All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] gnupg: Add options for SHA-256 and SHA-512 hashes
@ 2017-04-06  1:09 Jack Breese
  2017-04-06  4:01 ` Baruch Siach
  2017-04-07  1:09 ` [Buildroot] [PATCH v2] " Jack Breese
  0 siblings, 2 replies; 5+ messages in thread
From: Jack Breese @ 2017-04-06  1:09 UTC (permalink / raw)
  To: buildroot

Signed-off-by: Jack Breese <jack@kumunetworks.com>
---
 package/gnupg/Config.in | 10 ++++++++++
 package/gnupg/gnupg.mk  | 12 ++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/package/gnupg/Config.in b/package/gnupg/Config.in
index 30f215fed..87b3afe76 100644
--- a/package/gnupg/Config.in
+++ b/package/gnupg/Config.in
@@ -26,6 +26,16 @@ config BR2_PACKAGE_GNUPG_RSA
 	help
 	  Support for RSA public key algorithm
 
+config BR2_PACKAGE_GNUPG_SHA256
+	bool "SHA256 support"
+	help
+	  Support for SHA256 hash algorithm
+
+config BR2_PACKAGE_GNUPG_SHA512
+	bool "SHA512 support"
+	help
+	  Support for SHA512 hash algorithm
+
 config BR2_PACKAGE_GNUPG_GPGV
 	bool "gpgv"
 	help
diff --git a/package/gnupg/gnupg.mk b/package/gnupg/gnupg.mk
index caa9d2c46..be3e00282 100644
--- a/package/gnupg/gnupg.mk
+++ b/package/gnupg/gnupg.mk
@@ -48,6 +48,18 @@ else
 GNUPG_CONF_OPTS += --disable-rsa
 endif
 
+ifeq ($(BR2_PACKAGE_GNUPG_SHA256),y)
+GNUPG_CONF_OPTS += --enable-sha256
+else
+GNUPG_CONF_OPTS += --disable-sha256
+endif
+
+ifeq ($(BR2_PACKAGE_GNUPG_SHA512),y)
+GNUPG_CONF_OPTS += --enable-sha512
+else
+GNUPG_CONF_OPTS += --disable-sha512
+endif
+
 ifneq ($(BR2_PACKAGE_GNUPG_GPGV),y)
 define GNUPG_REMOVE_GPGV
 	rm -f $(TARGET_DIR)/usr/bin/gpgv
-- 
2.11.0 (Apple Git-81)

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] gnupg: Add options for SHA-256 and SHA-512 hashes
  2017-04-06  1:09 [Buildroot] [PATCH 1/1] gnupg: Add options for SHA-256 and SHA-512 hashes Jack Breese
@ 2017-04-06  4:01 ` Baruch Siach
  2017-04-07  0:44   ` Jack Breese
  2017-04-07  1:09 ` [Buildroot] [PATCH v2] " Jack Breese
  1 sibling, 1 reply; 5+ messages in thread
From: Baruch Siach @ 2017-04-06  4:01 UTC (permalink / raw)
  To: buildroot

Hi Jack,

On Wed, Apr 05, 2017 at 06:09:08PM -0700, Jack Breese wrote:
> Signed-off-by: Jack Breese <jack@kumunetworks.com>
> ---
>  package/gnupg/Config.in | 10 ++++++++++
>  package/gnupg/gnupg.mk  | 12 ++++++++++++
>  2 files changed, 22 insertions(+)
> 
> diff --git a/package/gnupg/Config.in b/package/gnupg/Config.in
> index 30f215fed..87b3afe76 100644
> --- a/package/gnupg/Config.in
> +++ b/package/gnupg/Config.in
> @@ -26,6 +26,16 @@ config BR2_PACKAGE_GNUPG_RSA
>  	help
>  	  Support for RSA public key algorithm
>  
> +config BR2_PACKAGE_GNUPG_SHA256
> +	bool "SHA256 support"
> +	help
> +	  Support for SHA256 hash algorithm
> +
> +config BR2_PACKAGE_GNUPG_SHA512
> +	bool "SHA512 support"
> +	help
> +	  Support for SHA512 hash algorithm

What is the size impact of these options? In case the size increase is 
relatively small just enable them unconditionally. I'd say that, given the 
security implications, we should enable SHA2 even if the size impact is big.

baruch

-- 
     http://baruch.siach.name/blog/                  ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 1/1] gnupg: Add options for SHA-256 and SHA-512 hashes
  2017-04-06  4:01 ` Baruch Siach
@ 2017-04-07  0:44   ` Jack Breese
  0 siblings, 0 replies; 5+ messages in thread
From: Jack Breese @ 2017-04-07  0:44 UTC (permalink / raw)
  To: buildroot

>
>
> What is the size impact of these options? In case the size increase is
> relatively small just enable them unconditionally. I'd say that, given the
> security implications, we should enable SHA2 even if the size impact is
> big.
>
> Size impact is ~6k to the binary to enable both options. (armv7l). I'll
submit v2 with both enabled.

