From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from mail.thorsis.com ([92.198.35.195])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <ada@thorsis.com>) id 1keZWW-0001bd-3n
 for ptxdist@pengutronix.de; Mon, 16 Nov 2020 09:06:04 +0100
Received: from localhost (localhost [127.0.0.1])
 by mail.thorsis.com (Postfix) with ESMTP id 06CEE4AA9
 for <ptxdist@pengutronix.de>; Mon, 16 Nov 2020 09:06:03 +0100 (CET)
Received: from mail.thorsis.com ([127.0.0.1])
 by localhost (mail.thorsis.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id YYH-DGVwyFnR for <ptxdist@pengutronix.de>;
 Mon, 16 Nov 2020 09:06:02 +0100 (CET)
Received: from adahl by ada.ifak-system.com with local (Exim 4.92)
 (envelope-from <ada@thorsis.com>) id 1keZWK-0006WZ-IG
 for ptxdist@pengutronix.de; Mon, 16 Nov 2020 09:05:52 +0100
From: Alexander Dahl <ada@thorsis.com>
Date: Mon, 16 Nov 2020 09:05:49 +0100
Message-Id: <20201116080552.25031-3-ada@thorsis.com>
In-Reply-To: <20201116080552.25031-1-ada@thorsis.com>
References: <20201116080552.25031-1-ada@thorsis.com>
Subject: [ptxdist] [PATCH v3 2/5] dropbear: Remove deprecated options
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ptxdist-bounces@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
To: ptxdist@pengutronix.de

All those options are cryptographically weak, already broken, or will be
removed in the next version anyways.

Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 rules/dropbear.in   | 29 -----------------------------
 rules/dropbear.make | 25 -------------------------
 2 files changed, 54 deletions(-)

diff --git a/rules/dropbear.in b/rules/dropbear.in
index 62a4a8427..d23f9b17f 100644
--- a/rules/dropbear.in
+++ b/rules/dropbear.in
@@ -170,17 +170,6 @@ config DROPBEAR_AES256
 	  (and others) to protect sensitive information.
 
 
-config DROPBEAR_BLOWFISH
-	bool
-	prompt "Blowfish"
-	help
-	  Blowfish, by Bruce Schneier, combines a Feistel network,
-	  key-dependent S-Boxes, with a non-invertible f function.
-	  This block cipher iterates a simple encryption function
-	  16 times.
-	  Blowfish was designed with a variable key length ranging
-	  from 32 bits to 448 bits.
-
 config DROPBEAR_TWOFISH128
 	bool
 	prompt "Twofish128"
@@ -271,14 +260,6 @@ config DROPBEAR_SHA512
 	  SHA-1. SHA-2 consists of a set of four hash functions with digests
 	  that are 224, 256, 384 or 512 bits.
 
-config DROPBEAR_MD5
-	bool
-	prompt "md5"
-	help
-	  MD5 was developed by Professor Ronald L. Rivest in 1994.
-	  Its 128 bit (16 byte) message digest makes it a faster
-	  implementation than SHA-1.
-
 comment "Hostkey/public key algorithms, at least one required --- SSH2 RFC Draft requires dss, recommends rsa"
 
 config DROPBEAR_RSA
@@ -291,16 +272,6 @@ config DROPBEAR_RSA
 	  conjectured (but not proven) to be equivalent to the
 	  Integer Factorisation Problem (IFP).
 
-config DROPBEAR_DSS
-	bool
-	prompt "dss"
-	help
-	  DSS stands for Digital Signature Standard.
-	  DSS employs the ElGamal and Schnorr PK systems to produce
-	  a fixed width signature (irrespective of the public/private
-	  key size). In contrast, RSA signature length is a function
-	  of the key length employed.
-
 config DROPBEAR_ECDSA
 	bool
 	prompt "ecdsa"
diff --git a/rules/dropbear.make b/rules/dropbear.make
index acd9ef5f9..9403afd00 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -124,14 +124,6 @@ else
 	@echo "#define DROPBEAR_AES256 0" >> $(DROPBEAR_LOCALOPTIONS)
 endif
 
-ifdef PTXCONF_DROPBEAR_BLOWFISH
-	@echo "ptxdist: enabling blowfish"
-	@echo "#define DROPBEAR_BLOWFISH 1" >> $(DROPBEAR_LOCALOPTIONS)
-else
-	@echo "ptxdist: disabling blowfish"
-	@echo "#define DROPBEAR_BLOWFISH 0" >> $(DROPBEAR_LOCALOPTIONS)
-endif
-
 ifdef PTXCONF_DROPBEAR_TWOFISH256
 	@echo "ptxdist: enabling twofish256"
 	@echo "#define DROPBEAR_TWOFISH256 1" >> $(DROPBEAR_LOCALOPTIONS)
@@ -201,15 +193,6 @@ else
 	@echo "#define DROPBEAR_SHA2_512_HMAC 0" >> $(DROPBEAR_LOCALOPTIONS)
 endif
 
-ifdef PTXCONF_DROPBEAR_MD5
-	@echo "ptxdist: enabling md5"
-	@echo "WARNING: md5 is considered broken and is deactivated in upstream dropbear by default!"
-	@echo "#define DROPBEAR_MD5_HMAC 1" >> $(DROPBEAR_LOCALOPTIONS)
-else
-	@echo "ptxdist: disabling md5"
-	@echo "#define DROPBEAR_MD5_HMAC 0" >> $(DROPBEAR_LOCALOPTIONS)
-endif
-
 
 ifdef PTXCONF_DROPBEAR_RSA
 	@echo "ptxdist: enabling rsa"
@@ -219,14 +202,6 @@ else
 	@echo "#define DROPBEAR_RSA 0" >> $(DROPBEAR_LOCALOPTIONS)
 endif
 
-ifdef PTXCONF_DROPBEAR_DSS
-	@echo "ptxdist: enabling dss"
-	@echo "#define DROPBEAR_DSS 1" >> $(DROPBEAR_LOCALOPTIONS)
-else
-	@echo "ptxdist: disabling dss"
-	@echo "#define DROPBEAR_DSS 0" >> $(DROPBEAR_LOCALOPTIONS)
-endif
-
 ifdef PTXCONF_DROPBEAR_ECDSA
 	@echo "ptxdist: enabling ecdsa"
 	@echo "#define DROPBEAR_ECDSA 1" >> $(DROPBEAR_LOCALOPTIONS)
-- 
2.27.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de