Message ID | 20170406010908.95234-1-jack@kumunetworks.com |
---|---|
State | Superseded |
Headers | show |
Hi Jack, On Wed, Apr 05, 2017 at 06:09:08PM -0700, Jack Breese wrote: > Signed-off-by: Jack Breese <jack@kumunetworks.com> > --- > package/gnupg/Config.in | 10 ++++++++++ > package/gnupg/gnupg.mk | 12 ++++++++++++ > 2 files changed, 22 insertions(+) > > diff --git a/package/gnupg/Config.in b/package/gnupg/Config.in > index 30f215fed..87b3afe76 100644 > --- a/package/gnupg/Config.in > +++ b/package/gnupg/Config.in > @@ -26,6 +26,16 @@ config BR2_PACKAGE_GNUPG_RSA > help > Support for RSA public key algorithm > > +config BR2_PACKAGE_GNUPG_SHA256 > + bool "SHA256 support" > + help > + Support for SHA256 hash algorithm > + > +config BR2_PACKAGE_GNUPG_SHA512 > + bool "SHA512 support" > + help > + Support for SHA512 hash algorithm What is the size impact of these options? In case the size increase is relatively small just enable them unconditionally. I'd say that, given the security implications, we should enable SHA2 even if the size impact is big. baruch
> > > What is the size impact of these options? In case the size increase is > relatively small just enable them unconditionally. I'd say that, given the > security implications, we should enable SHA2 even if the size impact is > big. > > Size impact is ~6k to the binary to enable both options. (armv7l). I'll submit v2 with both enabled. Binary size without SHA256 + SHA512: -rwxr-xr-x 1 root root 550K Apr 6 10:03 gpg Binary size with both: -rwxr-xr-x 1 root root 555.9K Mar 31 22:50 gpg
diff --git a/package/gnupg/Config.in b/package/gnupg/Config.in index 30f215fed..87b3afe76 100644 --- a/package/gnupg/Config.in +++ b/package/gnupg/Config.in @@ -26,6 +26,16 @@ config BR2_PACKAGE_GNUPG_RSA help Support for RSA public key algorithm +config BR2_PACKAGE_GNUPG_SHA256 + bool "SHA256 support" + help + Support for SHA256 hash algorithm + +config BR2_PACKAGE_GNUPG_SHA512 + bool "SHA512 support" + help + Support for SHA512 hash algorithm + config BR2_PACKAGE_GNUPG_GPGV bool "gpgv" help diff --git a/package/gnupg/gnupg.mk b/package/gnupg/gnupg.mk index caa9d2c46..be3e00282 100644 --- a/package/gnupg/gnupg.mk +++ b/package/gnupg/gnupg.mk @@ -48,6 +48,18 @@ else GNUPG_CONF_OPTS += --disable-rsa endif +ifeq ($(BR2_PACKAGE_GNUPG_SHA256),y) +GNUPG_CONF_OPTS += --enable-sha256 +else +GNUPG_CONF_OPTS += --disable-sha256 +endif + +ifeq ($(BR2_PACKAGE_GNUPG_SHA512),y) +GNUPG_CONF_OPTS += --enable-sha512 +else +GNUPG_CONF_OPTS += --disable-sha512 +endif + ifneq ($(BR2_PACKAGE_GNUPG_GPGV),y) define GNUPG_REMOVE_GPGV rm -f $(TARGET_DIR)/usr/bin/gpgv
Signed-off-by: Jack Breese <jack@kumunetworks.com> --- package/gnupg/Config.in | 10 ++++++++++ package/gnupg/gnupg.mk | 12 ++++++++++++ 2 files changed, 22 insertions(+)