From: Alexander Dahl <ada@thorsis.com>
To: ptxdist@pengutronix.de
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>,
Ian Abbott <abbotti@mev.co.uk>,
Bruno Thomsen <bruno.thomsen@gmail.com>
Subject: [ptxdist] [PATCH 7/8] dropbear: Add conditional comments with warnings
Date: Mon, 4 Jul 2022 14:18:30 +0200 [thread overview]
Message-ID: <20220704121831.23787-8-ada@thorsis.com> (raw)
In-Reply-To: <20220704121831.23787-1-ada@thorsis.com>
We have multiple groups where it is required to select at least one (and
optionally more) option. On some groups selecting no option would fail
at buildtime, on other dropbear would build and run, but necessary user
interactions (like log in) would not be possible at runtime, e.g.
because no message integrity hmac method was built in.
These warnings still allow not selecting any option, but should give a
stronger hint than before, that this would be a bad idea.
Suggested-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
rules/dropbear.in | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/rules/dropbear.in b/rules/dropbear.in
index 043b0e76d..4f6a6a906 100644
--- a/rules/dropbear.in
+++ b/rules/dropbear.in
@@ -179,6 +179,9 @@ config DROPBEAR_CHACHA20POLY1305
instructions, having the same key size.
Recommended.
+comment "WARNING: No encryption method selected!"
+ depends on !DROPBEAR_AES128 && !DROPBEAR_3DES && !DROPBEAR_AES256 && !DROPBEAR_CHACHA20POLY1305
+
config DROPBEAR_CBC_CIPHERS
bool
prompt "CBC mode ciphers (legacy)"
@@ -247,6 +250,9 @@ config DROPBEAR_SHA512
SHA-1. SHA-2 consists of a set of four hash functions with digests
that are 224, 256, 384 or 512 bits.
+comment "WARNING: No Message Integrity method selected!"
+ depends on !DROPBEAR_SHA1 && !DROPBEAR_SHA1_96 && !DROPBEAR_SHA256 && !DROPBEAR_SHA512
+
comment "Hostkey/public key algorithms, at least one required ---"
config DROPBEAR_RSA
@@ -278,6 +284,9 @@ config DROPBEAR_ED25519
Public keys are 256 bits long and signatures are 512 bits
long.
+comment "WARNING: No Hostkey/public key algorithm selected!"
+ depends on !DROPBEAR_RSA && !DROPBEAR_ECDSA && !DROPBEAR_ED25519
+
comment "Key exchange algorithm, at least one required ---"
config DROPBEAR_DH_GROUP14_SHA256
@@ -335,6 +344,9 @@ config DROPBEAR_DH_GROUP1
versions < 0.53.
Client only!
+comment "WARNING: No key exchange algorithm selected!"
+ depends on !DROPBEAR_DH_GROUP14_SHA256 && !DROPBEAR_DH_GROUP14_SHA1 && !DROPBEAR_DH_GROUP16 && !DROPBEAR_ECDH && !DROPBEAR_CURVE25519 && !DROPBEAR_DH_GROUP1
+
comment "Authentication types, at least one required --- RFC Draft requires pubkey auth"
config DROPBEAR_PASSWD
@@ -351,6 +363,9 @@ config DROPBEAR_PUBKEY
help
Use public key authentication
+comment "WARNING: No authentication type selected!"
+ depends on !DROPBEAR_PASSWD && !DROPBEAR_PUBKEY
+
comment "installation options ---"
config DROPBEAR_DROPBEAR
--
2.30.2
next prev parent reply other threads:[~2022-07-04 12:19 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-04 12:18 [ptxdist] [PATCH 0/8] dropbear: version bump and option revise Alexander Dahl
2022-07-04 12:18 ` [ptxdist] [PATCH 1/8] dropbear: version bump 2020.81 -> 2022.82 Alexander Dahl
2022-07-08 15:13 ` Michael Olbrich
2022-07-21 7:10 ` [ptxdist] [PATCH] dropbear: Add patch to fix build with X11 forwarding Alexander Dahl
2022-08-04 15:14 ` [ptxdist] [APPLIED] " Michael Olbrich
2022-07-29 6:23 ` [ptxdist] [APPLIED] dropbear: version bump 2020.81 -> 2022.82 Michael Olbrich
2022-07-04 12:18 ` [ptxdist] [PATCH 2/8] dropbear: Add ed25519 hostkey/public key support Alexander Dahl
2022-07-29 6:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2022-07-04 12:18 ` [ptxdist] [PATCH 3/8] dropbear: Remove curve25519 dependency Alexander Dahl
2022-07-29 6:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2022-07-04 12:18 ` [ptxdist] [PATCH 4/8] dropbear: Make Chacha20-Poly1305 encryption optional Alexander Dahl
2022-07-29 6:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2022-07-04 12:18 ` [ptxdist] [PATCH 5/8] dropbear: Append hints to some menu prompts Alexander Dahl
2022-07-29 6:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2022-07-04 12:18 ` [ptxdist] [PATCH 6/8] dropbear: Rework key exchange algorithm options Alexander Dahl
2022-07-04 12:31 ` Ian Abbott
2022-07-08 9:09 ` Michael Olbrich
2022-07-29 6:23 ` [ptxdist] [APPLIED] " Michael Olbrich
2022-07-04 12:18 ` Alexander Dahl [this message]
2022-07-29 6:23 ` [ptxdist] [APPLIED] dropbear: Add conditional comments with warnings Michael Olbrich
2022-07-04 12:18 ` [ptxdist] [PATCH 8/8] dropbear: Move option groups to sub menus Alexander Dahl
2022-07-29 6:23 ` [ptxdist] [APPLIED] " Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220704121831.23787-8-ada@thorsis.com \
--to=ada@thorsis.com \
--cc=a.fatoum@pengutronix.de \
--cc=abbotti@mev.co.uk \
--cc=bruno.thomsen@gmail.com \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox