Allow gpg to select digest algo

EC signatures requires that the digest has the corresponding length. Removing the hardcoded sha2-256 hash function and adding support of sha2-384 and sha2-512 should allow using EC crypto.
2024-12-20 13:33:10 +00:00 · 2022-07-22 10:17:23 +03:00 · 2022-07-22 10:17:23 +03:00 · a221321b6a
commit a221321b6a
parent 2cfa94003b
9 changed files with 16 additions and 9 deletions
--- a/config/linux-kgpe-d16_server-whiptail.config
+++ b/config/linux-kgpe-d16_server-whiptail.config
@ -234,7 +234,8 @@ CONFIG_CRYPTO_RMD160=m
 CONFIG_CRYPTO_RMD256=m
 CONFIG_CRYPTO_RMD320=m
 CONFIG_CRYPTO_SHA1_SSSE3=y
-CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA256_SSSE3=y
 CONFIG_CRYPTO_SHA512_SSSE3=y
 CONFIG_CRYPTO_TGR192=m
 CONFIG_CRYPTO_WP512=m
 CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
--- a/config/linux-kgpe-d16_server.config
+++ b/config/linux-kgpe-d16_server.config
@ -234,7 +234,8 @@ CONFIG_CRYPTO_RMD160=m
 CONFIG_CRYPTO_RMD256=m
 CONFIG_CRYPTO_RMD320=m
 CONFIG_CRYPTO_SHA1_SSSE3=y
-CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA256_SSSE3=y
 CONFIG_CRYPTO_SHA512_SSSE3=y
 CONFIG_CRYPTO_TGR192=m
 CONFIG_CRYPTO_WP512=m
 CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
--- a/config/linux-kgpe-d16_workstation.config
+++ b/config/linux-kgpe-d16_workstation.config
@ -233,7 +233,8 @@ CONFIG_CRYPTO_RMD160=m
 CONFIG_CRYPTO_RMD256=m
 CONFIG_CRYPTO_RMD320=m
 CONFIG_CRYPTO_SHA1_SSSE3=y
-CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA256_SSSE3=y
 CONFIG_CRYPTO_SHA512_SSSE3=y
 CONFIG_CRYPTO_TGR192=m
 CONFIG_CRYPTO_WP512=m
 CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
--- a/config/linux-librem_common.config
+++ b/config/linux-librem_common.config
@ -230,7 +230,8 @@ CONFIG_CRYPTO_RMD160=m
 CONFIG_CRYPTO_RMD256=m
 CONFIG_CRYPTO_RMD320=m
 CONFIG_CRYPTO_SHA1_SSSE3=y
-CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA256_SSSE3=y
 CONFIG_CRYPTO_SHA512_SSSE3=y
 CONFIG_CRYPTO_TGR192=m
 CONFIG_CRYPTO_WP512=m
 CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
--- a/config/linux-linuxboot.config
+++ b/config/linux-linuxboot.config
@ -329,7 +329,8 @@ CONFIG_CRYPTO_RMD160=m
 CONFIG_CRYPTO_RMD256=m
 CONFIG_CRYPTO_RMD320=m
 CONFIG_CRYPTO_SHA1_SSSE3=y
-CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA256_SSSE3=y
 CONFIG_CRYPTO_SHA512_SSSE3=y
 CONFIG_CRYPTO_TGR192=m
 CONFIG_CRYPTO_WP512=m
 CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
--- a/config/linux-qemu.config
+++ b/config/linux-qemu.config
@ -322,7 +322,8 @@ CONFIG_CRYPTO_RMD160=m
 CONFIG_CRYPTO_RMD256=m
 CONFIG_CRYPTO_RMD320=m
 CONFIG_CRYPTO_SHA1_SSSE3=y
-CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA256_SSSE3=y
 CONFIG_CRYPTO_SHA512_SSSE3=y
 CONFIG_CRYPTO_TGR192=m
 CONFIG_CRYPTO_WP512=m
 CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
--- a/config/linux-x230-legacy.config
+++ b/config/linux-x230-legacy.config
@ -274,7 +274,8 @@ CONFIG_CRYPTO_RMD160=m
 CONFIG_CRYPTO_RMD256=m
 CONFIG_CRYPTO_RMD320=m
 CONFIG_CRYPTO_SHA1_SSSE3=y
-CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA256_SSSE3=y
 CONFIG_CRYPTO_SHA512_SSSE3=y
 CONFIG_CRYPTO_TGR192=m
 CONFIG_CRYPTO_WP512=m
 CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
--- a/config/linux-x230-maximized.config
+++ b/config/linux-x230-maximized.config
@ -282,7 +282,8 @@ CONFIG_CRYPTO_RMD160=m
 CONFIG_CRYPTO_RMD256=m
 CONFIG_CRYPTO_RMD320=m
 CONFIG_CRYPTO_SHA1_SSSE3=y
-CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA256_SSSE3=y
 CONFIG_CRYPTO_SHA512_SSSE3=y
 CONFIG_CRYPTO_TGR192=m
 CONFIG_CRYPTO_WP512=m
 CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
--- a/initrd/bin/kexec-sign-config
+++ b/initrd/bin/kexec-sign-config
@ -67,7 +67,6 @@ fi
 for tries in 1 2 3; do
 	if sha256sum $param_files | gpg \
 		--digest-algo SHA256 \
 		--detach-sign \
 		-a \
 		> $paramsdir/kexec.sig \