From: Michael Olbrich <mol@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Alexander Dahl <ada@thorsis.com>
Subject: Re: [ptxdist] [APPLIED] dropbear: Remove deprecated options
Date: Fri, 20 Nov 2020 08:56:19 +0100 [thread overview]
Message-ID: <E1kg1HH-006gDU-7c@dude03.red.stw.pengutronix.de> (raw)
In-Reply-To: <20201116080552.25031-3-ada@thorsis.com>
Thanks, applied as 01ac7cc409b59dfbdcc0e231733d3893c51ee8cc.
Michael
[sent from post-receive hook]
On Fri, 20 Nov 2020 08:56:19 +0100, Alexander Dahl <ada@thorsis.com> wrote:
> All those options are cryptographically weak, already broken, or will be
> removed in the next version anyways.
>
> Signed-off-by: Alexander Dahl <ada@thorsis.com>
> Message-Id: <20201116080552.25031-3-ada@thorsis.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/rules/dropbear.in b/rules/dropbear.in
> index 62a4a842703a..d23f9b17f02a 100644
> --- a/rules/dropbear.in
> +++ b/rules/dropbear.in
> @@ -170,17 +170,6 @@ config DROPBEAR_AES256
> (and others) to protect sensitive information.
>
>
> -config DROPBEAR_BLOWFISH
> - bool
> - prompt "Blowfish"
> - help
> - Blowfish, by Bruce Schneier, combines a Feistel network,
> - key-dependent S-Boxes, with a non-invertible f function.
> - This block cipher iterates a simple encryption function
> - 16 times.
> - Blowfish was designed with a variable key length ranging
> - from 32 bits to 448 bits.
> -
> config DROPBEAR_TWOFISH128
> bool
> prompt "Twofish128"
> @@ -271,14 +260,6 @@ config DROPBEAR_SHA512
> SHA-1. SHA-2 consists of a set of four hash functions with digests
> that are 224, 256, 384 or 512 bits.
>
> -config DROPBEAR_MD5
> - bool
> - prompt "md5"
> - help
> - MD5 was developed by Professor Ronald L. Rivest in 1994.
> - Its 128 bit (16 byte) message digest makes it a faster
> - implementation than SHA-1.
> -
> comment "Hostkey/public key algorithms, at least one required --- SSH2 RFC Draft requires dss, recommends rsa"
>
> config DROPBEAR_RSA
> @@ -291,16 +272,6 @@ config DROPBEAR_RSA
> conjectured (but not proven) to be equivalent to the
> Integer Factorisation Problem (IFP).
>
> -config DROPBEAR_DSS
> - bool
> - prompt "dss"
> - help
> - DSS stands for Digital Signature Standard.
> - DSS employs the ElGamal and Schnorr PK systems to produce
> - a fixed width signature (irrespective of the public/private
> - key size). In contrast, RSA signature length is a function
> - of the key length employed.
> -
> config DROPBEAR_ECDSA
> bool
> prompt "ecdsa"
> diff --git a/rules/dropbear.make b/rules/dropbear.make
> index acd9ef5f97d6..9403afd006d7 100644
> --- a/rules/dropbear.make
> +++ b/rules/dropbear.make
> @@ -124,14 +124,6 @@ else
> @echo "#define DROPBEAR_AES256 0" >> $(DROPBEAR_LOCALOPTIONS)
> endif
>
> -ifdef PTXCONF_DROPBEAR_BLOWFISH
> - @echo "ptxdist: enabling blowfish"
> - @echo "#define DROPBEAR_BLOWFISH 1" >> $(DROPBEAR_LOCALOPTIONS)
> -else
> - @echo "ptxdist: disabling blowfish"
> - @echo "#define DROPBEAR_BLOWFISH 0" >> $(DROPBEAR_LOCALOPTIONS)
> -endif
> -
> ifdef PTXCONF_DROPBEAR_TWOFISH256
> @echo "ptxdist: enabling twofish256"
> @echo "#define DROPBEAR_TWOFISH256 1" >> $(DROPBEAR_LOCALOPTIONS)
> @@ -201,15 +193,6 @@ else
> @echo "#define DROPBEAR_SHA2_512_HMAC 0" >> $(DROPBEAR_LOCALOPTIONS)
> endif
>
> -ifdef PTXCONF_DROPBEAR_MD5
> - @echo "ptxdist: enabling md5"
> - @echo "WARNING: md5 is considered broken and is deactivated in upstream dropbear by default!"
> - @echo "#define DROPBEAR_MD5_HMAC 1" >> $(DROPBEAR_LOCALOPTIONS)
> -else
> - @echo "ptxdist: disabling md5"
> - @echo "#define DROPBEAR_MD5_HMAC 0" >> $(DROPBEAR_LOCALOPTIONS)
> -endif
> -
>
> ifdef PTXCONF_DROPBEAR_RSA
> @echo "ptxdist: enabling rsa"
> @@ -219,14 +202,6 @@ else
> @echo "#define DROPBEAR_RSA 0" >> $(DROPBEAR_LOCALOPTIONS)
> endif
>
> -ifdef PTXCONF_DROPBEAR_DSS
> - @echo "ptxdist: enabling dss"
> - @echo "#define DROPBEAR_DSS 1" >> $(DROPBEAR_LOCALOPTIONS)
> -else
> - @echo "ptxdist: disabling dss"
> - @echo "#define DROPBEAR_DSS 0" >> $(DROPBEAR_LOCALOPTIONS)
> -endif
> -
> ifdef PTXCONF_DROPBEAR_ECDSA
> @echo "ptxdist: enabling ecdsa"
> @echo "#define DROPBEAR_ECDSA 1" >> $(DROPBEAR_LOCALOPTIONS)
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
next prev parent reply other threads:[~2020-11-20 7:56 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-16 8:05 [ptxdist] [PATCH v3 0/5] dropbear: version bump 2019.78 -> 2020.81 Alexander Dahl
2020-11-16 8:05 ` [ptxdist] [PATCH v3 1/5] dropbear: Consider licenses of bundled libs Alexander Dahl
2020-11-20 7:56 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-11-16 8:05 ` [ptxdist] [PATCH v3 2/5] dropbear: Remove deprecated options Alexander Dahl
2020-11-20 7:56 ` Michael Olbrich [this message]
2020-11-16 8:05 ` [ptxdist] [PATCH v3 3/5] dropbear: Revise comments Alexander Dahl
2020-11-20 7:56 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-11-16 8:05 ` [ptxdist] [PATCH v3 4/5] dropbear: version bump 2019.78 -> 2020.79 Alexander Dahl
2020-11-20 7:56 ` [ptxdist] [APPLIED] " Michael Olbrich
2020-11-16 8:05 ` [ptxdist] [PATCH v3 5/5] dropbear: version bump 2020.79 -> 2020.81 Alexander Dahl
2020-11-20 7:56 ` [ptxdist] [APPLIED] " Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1kg1HH-006gDU-7c@dude03.red.stw.pengutronix.de \
--to=mol@pengutronix.de \
--cc=ada@thorsis.com \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox