From: Alexander Dahl <ada@thorsis.com>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH v3 2/5] dropbear: Remove deprecated options
Date: Mon, 16 Nov 2020 09:05:49 +0100 [thread overview]
Message-ID: <20201116080552.25031-3-ada@thorsis.com> (raw)
In-Reply-To: <20201116080552.25031-1-ada@thorsis.com>
All those options are cryptographically weak, already broken, or will be
removed in the next version anyways.
Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
rules/dropbear.in | 29 -----------------------------
rules/dropbear.make | 25 -------------------------
2 files changed, 54 deletions(-)
diff --git a/rules/dropbear.in b/rules/dropbear.in
index 62a4a8427..d23f9b17f 100644
--- a/rules/dropbear.in
+++ b/rules/dropbear.in
@@ -170,17 +170,6 @@ config DROPBEAR_AES256
(and others) to protect sensitive information.
-config DROPBEAR_BLOWFISH
- bool
- prompt "Blowfish"
- help
- Blowfish, by Bruce Schneier, combines a Feistel network,
- key-dependent S-Boxes, with a non-invertible f function.
- This block cipher iterates a simple encryption function
- 16 times.
- Blowfish was designed with a variable key length ranging
- from 32 bits to 448 bits.
-
config DROPBEAR_TWOFISH128
bool
prompt "Twofish128"
@@ -271,14 +260,6 @@ config DROPBEAR_SHA512
SHA-1. SHA-2 consists of a set of four hash functions with digests
that are 224, 256, 384 or 512 bits.
-config DROPBEAR_MD5
- bool
- prompt "md5"
- help
- MD5 was developed by Professor Ronald L. Rivest in 1994.
- Its 128 bit (16 byte) message digest makes it a faster
- implementation than SHA-1.
-
comment "Hostkey/public key algorithms, at least one required --- SSH2 RFC Draft requires dss, recommends rsa"
config DROPBEAR_RSA
@@ -291,16 +272,6 @@ config DROPBEAR_RSA
conjectured (but not proven) to be equivalent to the
Integer Factorisation Problem (IFP).
-config DROPBEAR_DSS
- bool
- prompt "dss"
- help
- DSS stands for Digital Signature Standard.
- DSS employs the ElGamal and Schnorr PK systems to produce
- a fixed width signature (irrespective of the public/private
- key size). In contrast, RSA signature length is a function
- of the key length employed.
-
config DROPBEAR_ECDSA
bool
prompt "ecdsa"
diff --git a/rules/dropbear.make b/rules/dropbear.make
index acd9ef5f9..9403afd00 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -124,14 +124,6 @@ else
@echo "#define DROPBEAR_AES256 0" >> $(DROPBEAR_LOCALOPTIONS)
endif
-ifdef PTXCONF_DROPBEAR_BLOWFISH
- @echo "ptxdist: enabling blowfish"
- @echo "#define DROPBEAR_BLOWFISH 1" >> $(DROPBEAR_LOCALOPTIONS)
-else
- @echo "ptxdist: disabling blowfish"
- @echo "#define DROPBEAR_BLOWFISH 0" >> $(DROPBEAR_LOCALOPTIONS)
-endif
-
ifdef PTXCONF_DROPBEAR_TWOFISH256
@echo "ptxdist: enabling twofish256"
@echo "#define DROPBEAR_TWOFISH256 1" >> $(DROPBEAR_LOCALOPTIONS)
@@ -201,15 +193,6 @@ else
@echo "#define DROPBEAR_SHA2_512_HMAC 0" >> $(DROPBEAR_LOCALOPTIONS)
endif
-ifdef PTXCONF_DROPBEAR_MD5
- @echo "ptxdist: enabling md5"
- @echo "WARNING: md5 is considered broken and is deactivated in upstream dropbear by default!"
- @echo "#define DROPBEAR_MD5_HMAC 1" >> $(DROPBEAR_LOCALOPTIONS)
-else
- @echo "ptxdist: disabling md5"
- @echo "#define DROPBEAR_MD5_HMAC 0" >> $(DROPBEAR_LOCALOPTIONS)
-endif
-
ifdef PTXCONF_DROPBEAR_RSA
@echo "ptxdist: enabling rsa"
@@ -219,14 +202,6 @@ else
@echo "#define DROPBEAR_RSA 0" >> $(DROPBEAR_LOCALOPTIONS)
endif
-ifdef PTXCONF_DROPBEAR_DSS
- @echo "ptxdist: enabling dss"
- @echo "#define DROPBEAR_DSS 1" >> $(DROPBEAR_LOCALOPTIONS)
-else
- @echo "ptxdist: disabling dss"
- @echo "#define DROPBEAR_DSS 0" >> $(DROPBEAR_LOCALOPTIONS)
-endif
-
ifdef PTXCONF_DROPBEAR_ECDSA
@echo "ptxdist: enabling ecdsa"
@echo "#define DROPBEAR_ECDSA 1" >> $(DROPBEAR_LOCALOPTIONS)
--
2.27.0
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
next prev parent reply other threads:[~2020-11-16 8:06 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-16 8:05 [ptxdist] [PATCH v3 0/5] dropbear: version bump 2019.78 -> 2020.81 Alexander Dahl
2020-11-16 8:05 ` [ptxdist] [PATCH v3 1/5] dropbear: Consider licenses of bundled libs Alexander Dahl
2020-11-20 7:56 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-11-16 8:05 ` Alexander Dahl [this message]
2020-11-20 7:56 ` [ptxdist] [APPLIED] dropbear: Remove deprecated options Michael Olbrich
2020-11-16 8:05 ` [ptxdist] [PATCH v3 3/5] dropbear: Revise comments Alexander Dahl
2020-11-20 7:56 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-11-16 8:05 ` [ptxdist] [PATCH v3 4/5] dropbear: version bump 2019.78 -> 2020.79 Alexander Dahl
2020-11-20 7:56 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-11-16 8:05 ` [ptxdist] [PATCH v3 5/5] dropbear: version bump 2020.79 -> 2020.81 Alexander Dahl
2020-11-20 7:56 ` [ptxdist] [APPLIED] " Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201116080552.25031-3-ada@thorsis.com \
--to=ada@thorsis.com \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox