[1/1] gnupg: Add options for SHA-256 and SHA-512 hashes

Message ID	20170406010908.95234-1-jack@kumunetworks.com
State	Superseded
Headers	show Return-Path: <buildroot-bounces@busybox.net> From: Jack Breese <jack@kumunetworks.com> To: buildroot@buildroot.org Date: Wed, 5 Apr 2017 18:09:08 -0700 Message-Id: <20170406010908.95234-1-jack@kumunetworks.com> Cc: Jack Breese <jack@kumunetworks.com> Subject: [Buildroot] [PATCH 1/1] gnupg: Add options for SHA-256 and SHA-512 hashes Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" <buildroot-bounces@busybox.net>

Message ID

20170406010908.95234-1-jack@kumunetworks.com

State

Superseded

Headers

From: Jack Breese <jack@kumunetworks.com>
To: buildroot@buildroot.org
Date: Wed,  5 Apr 2017 18:09:08 -0700
Message-Id: <20170406010908.95234-1-jack@kumunetworks.com>
Cc: Jack Breese <jack@kumunetworks.com>
Subject: [Buildroot] [PATCH 1/1] gnupg: Add options for SHA-256 and SHA-512
	hashes
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Comments

Baruch Siach April 6, 2017, 4:01 a.m. UTC | #1

Hi Jack,

On Wed, Apr 05, 2017 at 06:09:08PM -0700, Jack Breese wrote:
> Signed-off-by: Jack Breese <jack@kumunetworks.com>
> ---
>  package/gnupg/Config.in | 10 ++++++++++
>  package/gnupg/gnupg.mk  | 12 ++++++++++++
>  2 files changed, 22 insertions(+)
> 
> diff --git a/package/gnupg/Config.in b/package/gnupg/Config.in
> index 30f215fed..87b3afe76 100644
> --- a/package/gnupg/Config.in
> +++ b/package/gnupg/Config.in
> @@ -26,6 +26,16 @@ config BR2_PACKAGE_GNUPG_RSA
>  	help
>  	  Support for RSA public key algorithm
>  
> +config BR2_PACKAGE_GNUPG_SHA256
> +	bool "SHA256 support"
> +	help
> +	  Support for SHA256 hash algorithm
> +
> +config BR2_PACKAGE_GNUPG_SHA512
> +	bool "SHA512 support"
> +	help
> +	  Support for SHA512 hash algorithm

What is the size impact of these options? In case the size increase is 
relatively small just enable them unconditionally. I'd say that, given the 
security implications, we should enable SHA2 even if the size impact is big.

baruch

Jack Breese April 7, 2017, 12:44 a.m. UTC | #2

>
>
> What is the size impact of these options? In case the size increase is
> relatively small just enable them unconditionally. I'd say that, given the
> security implications, we should enable SHA2 even if the size impact is
> big.
>
> Size impact is ~6k to the binary to enable both options. (armv7l). I'll
submit v2 with both enabled.

Binary size without SHA256 + SHA512:
-rwxr-xr-x 1 root root 550K Apr  6 10:03 gpg

Binary size with both:
-rwxr-xr-x 1 root root 555.9K Mar 31 22:50 gpg

diff --git a/package/gnupg/Config.in b/package/gnupg/Config.in
index 30f215fed..87b3afe76 100644
--- a/package/gnupg/Config.in
+++ b/package/gnupg/Config.in
@@ -26,6 +26,16 @@  config BR2_PACKAGE_GNUPG_RSA
 	help
 	  Support for RSA public key algorithm
 
+config BR2_PACKAGE_GNUPG_SHA256
+	bool "SHA256 support"
+	help
+	  Support for SHA256 hash algorithm
+
+config BR2_PACKAGE_GNUPG_SHA512
+	bool "SHA512 support"
+	help
+	  Support for SHA512 hash algorithm
+
 config BR2_PACKAGE_GNUPG_GPGV
 	bool "gpgv"
 	help
diff --git a/package/gnupg/gnupg.mk b/package/gnupg/gnupg.mk
index caa9d2c46..be3e00282 100644
--- a/package/gnupg/gnupg.mk
+++ b/package/gnupg/gnupg.mk
@@ -48,6 +48,18 @@  else
 GNUPG_CONF_OPTS += --disable-rsa
 endif
 
+ifeq ($(BR2_PACKAGE_GNUPG_SHA256),y)
+GNUPG_CONF_OPTS += --enable-sha256
+else
+GNUPG_CONF_OPTS += --disable-sha256
+endif
+
+ifeq ($(BR2_PACKAGE_GNUPG_SHA512),y)
+GNUPG_CONF_OPTS += --enable-sha512
+else
+GNUPG_CONF_OPTS += --disable-sha512
+endif
+
 ifneq ($(BR2_PACKAGE_GNUPG_GPGV),y)
 define GNUPG_REMOVE_GPGV
 	rm -f $(TARGET_DIR)/usr/bin/gpgv

[1/1] gnupg: Add options for SHA-256 and SHA-512 hashes

Commit Message

Comments

Patch