* [Buildroot] [PATCH 1/1] gnupg: Add options for SHA-256 and SHA-512 hashes
@ 2017-04-06 1:09 Jack Breese
2017-04-06 4:01 ` Baruch Siach
2017-04-07 1:09 ` [Buildroot] [PATCH v2] " Jack Breese
0 siblings, 2 replies; 5+ messages in thread
From: Jack Breese @ 2017-04-06 1:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Jack Breese <jack@kumunetworks.com>
---
package/gnupg/Config.in | 10 ++++++++++
package/gnupg/gnupg.mk | 12 ++++++++++++
2 files changed, 22 insertions(+)
diff --git a/package/gnupg/Config.in b/package/gnupg/Config.in
index 30f215fed..87b3afe76 100644
--- a/package/gnupg/Config.in
+++ b/package/gnupg/Config.in
@@ -26,6 +26,16 @@ config BR2_PACKAGE_GNUPG_RSA
help
Support for RSA public key algorithm
+config BR2_PACKAGE_GNUPG_SHA256
+ bool "SHA256 support"
+ help
+ Support for SHA256 hash algorithm
+
+config BR2_PACKAGE_GNUPG_SHA512
+ bool "SHA512 support"
+ help
+ Support for SHA512 hash algorithm
+
config BR2_PACKAGE_GNUPG_GPGV
bool "gpgv"
help
diff --git a/package/gnupg/gnupg.mk b/package/gnupg/gnupg.mk
index caa9d2c46..be3e00282 100644
--- a/package/gnupg/gnupg.mk
+++ b/package/gnupg/gnupg.mk
@@ -48,6 +48,18 @@ else
GNUPG_CONF_OPTS += --disable-rsa
endif
+ifeq ($(BR2_PACKAGE_GNUPG_SHA256),y)
+GNUPG_CONF_OPTS += --enable-sha256
+else
+GNUPG_CONF_OPTS += --disable-sha256
+endif
+
+ifeq ($(BR2_PACKAGE_GNUPG_SHA512),y)
+GNUPG_CONF_OPTS += --enable-sha512
+else
+GNUPG_CONF_OPTS += --disable-sha512
+endif
+
ifneq ($(BR2_PACKAGE_GNUPG_GPGV),y)
define GNUPG_REMOVE_GPGV
rm -f $(TARGET_DIR)/usr/bin/gpgv
--
2.11.0 (Apple Git-81)
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] gnupg: Add options for SHA-256 and SHA-512 hashes
2017-04-06 1:09 [Buildroot] [PATCH 1/1] gnupg: Add options for SHA-256 and SHA-512 hashes Jack Breese
@ 2017-04-06 4:01 ` Baruch Siach
2017-04-07 0:44 ` Jack Breese
2017-04-07 1:09 ` [Buildroot] [PATCH v2] " Jack Breese
1 sibling, 1 reply; 5+ messages in thread
From: Baruch Siach @ 2017-04-06 4:01 UTC (permalink / raw)
To: buildroot
Hi Jack,
On Wed, Apr 05, 2017 at 06:09:08PM -0700, Jack Breese wrote:
> Signed-off-by: Jack Breese <jack@kumunetworks.com>
> ---
> package/gnupg/Config.in | 10 ++++++++++
> package/gnupg/gnupg.mk | 12 ++++++++++++
> 2 files changed, 22 insertions(+)
>
> diff --git a/package/gnupg/Config.in b/package/gnupg/Config.in
> index 30f215fed..87b3afe76 100644
> --- a/package/gnupg/Config.in
> +++ b/package/gnupg/Config.in
> @@ -26,6 +26,16 @@ config BR2_PACKAGE_GNUPG_RSA
> help
> Support for RSA public key algorithm
>
> +config BR2_PACKAGE_GNUPG_SHA256
> + bool "SHA256 support"
> + help
> + Support for SHA256 hash algorithm
> +
> +config BR2_PACKAGE_GNUPG_SHA512
> + bool "SHA512 support"
> + help
> + Support for SHA512 hash algorithm
What is the size impact of these options? In case the size increase is
relatively small just enable them unconditionally. I'd say that, given the
security implications, we should enable SHA2 even if the size impact is big.
