From f5274363644852f7064adb7e654e3f41c640b106 Mon Sep 17 00:00:00 2001 From: "Joseph C. Sible" Date: Thu, 2 Feb 2017 01:51:51 -0500 Subject: [PATCH] dropbear: enable SHA256 HMACs The only HMACs currently available use MD5 and SHA1, both of which have known weaknesses. We already compile in the SHA256 code since we use Curve25519 by default, so there's no significant size penalty to enabling this. Signed-off-by: Joseph C. Sible (cherry picked from commit 0bf85ef04806e0fd5a6f78ac9f6a32aabb1e7fdc) --- .../services/dropbear/patches/120-openwrt_options.patch | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch index f16aaf001ee..b49a95ce93d 100644 --- a/package/network/services/dropbear/patches/120-openwrt_options.patch +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -44,10 +44,9 @@ * which are not the standard form. */ #define DROPBEAR_SHA1_HMAC -#define DROPBEAR_SHA1_96_HMAC --#define DROPBEAR_SHA2_256_HMAC --#define DROPBEAR_SHA2_512_HMAC +/*#define DROPBEAR_SHA1_96_HMAC*/ -+/*#define DROPBEAR_SHA2_256_HMAC*/ + #define DROPBEAR_SHA2_256_HMAC +-#define DROPBEAR_SHA2_512_HMAC +/*#define DROPBEAR_SHA2_512_HMAC*/ #define DROPBEAR_MD5_HMAC -- 2.30.2