diff options
author | Alexander Dahl <ada@thorsis.com> | 2020-11-16 09:05:49 +0100 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2020-11-16 12:44:56 +0100 |
commit | 01ac7cc409b59dfbdcc0e231733d3893c51ee8cc (patch) | |
tree | b0158787d8486bab3a728e127da99ddce39b06a2 | |
parent | ad7ed6f84920cd90ba058c53b931bfd6202ca9c1 (diff) | |
download | ptxdist-01ac7cc409b59dfbdcc0e231733d3893c51ee8cc.tar.gz ptxdist-01ac7cc409b59dfbdcc0e231733d3893c51ee8cc.tar.xz |
dropbear: Remove deprecated options
All those options are cryptographically weak, already broken, or will be
removed in the next version anyways.
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Message-Id: <20201116080552.25031-3-ada@thorsis.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
-rw-r--r-- | rules/dropbear.in | 29 | ||||
-rw-r--r-- | rules/dropbear.make | 25 |
2 files changed, 0 insertions, 54 deletions
diff --git a/rules/dropbear.in b/rules/dropbear.in index 62a4a8427..d23f9b17f 100644 --- a/rules/dropbear.in +++ b/rules/dropbear.in @@ -170,17 +170,6 @@ config DROPBEAR_AES256 (and others) to protect sensitive information. -config DROPBEAR_BLOWFISH - bool - prompt "Blowfish" - help - Blowfish, by Bruce Schneier, combines a Feistel network, - key-dependent S-Boxes, with a non-invertible f function. - This block cipher iterates a simple encryption function - 16 times. - Blowfish was designed with a variable key length ranging - from 32 bits to 448 bits. - config DROPBEAR_TWOFISH128 bool prompt "Twofish128" @@ -271,14 +260,6 @@ config DROPBEAR_SHA512 SHA-1. SHA-2 consists of a set of four hash functions with digests that are 224, 256, 384 or 512 bits. -config DROPBEAR_MD5 - bool - prompt "md5" - help - MD5 was developed by Professor Ronald L. Rivest in 1994. - Its 128 bit (16 byte) message digest makes it a faster - implementation than SHA-1. - comment "Hostkey/public key algorithms, at least one required --- SSH2 RFC Draft requires dss, recommends rsa" config DROPBEAR_RSA @@ -291,16 +272,6 @@ config DROPBEAR_RSA conjectured (but not proven) to be equivalent to the Integer Factorisation Problem (IFP). -config DROPBEAR_DSS - bool - prompt "dss" - help - DSS stands for Digital Signature Standard. - DSS employs the ElGamal and Schnorr PK systems to produce - a fixed width signature (irrespective of the public/private - key size). In contrast, RSA signature length is a function - of the key length employed. - config DROPBEAR_ECDSA bool prompt "ecdsa" diff --git a/rules/dropbear.make b/rules/dropbear.make index acd9ef5f9..9403afd00 100644 --- a/rules/dropbear.make +++ b/rules/dropbear.make @@ -124,14 +124,6 @@ else @echo "#define DROPBEAR_AES256 0" >> $(DROPBEAR_LOCALOPTIONS) endif -ifdef PTXCONF_DROPBEAR_BLOWFISH - @echo "ptxdist: enabling blowfish" - @echo "#define DROPBEAR_BLOWFISH 1" >> $(DROPBEAR_LOCALOPTIONS) -else - @echo "ptxdist: disabling blowfish" - @echo "#define DROPBEAR_BLOWFISH 0" >> $(DROPBEAR_LOCALOPTIONS) -endif - ifdef PTXCONF_DROPBEAR_TWOFISH256 @echo "ptxdist: enabling twofish256" @echo "#define DROPBEAR_TWOFISH256 1" >> $(DROPBEAR_LOCALOPTIONS) @@ -201,15 +193,6 @@ else @echo "#define DROPBEAR_SHA2_512_HMAC 0" >> $(DROPBEAR_LOCALOPTIONS) endif -ifdef PTXCONF_DROPBEAR_MD5 - @echo "ptxdist: enabling md5" - @echo "WARNING: md5 is considered broken and is deactivated in upstream dropbear by default!" - @echo "#define DROPBEAR_MD5_HMAC 1" >> $(DROPBEAR_LOCALOPTIONS) -else - @echo "ptxdist: disabling md5" - @echo "#define DROPBEAR_MD5_HMAC 0" >> $(DROPBEAR_LOCALOPTIONS) -endif - ifdef PTXCONF_DROPBEAR_RSA @echo "ptxdist: enabling rsa" @@ -219,14 +202,6 @@ else @echo "#define DROPBEAR_RSA 0" >> $(DROPBEAR_LOCALOPTIONS) endif -ifdef PTXCONF_DROPBEAR_DSS - @echo "ptxdist: enabling dss" - @echo "#define DROPBEAR_DSS 1" >> $(DROPBEAR_LOCALOPTIONS) -else - @echo "ptxdist: disabling dss" - @echo "#define DROPBEAR_DSS 0" >> $(DROPBEAR_LOCALOPTIONS) -endif - ifdef PTXCONF_DROPBEAR_ECDSA @echo "ptxdist: enabling ecdsa" @echo "#define DROPBEAR_ECDSA 1" >> $(DROPBEAR_LOCALOPTIONS) |