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] gnupg: Add options for SHA-256 and SHA-512 hashes
2017-04-06 4:01 ` Baruch Siach
@ 2017-04-07 0:44 ` Jack Breese
0 siblings, 0 replies; 5+ messages in thread
From: Jack Breese @ 2017-04-07 0:44 UTC (permalink / raw)
To: buildroot
>
>
> What is the size impact of these options? In case the size increase is
> relatively small just enable them unconditionally. I'd say that, given the
> security implications, we should enable SHA2 even if the size impact is
> big.
>
> Size impact is ~6k to the binary to enable both options. (armv7l). I'll
submit v2 with both enabled.
Binary size without SHA256 + SHA512:
-rwxr-xr-x 1 root root 550K Apr 6 10:03 gpg
Binary size with both:
-rwxr-xr-x 1 root root 555.9K Mar 31 22:50 gpg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20170406/8ba83f8b/attachment.html>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH v2] gnupg: Add options for SHA-256 and SHA-512 hashes
2017-04-06 1:09 [Buildroot] [PATCH 1/1] gnupg: Add options for SHA-256 and SHA-512 hashes Jack Breese
2017-04-06 4:01 ` Baruch Siach
@ 2017-04-07 1:09 ` Jack Breese
2017-04-08 13:32 ` Thomas Petazzoni
1 sibling, 1 reply; 5+ messages in thread
From: Jack Breese @ 2017-04-07 1:09 UTC (permalink / raw)
To: buildroot
Signed-off-by: Jack Breese <jack@kumunetworks.com>
---
Changes v1 -> v2:
- Enable SHA-256 and SHA-512 unconditionally because
size difference is small. (~6k on armv7l) (Suggested by Baruch)
Binary size without SHA256 + SHA512:
-rwxr-xr-x 1 root root 550K Apr 6 10:03 gpg
Binary size with both:
-rwxr-xr-x 1 root root 555.9K Mar 31 22:50 gpg
Signed-off-by: Jack Breese <jack@kumunetworks.com>
---
package/gnupg/gnupg.mk | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/package/gnupg/gnupg.mk b/package/gnupg/gnupg.mk
index caa9d2c46..b3578b87d 100644
--- a/package/gnupg/gnupg.mk
+++ b/package/gnupg/gnupg.mk
@@ -11,7 +11,12 @@ GNUPG_LICENSE = GPL-3.0+
GNUPG_LICENSE_FILES = COPYING
GNUPG_DEPENDENCIES = zlib ncurses $(if $(BR2_PACKAGE_LIBICONV),libiconv)
GNUPG_CONF_ENV = ac_cv_sys_symbol_underscore=no
-GNUPG_CONF_OPTS = --disable-rpath --enable-minimal --disable-regex
+GNUPG_CONF_OPTS = \
+ --disable-rpath \
+ --enable-minimal \
+ --disable-regex \
+ --enable-sha256 \
+ --enable-sha512
# gnupg doesn't support assembly for coldfire
ifeq ($(BR2_m68k_cf),y)
--
2.11.0 (Apple Git-81)
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Buildroot] [PATCH v2] gnupg: Add options for SHA-256 and SHA-512 hashes
2017-04-07 1:09 ` [Buildroot] [PATCH v2] " Jack Breese
@ 2017-04-08 13:32 ` Thomas Petazzoni
0 siblings, 0 replies; 5+ messages in thread
From: Thomas Petazzoni @ 2017-04-08 13:32 UTC (permalink / raw)
To: buildroot
Hello,
On Thu, 6 Apr 2017 18:09:43 -0700, Jack Breese wrote:
> Signed-off-by: Jack Breese <jack@kumunetworks.com>
>
> ---
> Changes v1 -> v2:
> - Enable SHA-256 and SHA-512 unconditionally because
> size difference is small. (~6k on armv7l) (Suggested by Baruch)
I've applied, but after fixing the commit title: you're no longer
adding options for SHA256 and SHA512, but enabling those
unconditionally.
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-04-08 13:32 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-06 1:09 [Buildroot] [PATCH 1/1] gnupg: Add options for SHA-256 and SHA-512 hashes Jack Breese
2017-04-06 4:01 ` Baruch Siach
2017-04-07 0:44 ` Jack Breese
2017-04-07 1:09 ` [Buildroot] [PATCH v2] " Jack Breese
2017-04-08 13:32 ` Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.