dropbear: enable SHA256 HMACs
authorJoseph C. Sible <josephcsible@users.noreply.github.com>
Thu, 2 Feb 2017 06:51:51 +0000 (01:51 -0500)
committerStijn Tintel <stijn@linux-ipv6.be>
Fri, 17 Feb 2017 11:31:39 +0000 (12:31 +0100)
The only HMACs currently available use MD5 and SHA1, both of which have known
weaknesses. We already compile in the SHA256 code since we use Curve25519
by default, so there's no significant size penalty to enabling this.

Signed-off-by: Joseph C. Sible <josephcsible@users.noreply.github.com>
(cherry picked from commit 0bf85ef04806e0fd5a6f78ac9f6a32aabb1e7fdc)

package/network/services/dropbear/patches/120-openwrt_options.patch

index f16aaf001eee11811be81fa1db399cf117e66595..b49a95ce93d9565ea0f22d3536d1abbe685f2024 100644 (file)
   * which are not the standard form. */
  #define DROPBEAR_SHA1_HMAC
 -#define DROPBEAR_SHA1_96_HMAC
--#define DROPBEAR_SHA2_256_HMAC
--#define DROPBEAR_SHA2_512_HMAC
 +/*#define DROPBEAR_SHA1_96_HMAC*/
-+/*#define DROPBEAR_SHA2_256_HMAC*/
+ #define DROPBEAR_SHA2_256_HMAC
+-#define DROPBEAR_SHA2_512_HMAC
 +/*#define DROPBEAR_SHA2_512_HMAC*/
  #define DROPBEAR_MD5_HMAC