On Wed, Nov 12, 2025 at 12:12:12PM -0800, Stephen Hemminger wrote:

On Mon, 29 Sep 2025 12:46:48 -0700
Eric Biggers [off-list ref] wrote:

quoted

diff --git a/lib/sha1.c b/lib/sha1.c
new file mode 100644
index 00000000..1aa8fd83
--- /dev/null
+++ b/lib/sha1.c

@@ -0,0 +1,108 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * SHA-1 message digest algorithm
+ *
+ * Copyright 2025 Google LLC
+ */

Not a big fan of having actual crypto in iproute2.
It creates even more technical debt.
Is there another crypto library that could be used?

Currently iproute2 doesn't depend on OpenSSL.  You can make it do that,
if you want, and then you could use SHA-1 from there.  I suspect that
doing that would be much more trouble than just adding this SHA-1 code.

If you happen to be planning to pull in OpenSSL as a dependency for
other reasons, it might make sense then.

Better yet, is there a reason legacy BPF code needs to still exist
in current iproute2? When was the cut over.

No idea.  That's a question for the BPF folks.

- Eric