crypto: lib - make the sha1 library optional
Since the Linux RNG no longer uses sha1_transform(), the SHA-1 library is no longer needed unconditionally. Make it possible to build the Linux kernel without the SHA-1 library by putting it behind a kconfig option, and selecting this new option from the kconfig options that gate the remaining users: CRYPTO_SHA1 for crypto/sha1_generic.c, BPF for kernel/bpf/core.c, and IPV6 for net/ipv6/addrconf.c. Unfortunately, since BPF is selected by NET, for now this can only make a difference for kernels built without networking support. Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com> Acked-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
463f74089f
commit
ec8f7f4821
|
@ -901,6 +901,7 @@ config CRYPTO_RMD160
|
||||||
config CRYPTO_SHA1
|
config CRYPTO_SHA1
|
||||||
tristate "SHA1 digest algorithm"
|
tristate "SHA1 digest algorithm"
|
||||||
select CRYPTO_HASH
|
select CRYPTO_HASH
|
||||||
|
select CRYPTO_LIB_SHA1
|
||||||
help
|
help
|
||||||
SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
|
SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
|
||||||
|
|
||||||
|
|
|
@ -1472,6 +1472,7 @@ config HAVE_PCSPKR_PLATFORM
|
||||||
# interpreter that classic socket filters depend on
|
# interpreter that classic socket filters depend on
|
||||||
config BPF
|
config BPF
|
||||||
bool
|
bool
|
||||||
|
select CRYPTO_LIB_SHA1
|
||||||
|
|
||||||
menuconfig EXPERT
|
menuconfig EXPERT
|
||||||
bool "Configure standard kernel features (expert users)"
|
bool "Configure standard kernel features (expert users)"
|
||||||
|
|
|
@ -121,6 +121,9 @@ config CRYPTO_LIB_CHACHA20POLY1305
|
||||||
select CRYPTO_LIB_POLY1305
|
select CRYPTO_LIB_POLY1305
|
||||||
select CRYPTO_ALGAPI
|
select CRYPTO_ALGAPI
|
||||||
|
|
||||||
|
config CRYPTO_LIB_SHA1
|
||||||
|
tristate
|
||||||
|
|
||||||
config CRYPTO_LIB_SHA256
|
config CRYPTO_LIB_SHA256
|
||||||
tristate
|
tristate
|
||||||
|
|
||||||
|
|
|
@ -34,7 +34,8 @@ libpoly1305-y := poly1305-donna32.o
|
||||||
libpoly1305-$(CONFIG_ARCH_SUPPORTS_INT128) := poly1305-donna64.o
|
libpoly1305-$(CONFIG_ARCH_SUPPORTS_INT128) := poly1305-donna64.o
|
||||||
libpoly1305-y += poly1305.o
|
libpoly1305-y += poly1305.o
|
||||||
|
|
||||||
obj-y += sha1.o
|
obj-$(CONFIG_CRYPTO_LIB_SHA1) += libsha1.o
|
||||||
|
libsha1-y := sha1.o
|
||||||
|
|
||||||
obj-$(CONFIG_CRYPTO_LIB_SHA256) += libsha256.o
|
obj-$(CONFIG_CRYPTO_LIB_SHA256) += libsha256.o
|
||||||
libsha256-y := sha256.o
|
libsha256-y := sha256.o
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
menuconfig IPV6
|
menuconfig IPV6
|
||||||
tristate "The IPv6 protocol"
|
tristate "The IPv6 protocol"
|
||||||
default y
|
default y
|
||||||
|
select CRYPTO_LIB_SHA1
|
||||||
help
|
help
|
||||||
Support for IP version 6 (IPv6).
|
Support for IP version 6 (IPv6).
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue