[Buildroot] [PATCH 2/3] dropbear: Add configuration options for security features

Thomas Petazzoni thomas.petazzoni at bootlin.com
Wed Apr 18 15:10:31 UTC 2018


Hello,

On Wed, 18 Apr 2018 16:24:33 +0200, Stefan Sørensen wrote:
> The dropbear server provides no runtime configuration of ciphers, key
> exchange algorithms, etc., but must rather be configured compile time.
> With no configurability the default settings will be use which may not
> be desired in all scenearios.
> 
> These new options allow the selection of
>   Ciphers (AES128, AES256, 3DES, BLowfish, Twofish128, Twofish256)
>   Cipher modes (CBC, CTR)
>   Integrity algorithms (SHA1, SHA1-96, SHA2-256, SHA2-512, MD5)
>   Key exchange algorithms (RSA, DSS, ECDSA, Curve25519, ECDH)
>   Authenticaton types (Password, Pubkey)
> 
> No defaults are changed.
> 
> Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>

We received PATCH 2/3 and 3/3, but not 1/3. Was it sent ? Is it a
mistake ?

> +config BR2_PACKAGE_DROPBEAR_CIPHER_BLOWFISH
> +	bool "Blowfish"
> +	default y	if !BR2_PACKAGE_DROPBEAR_SMALL

No need for a tab before the "if".

Is it possible to enable this option even if
BR2_PACKAGE_DROPBEAR_SMALL=y ? I.e, does it build ?

> +menu "Dropbear authenticaton types"

authentication

Did you do a pass with ./utils/check-package on package/dropbear/*
after doing those changes ?

Thanks,

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com



More information about the buildroot mailing list