Hi, There are currently two remaining users of SHA-1 left in the kernel: bpf tag generation, and ipv6 address calculation. In an effort to reduce code size and rid ourselves of insecure primitives, this RFC patchset moves to using the more secure BLAKE2s function. I wanted to get your feedback on how feasible this patchset is, and if there is some remaining attachment to SHA-1, why exactly, and what could be done to mitigate it. Rather than sending a mailing list post just asking, "what do you think?" I figured it'd be easier to send this as an RFC patchset, so you see specifically what I mean. Thoughts? Comments? Thanks, Jason Cc: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx> Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Cc: Ard Biesheuvel <ardb@xxxxxxxxxx> Cc: Jean-Philippe Aumasson <jeanphilippe.aumasson@xxxxxxxxx> Cc: linux-crypto@xxxxxxxxxxxxxxx Jason A. Donenfeld (3): bpf: move from sha1 to blake2s in tag calculation ipv6: move from sha1 to blake2s in address calculation crypto: sha1_generic - import lib/sha1.c locally crypto/sha1_generic.c | 114 +++++++++++++++++++++++++++++++++++ include/crypto/sha1.h | 10 --- kernel/bpf/core.c | 39 ++---------- lib/Makefile | 2 +- lib/sha1.c | 137 ------------------------------------------ net/ipv6/addrconf.c | 31 +++------- 6 files changed, 128 insertions(+), 205 deletions(-) delete mode 100644 lib/sha1.c -- 2.34.1