Binary size without SHA256 + SHA512:
-rwxr-xr-x 1 root root 550K Apr  6 10:03 gpg

Binary size with both:
-rwxr-xr-x 1 root root 555.9K Mar 31 22:50 gpg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20170406/8ba83f8b/attachment.html>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [Buildroot] [PATCH v2] gnupg: Add options for SHA-256 and SHA-512 hashes
  2017-04-06  1:09 [Buildroot] [PATCH 1/1] gnupg: Add options for SHA-256 and SHA-512 hashes Jack Breese
  2017-04-06  4:01 ` Baruch Siach
@ 2017-04-07  1:09 ` Jack Breese
  2017-04-08 13:32   ` Thomas Petazzoni
  1 sibling, 1 reply; 5+ messages in thread
From: Jack Breese @ 2017-04-07  1:09 UTC (permalink / raw)
  To: buildroot

Signed-off-by: Jack Breese <jack@kumunetworks.com>

---
Changes v1 -> v2:
 - Enable SHA-256 and SHA-512 unconditionally because
   size difference is small. (~6k on armv7l) (Suggested by Baruch)

Binary size without SHA256 + SHA512:
-rwxr-xr-x 1 root root 550K Apr  6 10:03 gpg

Binary size with both:
-rwxr-xr-x 1 root root 555.9K Mar 31 22:50 gpg

Signed-off-by: Jack Breese <jack@kumunetworks.com>
---
 package/gnupg/gnupg.mk | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/package/gnupg/gnupg.mk b/package/gnupg/gnupg.mk
index caa9d2c46..b3578b87d 100644
--- a/package/gnupg/gnupg.mk
+++ b/package/gnupg/gnupg.mk
@@ -11,7 +11,12 @@ GNUPG_LICENSE = GPL-3.0+
 GNUPG_LICENSE_FILES = COPYING
 GNUPG_DEPENDENCIES = zlib ncurses $(if $(BR2_PACKAGE_LIBICONV),libiconv)
 GNUPG_CONF_ENV = ac_cv_sys_symbol_underscore=no
-GNUPG_CONF_OPTS = --disable-rpath --enable-minimal --disable-regex
+GNUPG_CONF_OPTS = \
+	--disable-rpath \
+	--enable-minimal \
+	--disable-regex \
+	--enable-sha256 \
+	--enable-sha512
 
 # gnupg doesn't support assembly for coldfire
 ifeq ($(BR2_m68k_cf),y)
-- 
2.11.0 (Apple Git-81)

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [Buildroot] [PATCH v2] gnupg: Add options for SHA-256 and SHA-512 hashes
  2017-04-07  1:09 ` [Buildroot] [PATCH v2] " Jack Breese
@ 2017-04-08 13:32   ` Thomas Petazzoni
  0 siblings, 0 replies; 5+ messages in thread
From: Thomas Petazzoni @ 2017-04-08 13:32 UTC (permalink / raw)
  To: buildroot

Hello,

On Thu,  6 Apr 2017 18:09:43 -0700, Jack Breese wrote:
> Signed-off-by: Jack Breese <jack@kumunetworks.com>
> 
> ---
> Changes v1 -> v2:
>  - Enable SHA-256 and SHA-512 unconditionally because
>    size difference is small. (~6k on armv7l) (Suggested by Baruch)

I've applied, but after fixing the commit title: you're no longer
adding options for SHA256 and SHA512, but enabling those
unconditionally.

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-04-08 13:32 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-06  1:09 [Buildroot] [PATCH 1/1] gnupg: Add options for SHA-256 and SHA-512 hashes Jack Breese
2017-04-06  4:01 ` Baruch Siach
2017-04-07  0:44   ` Jack Breese
2017-04-07  1:09 ` [Buildroot] [PATCH v2] " Jack Breese
2017-04-08 13:32   ` Thomas Petazzoni

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.