summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2022-07-09 14:18:49 -0700
committerHerbert Xu <herbert@gondor.apana.org.au>2022-07-15 16:43:59 +0800
commitec8f7f4821d5e70d71601519bc2325b311324a96 (patch)
tree45c64f86acc7dac2c6a2087c38787f4ac2ce79f9
parent463f74089ff9148e3e46af454a6977d40b98cd10 (diff)
downloadlwn-ec8f7f4821d5e70d71601519bc2325b311324a96.tar.gz
lwn-ec8f7f4821d5e70d71601519bc2325b311324a96.zip
crypto: lib - make the sha1 library optional
Since the Linux RNG no longer uses sha1_transform(), the SHA-1 library is no longer needed unconditionally. Make it possible to build the Linux kernel without the SHA-1 library by putting it behind a kconfig option, and selecting this new option from the kconfig options that gate the remaining users: CRYPTO_SHA1 for crypto/sha1_generic.c, BPF for kernel/bpf/core.c, and IPV6 for net/ipv6/addrconf.c. Unfortunately, since BPF is selected by NET, for now this can only make a difference for kernels built without networking support. Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com> Acked-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--crypto/Kconfig1
-rw-r--r--init/Kconfig1
-rw-r--r--lib/crypto/Kconfig3
-rw-r--r--lib/crypto/Makefile3
-rw-r--r--net/ipv6/Kconfig1
5 files changed, 8 insertions, 1 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 54bdcf2ce331..75c71d9a5ffb 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -901,6 +901,7 @@ config CRYPTO_RMD160
config CRYPTO_SHA1
tristate "SHA1 digest algorithm"
select CRYPTO_HASH
+ select CRYPTO_LIB_SHA1
help
SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
diff --git a/init/Kconfig b/init/Kconfig
index c984afc489de..d8d0b4bdfe41 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1472,6 +1472,7 @@ config HAVE_PCSPKR_PLATFORM
# interpreter that classic socket filters depend on
config BPF
bool
+ select CRYPTO_LIB_SHA1
menuconfig EXPERT
bool "Configure standard kernel features (expert users)"
diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig
index 2082af43d51f..9ff549f63540 100644
--- a/lib/crypto/Kconfig
+++ b/lib/crypto/Kconfig
@@ -121,6 +121,9 @@ config CRYPTO_LIB_CHACHA20POLY1305
select CRYPTO_LIB_POLY1305
select CRYPTO_ALGAPI
+config CRYPTO_LIB_SHA1
+ tristate
+
config CRYPTO_LIB_SHA256
tristate
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile
index d28111ba54fc..919cbb2c220d 100644
--- a/lib/crypto/Makefile
+++ b/lib/crypto/Makefile
@@ -34,7 +34,8 @@ libpoly1305-y := poly1305-donna32.o
libpoly1305-$(CONFIG_ARCH_SUPPORTS_INT128) := poly1305-donna64.o
libpoly1305-y += poly1305.o
-obj-y += sha1.o
+obj-$(CONFIG_CRYPTO_LIB_SHA1) += libsha1.o
+libsha1-y := sha1.o
obj-$(CONFIG_CRYPTO_LIB_SHA256) += libsha256.o
libsha256-y := sha256.o
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index bf2e5e5fe142..658bfed1df8b 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -7,6 +7,7 @@
menuconfig IPV6
tristate "The IPv6 protocol"
default y
+ select CRYPTO_LIB_SHA1
help
Support for IP version 6 (IPv6).