[PATCH 26/26] lib/crypto: sha1: Remove low-level functions from API

Sat, 12 Jul 2025 16:29:31 -0700 

Now that there are no users of the low-level SHA-1 interface, remove it.

Specifically:

- Remove SHA1_DIGEST_WORDS (no longer used)
- Remove sha1_init_raw() (no longer used)
- Rename sha1_transform() to sha1_block_generic() and make it static
- Move SHA1_WORKSPACE_WORDS into lib/crypto/sha1.c

Signed-off-by: Eric Biggers <ebigg...@kernel.org>
---
 include/crypto/sha1.h | 10 -------
 lib/crypto/sha1.c     | 63 ++++++++++++-------------------------------
 2 files changed, 17 insertions(+), 56 deletions(-)

diff --git a/include/crypto/sha1.h b/include/crypto/sha1.h
index 162a529ec8413..34658f4d76e3b 100644
--- a/include/crypto/sha1.h
+++ b/include/crypto/sha1.h
@@ -24,20 +24,10 @@ struct sha1_state {
        u32 state[SHA1_DIGEST_SIZE / 4];
        u64 count;
        u8 buffer[SHA1_BLOCK_SIZE];
 };
 
-/*
- * An implementation of SHA-1's compression function.  Don't use in new code!
- * You shouldn't be using SHA-1, and even if you *have* to use SHA-1, this 
isn't
- * the correct way to hash something with SHA-1 (use crypto_shash instead).
- */
-#define SHA1_DIGEST_WORDS      (SHA1_DIGEST_SIZE / 4)
-#define SHA1_WORKSPACE_WORDS   16
-void sha1_init_raw(__u32 *buf);
-void sha1_transform(__u32 *digest, const char *data, __u32 *W);
-
 /* State for the SHA-1 compression function */
 struct sha1_block_state {
        u32 h[SHA1_DIGEST_SIZE / 4];
 };
 
diff --git a/lib/crypto/sha1.c b/lib/crypto/sha1.c
index 89831f7f27793..87a76bf97f445 100644
--- a/lib/crypto/sha1.c
+++ b/lib/crypto/sha1.c
@@ -49,11 +49,11 @@ static const struct sha1_block_state sha1_iv = {
 #else
   #define setW(x, val) (W(x) = (val))
 #endif
 
 /* This "rolls" over the 512-bit array */
-#define W(x) (array[(x)&15])
+#define W(x) (workspace[(x)&15])
 
 /*
  * Where do we get the source from? The first 16 iterations get it from
  * the input data, the next mix it from the 512-bit array.
  */
@@ -70,38 +70,24 @@ static const struct sha1_block_state sha1_iv = {
 #define T_16_19(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, (((C^D)&B)^D) , 
0x5a827999, A, B, C, D, E )
 #define T_20_39(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, (B^C^D) , 0x6ed9eba1, 
A, B, C, D, E )
 #define T_40_59(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, ((B&C)+(D&(B^C))) , 
0x8f1bbcdc, A, B, C, D, E )
 #define T_60_79(t, A, B, C, D, E) SHA_ROUND(t, SHA_MIX, (B^C^D) ,  0xca62c1d6, 
A, B, C, D, E )
 
-/**
- * sha1_transform - single block SHA1 transform (deprecated)
- *
- * @digest: 160 bit digest to update
- * @data:   512 bits of data to hash
- * @array:  16 words of workspace (see note)
- *
- * This function executes SHA-1's internal compression function.  It updates 
the
- * 160-bit internal state (@digest) with a single 512-bit data block (@data).
- *
- * Don't use this function.  SHA-1 is no longer considered secure.  And even if
- * you do have to use SHA-1, this isn't the correct way to hash something with
- * SHA-1 as this doesn't handle padding and finalization.
- *
- * Note: If the hash is security sensitive, the caller should be sure
- * to clear the workspace. This is left to the caller to avoid
- * unnecessary clears between chained hashing operations.
- */
-void sha1_transform(__u32 *digest, const char *data, __u32 *array)
+#define SHA1_WORKSPACE_WORDS 16
+
+static void sha1_block_generic(struct sha1_block_state *state,
+                              const u8 data[SHA1_BLOCK_SIZE],
+                              u32 workspace[SHA1_WORKSPACE_WORDS])
 {
        __u32 A, B, C, D, E;
        unsigned int i = 0;
 
-       A = digest[0];
-       B = digest[1];
-       C = digest[2];
-       D = digest[3];
-       E = digest[4];
+       A = state->h[0];
+       B = state->h[1];
+       C = state->h[2];
+       D = state->h[3];
+       E = state->h[4];
 
        /* Round 1 - iterations 0-16 take their input from 'data' */
        for (; i < 16; ++i)
                T_0_15(i, A, B, C, D, E);
 
@@ -119,39 +105,24 @@ void sha1_transform(__u32 *digest, const char *data, 
__u32 *array)
 
        /* Round 4 */
        for (; i < 80; ++i)
                T_60_79(i, A, B, C, D, E);
 
-       digest[0] += A;
-       digest[1] += B;
-       digest[2] += C;
-       digest[3] += D;
-       digest[4] += E;
-}
-EXPORT_SYMBOL(sha1_transform);
-
-/**
- * sha1_init_raw - initialize the vectors for a SHA1 digest
- * @buf: vector to initialize
- */
-void sha1_init_raw(__u32 *buf)
-{
-       buf[0] = 0x67452301;
-       buf[1] = 0xefcdab89;
-       buf[2] = 0x98badcfe;
-       buf[3] = 0x10325476;
-       buf[4] = 0xc3d2e1f0;
+       state->h[0] += A;
+       state->h[1] += B;
+       state->h[2] += C;
+       state->h[3] += D;
+       state->h[4] += E;
 }
-EXPORT_SYMBOL(sha1_init_raw);
 
 static void __maybe_unused sha1_blocks_generic(struct sha1_block_state *state,
                                               const u8 *data, size_t nblocks)
 {
        u32 workspace[SHA1_WORKSPACE_WORDS];
 
        do {
-               sha1_transform(state->h, data, workspace);
+               sha1_block_generic(state, data, workspace);
                data += SHA1_BLOCK_SIZE;
        } while (--nblocks);
 
        memzero_explicit(workspace, sizeof(workspace));
 }
-- 
2.50.1

Reply via email to