summaryrefslogtreecommitdiff
path: root/security/keys
diff options
context:
space:
mode:
authorEric Biggers <ebiggers@google.com>2020-11-12 21:20:21 -0800
committerHerbert Xu <herbert@gondor.apana.org.au>2020-11-20 14:45:33 +1100
commita24d22b225ce158651378869a6b88105c4bdb887 (patch)
tree810994e166c5472a341136b3140ac9a2ae56440c /security/keys
parent5bdad829c31a09069fd508534f03c2ea1576ac75 (diff)
downloadlwn-a24d22b225ce158651378869a6b88105c4bdb887.tar.gz
lwn-a24d22b225ce158651378869a6b88105c4bdb887.zip
crypto: sha - split sha.h into sha1.h and sha2.h
Currently <crypto/sha.h> contains declarations for both SHA-1 and SHA-2, and <crypto/sha3.h> contains declarations for SHA-3. This organization is inconsistent, but more importantly SHA-1 is no longer considered to be cryptographically secure. So to the extent possible, SHA-1 shouldn't be grouped together with any of the other SHA versions, and usage of it should be phased out. Therefore, split <crypto/sha.h> into two headers <crypto/sha1.h> and <crypto/sha2.h>, and make everyone explicitly specify whether they want the declarations for SHA-1, SHA-2, or both. This avoids making the SHA-1 declarations visible to files that don't want anything to do with SHA-1. It also prepares for potentially moving sha1.h into a new insecure/ or dangerous/ directory. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'security/keys')
-rw-r--r--security/keys/encrypted-keys/encrypted.c2
-rw-r--r--security/keys/trusted-keys/trusted_tpm1.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 192e531c146f..87432b35d771 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -29,7 +29,7 @@
#include <crypto/aes.h>
#include <crypto/algapi.h>
#include <crypto/hash.h>
-#include <crypto/sha.h>
+#include <crypto/sha2.h>
#include <crypto/skcipher.h>
#include "encrypted.h"
diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
index b9fe02e5f84f..74d82093cbaa 100644
--- a/security/keys/trusted-keys/trusted_tpm1.c
+++ b/security/keys/trusted-keys/trusted_tpm1.c
@@ -22,7 +22,7 @@
#include <linux/rcupdate.h>
#include <linux/crypto.h>
#include <crypto/hash.h>
-#include <crypto/sha.h>
+#include <crypto/sha1.h>
#include <linux/capability.h>
#include <linux/tpm.h>
#include <linux/tpm_command.h>