From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail.thorsis.com ([92.198.35.195]) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1keZWW-0001bd-3n for ptxdist@pengutronix.de; Mon, 16 Nov 2020 09:06:04 +0100 Received: from localhost (localhost [127.0.0.1]) by mail.thorsis.com (Postfix) with ESMTP id 06CEE4AA9 for ; Mon, 16 Nov 2020 09:06:03 +0100 (CET) Received: from mail.thorsis.com ([127.0.0.1]) by localhost (mail.thorsis.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YYH-DGVwyFnR for ; Mon, 16 Nov 2020 09:06:02 +0100 (CET) Received: from adahl by ada.ifak-system.com with local (Exim 4.92) (envelope-from ) id 1keZWK-0006WZ-IG for ptxdist@pengutronix.de; Mon, 16 Nov 2020 09:05:52 +0100 From: Alexander Dahl Date: Mon, 16 Nov 2020 09:05:49 +0100 Message-Id: <20201116080552.25031-3-ada@thorsis.com> In-Reply-To: <20201116080552.25031-1-ada@thorsis.com> References: <20201116080552.25031-1-ada@thorsis.com> Subject: [ptxdist] [PATCH v3 2/5] dropbear: Remove deprecated options List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de All those options are cryptographically weak, already broken, or will be removed in the next version anyways. Signed-off-by: Alexander Dahl --- rules/dropbear.in | 29 ----------------------------- rules/dropbear.make | 25 ------------------------- 2 files changed, 54 deletions(-) diff --git a/rules/dropbear.in b/rules/dropbear.in index 62a4a8427..d23f9b17f 100644 --- a/rules/dropbear.in +++ b/rules/dropbear.in @@ -170,17 +170,6 @@ config DROPBEAR_AES256 (and others) to protect sensitive information. -config DROPBEAR_BLOWFISH - bool - prompt "Blowfish" - help - Blowfish, by Bruce Schneier, combines a Feistel network, - key-dependent S-Boxes, with a non-invertible f function. - This block cipher iterates a simple encryption function - 16 times. - Blowfish was designed with a variable key length ranging - from 32 bits to 448 bits. - config DROPBEAR_TWOFISH128 bool prompt "Twofish128" @@ -271,14 +260,6 @@ config DROPBEAR_SHA512 SHA-1. SHA-2 consists of a set of four hash functions with digests that are 224, 256, 384 or 512 bits. -config DROPBEAR_MD5 - bool - prompt "md5" - help - MD5 was developed by Professor Ronald L. Rivest in 1994. - Its 128 bit (16 byte) message digest makes it a faster - implementation than SHA-1. - comment "Hostkey/public key algorithms, at least one required --- SSH2 RFC Draft requires dss, recommends rsa" config DROPBEAR_RSA @@ -291,16 +272,6 @@ config DROPBEAR_RSA conjectured (but not proven) to be equivalent to the Integer Factorisation Problem (IFP). -config DROPBEAR_DSS - bool - prompt "dss" - help - DSS stands for Digital Signature Standard. - DSS employs the ElGamal and Schnorr PK systems to produce - a fixed width signature (irrespective of the public/private - key size). In contrast, RSA signature length is a function - of the key length employed. - config DROPBEAR_ECDSA bool prompt "ecdsa" diff --git a/rules/dropbear.make b/rules/dropbear.make index acd9ef5f9..9403afd00 100644 --- a/rules/dropbear.make +++ b/rules/dropbear.make @@ -124,14 +124,6 @@ else @echo "#define DROPBEAR_AES256 0" >> $(DROPBEAR_LOCALOPTIONS) endif -ifdef PTXCONF_DROPBEAR_BLOWFISH - @echo "ptxdist: enabling blowfish" - @echo "#define DROPBEAR_BLOWFISH 1" >> $(DROPBEAR_LOCALOPTIONS) -else - @echo "ptxdist: disabling blowfish" - @echo "#define DROPBEAR_BLOWFISH 0" >> $(DROPBEAR_LOCALOPTIONS) -endif - ifdef PTXCONF_DROPBEAR_TWOFISH256 @echo "ptxdist: enabling twofish256" @echo "#define DROPBEAR_TWOFISH256 1" >> $(DROPBEAR_LOCALOPTIONS) @@ -201,15 +193,6 @@ else @echo "#define DROPBEAR_SHA2_512_HMAC 0" >> $(DROPBEAR_LOCALOPTIONS) endif -ifdef PTXCONF_DROPBEAR_MD5 - @echo "ptxdist: enabling md5" - @echo "WARNING: md5 is considered broken and is deactivated in upstream dropbear by default!" - @echo "#define DROPBEAR_MD5_HMAC 1" >> $(DROPBEAR_LOCALOPTIONS) -else - @echo "ptxdist: disabling md5" - @echo "#define DROPBEAR_MD5_HMAC 0" >> $(DROPBEAR_LOCALOPTIONS) -endif - ifdef PTXCONF_DROPBEAR_RSA @echo "ptxdist: enabling rsa" @@ -219,14 +202,6 @@ else @echo "#define DROPBEAR_RSA 0" >> $(DROPBEAR_LOCALOPTIONS) endif -ifdef PTXCONF_DROPBEAR_DSS - @echo "ptxdist: enabling dss" - @echo "#define DROPBEAR_DSS 1" >> $(DROPBEAR_LOCALOPTIONS) -else - @echo "ptxdist: disabling dss" - @echo "#define DROPBEAR_DSS 0" >> $(DROPBEAR_LOCALOPTIONS) -endif - ifdef PTXCONF_DROPBEAR_ECDSA @echo "ptxdist: enabling ecdsa" @echo "#define DROPBEAR_ECDSA 1" >> $(DROPBEAR_LOCALOPTIONS) -- 2.27.0 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de