATCH 07/26] lib/crypto: arm/sha1: Migrate optimized code into library Eric Biggers
2025-07-12 23:22 ` [PATCH 08/26] lib/crypto: arm64/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 09/26] lib/crypto: mips/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 10/26] lib/crypto: powerpc/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 11/26] lib/crypto: s390/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 12/26] lib/crypto: sparc/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 13/26] lib/crypto: x86/sha1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 14/26] crypto: sha1 - Remove sha1_base.h Eric Biggers
2025-07-12 23:23 ` [PATCH 15/26] lib/crypto: tests: Add KUnit tests for SHA-1 and HMAC-SHA1 Eric Biggers
2025-07-12 23:23 ` [PATCH 16/26] bpf: Use sha1() instead of sha1_transform() in bpf_prog_calc_tag() Eric Biggers
2025-07-12 23:23 ` [PATCH 17/26] sctp: Use HMAC-SHA1 and HMAC-SHA256 library functions Eric Biggers
2025-07-12 23:23 ` [PATCH 18/26] ipv6: sr: " Eric Biggers
2025-07-12 23:23 ` [PATCH 19/26] tee: Use SHA-1 library instead of crypto_shash Eric Biggers
2025-07-12 23:23 ` [PATCH 20/26] lib/digsig: " Eric Biggers
2025-07-12 23:23 ` [PATCH 21/26] drm/bridge: it6505: " Eric Biggers
2025-07-12 23:23 ` [PATCH 22/26] nfc: s3fwrn5: " Eric Biggers
2025-07-12 23:23 ` [PATCH 23/26] ppp: mppe: " Eric Biggers
2025-07-12 23:23 ` [PATCH 24/26] KEYS: trusted_tpm1: " Eric Biggers
2025-07-12 23:23 ` [PATCH 25/26] ipv6: Switch to higher-level SHA-1 functions Eric Biggers
2025-07-12 23:23 ` Eric Biggers [this message]
2025-07-14 5:22 ` [PATCH 00/26] SHA-1 library functions Ard Biesheuvel
2025-07-18 17:24 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250712232329.818226-27-ebiggers@kernel.org \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=sparclinux@vger.kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).