crypto: lib - make the sha1 library optional

Since the Linux RNG no longer uses sha1_transform(), the SHA-1 library
is no longer needed unconditionally.  Make it possible to build the
Linux kernel without the SHA-1 library by putting it behind a kconfig
option, and selecting this new option from the kconfig options that gate
the remaining users: CRYPTO_SHA1 for crypto/sha1_generic.c, BPF for
kernel/bpf/core.c, and IPV6 for net/ipv6/addrconf.c.

Unfortunately, since BPF is selected by NET, for now this can only make
a difference for kernels built without networking support.

Signed-off-by: Eric Biggers <[email protected]>
Reviewed-by: Jason A. Donenfeld <[email protected]>
Acked-by: Jakub Kicinski <[email protected]>
Acked-by: Alexei Starovoitov <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>

crypto/Kconfig

@@ -901,6 +901,7 @@ config CRYPTO_RMD160
 config CRYPTO_SHA1
 	tristate "SHA1 digest algorithm"
 	select CRYPTO_HASH
+	select CRYPTO_LIB_SHA1
 	help
 	  SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2).
 

init/Kconfig

@@ -1472,6 +1472,7 @@ config HAVE_PCSPKR_PLATFORM
 # interpreter that classic socket filters depend on
 config BPF
 	bool
+	select CRYPTO_LIB_SHA1
 
 menuconfig EXPERT
 	bool "Configure standard kernel features (expert users)"

lib/crypto/Kconfig

@@ -121,6 +121,9 @@ config CRYPTO_LIB_CHACHA20POLY1305
 	select CRYPTO_LIB_POLY1305
 	select CRYPTO_ALGAPI
 
+config CRYPTO_LIB_SHA1
+	tristate
+
 config CRYPTO_LIB_SHA256
 	tristate
 

lib/crypto/Makefile

@@ -34,7 +34,8 @@ libpoly1305-y					:= poly1305-donna32.o
 libpoly1305-$(CONFIG_ARCH_SUPPORTS_INT128)	:= poly1305-donna64.o
 libpoly1305-y					+= poly1305.o
 
-obj-y						+= sha1.o
+obj-$(CONFIG_CRYPTO_LIB_SHA1)			+= libsha1.o
+libsha1-y					:= sha1.o
 
 obj-$(CONFIG_CRYPTO_LIB_SHA256)			+= libsha256.o
 libsha256-y					:= sha256.o

net/ipv6/Kconfig

@@ -7,6 +7,7 @@
 menuconfig IPV6
 	tristate "The IPv6 protocol"
 	default y
+	select CRYPTO_LIB_SHA1
 	help
 	  Support for IP version 6 (IPv6).