[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220112131204.800307-1-Jason@zx2c4.com>
Date: Wed, 12 Jan 2022 14:12:01 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Cc: "Jason A. Donenfeld" <Jason@...c4.com>,
Geert Uytterhoeven <geert@...ux-m68k.org>,
Herbert Xu <herbert@...dor.apana.org.au>,
Ard Biesheuvel <ardb@...nel.org>,
Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>,
linux-crypto@...r.kernel.org
Subject: [PATCH RFC v1 0/3] remove remaining users of SHA-1
Hi,
There are currently two remaining users of SHA-1 left in the kernel: bpf
tag generation, and ipv6 address calculation. In an effort to reduce
code size and rid ourselves of insecure primitives, this RFC patchset
moves to using the more secure BLAKE2s function. I wanted to get your
feedback on how feasible this patchset is, and if there is some
remaining attachment to SHA-1, why exactly, and what could be done to
mitigate it. Rather than sending a mailing list post just asking, "what
do you think?" I figured it'd be easier to send this as an RFC patchset,
so you see specifically what I mean.
Thoughts? Comments?
Thanks,
Jason
Cc: Geert Uytterhoeven <geert@...ux-m68k.org>
Cc: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Ard Biesheuvel <ardb@...nel.org>
Cc: Jean-Philippe Aumasson <jeanphilippe.aumasson@...il.com>
Cc: linux-crypto@...r.kernel.org
Jason A. Donenfeld (3):
bpf: move from sha1 to blake2s in tag calculation
ipv6: move from sha1 to blake2s in address calculation
crypto: sha1_generic - import lib/sha1.c locally
crypto/sha1_generic.c | 114 +++++++++++++++++++++++++++++++++++
include/crypto/sha1.h | 10 ---
kernel/bpf/core.c | 39 ++----------
lib/Makefile | 2 +-
lib/sha1.c | 137 ------------------------------------------
net/ipv6/addrconf.c | 31 +++-------
6 files changed, 128 insertions(+), 205 deletions(-)
delete mode 100644 lib/sha1.c
--
2.34.1
Powered by blists - more mailing lists