[Buildroot] [PATCH 2/3] dropbear: Add configuration options for security features
Arnout Vandecappelle
arnout at mind.be
Wed Apr 18 21:58:20 UTC 2018
On 18-04-18 16:24, Stefan Sørensen wrote:
> The dropbear server provides no runtime configuration of ciphers, key
> exchange algorithms, etc., but must rather be configured compile time.
> With no configurability the default settings will be use which may not
> be desired in all scenearios.
>
> These new options allow the selection of
> Ciphers (AES128, AES256, 3DES, BLowfish, Twofish128, Twofish256)
> Cipher modes (CBC, CTR)
> Integrity algorithms (SHA1, SHA1-96, SHA2-256, SHA2-512, MD5)
> Key exchange algorithms (RSA, DSS, ECDSA, Curve25519, ECDH)
> Authenticaton types (Password, Pubkey)
>
> No defaults are changed.
>
> Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
> ---
> package/dropbear/Config.in | 163 +++++++++++++++++++++++++++++++++++
Do we really want so many configuration options?
It is already possible to customize options.h through a patch in
BR2_GLOBAL_PATCH_DIR. I admit that that's a little hackish, so as an alternative
you could add an option to supply a custom options.h.
Regards,
Arnout
> package/dropbear/dropbear.mk | 25 +++++-
> 2 files changed, 185 insertions(+), 3 deletions(-)
[snip]
--
Arnout Vandecappelle arnout at mind be
Senior Embedded Software Architect +32-16-286500
Essensium/Mind http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint: 7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF
More information about the buildroot
mailing list