From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from mail-wm1-x342.google.com ([2a00:1450:4864:20::342])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92)
 (envelope-from <bruno.thomsen@gmail.com>) id 1jKQ9H-00030p-1g
 for ptxdist@pengutronix.de; Fri, 03 Apr 2020 19:30:31 +0200
Received: by mail-wm1-x342.google.com with SMTP id t8so7950761wmi.2
 for <ptxdist@pengutronix.de>; Fri, 03 Apr 2020 10:30:31 -0700 (PDT)
From: Bruno Thomsen <bruno.thomsen@gmail.com>
Date: Fri,  3 Apr 2020 19:30:21 +0200
Message-Id: <20200403173021.10414-1-bruno.thomsen@gmail.com>
MIME-Version: 1.0
Subject: [ptxdist] [PATCH] dropbear: enable/disable sha1 include key
 exchange algorithms
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ptxdist-bounces@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Bruno Thomsen <bruno.thomsen@gmail.com>, bth@kamstrup.com

When enabling or disabling sha1 integrity also keep or remove
key exhange algorithms that rely on sha1.

group14_sha1 - 2048 bit, sha1
group1 - 1024 bit, sha1

Signed-off-by: Bruno Thomsen <bruno.thomsen@gmail.com>
---
 rules/dropbear.make | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/rules/dropbear.make b/rules/dropbear.make
index 8d80ed295..d52efa396 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -165,9 +165,13 @@ endif
 ifdef PTXCONF_DROPBEAR_SHA1
 	@echo "ptxdist: enabling sha1"
 	@echo "#define DROPBEAR_SHA1_HMAC 1" >> $(DROPBEAR_LOCALOPTIONS)
+	@echo "#define DROPBEAR_DH_GROUP1 1" >> $(DROPBEAR_LOCALOPTIONS)
+	@echo "#define DROPBEAR_DH_GROUP14_SHA1 1" >> $(DROPBEAR_LOCALOPTIONS)
 else
 	@echo "ptxdist: disabling sha1"
 	@echo "#define DROPBEAR_SHA1_HMAC 0" >> $(DROPBEAR_LOCALOPTIONS)
+	@echo "#define DROPBEAR_DH_GROUP1 0" >> $(DROPBEAR_LOCALOPTIONS)
+	@echo "#define DROPBEAR_DH_GROUP14_SHA1 0" >> $(DROPBEAR_LOCALOPTIONS)
 endif
 
 ifdef PTXCONF_DROPBEAR_SHA1_96
-- 
2.25.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de