From cda8070898858b9000e6671a16b0da9d24888343 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Thu, 10 Nov 2022 17:10:16 +0800 Subject: [PATCH] Remove hmac-md5 entirely --- INSTALL | 2 +- common-algo.c | 7 ------- crypto_desc.c | 3 --- libtomcrypt/src/headers/tomcrypt_dropbear.h | 4 ---- sysoptions.h | 7 ------- 5 files changed, 1 insertion(+), 22 deletions(-) diff --git a/INSTALL b/INSTALL index 76d7c81..60eb707 100644 --- a/INSTALL +++ b/INSTALL @@ -58,7 +58,7 @@ Compiling for uClibc should be the same as normal, just set CC to the magic uClibc toolchain compiler (ie export CC=i386-uclibc-gcc or whatever). You can use "make STATIC=1" to make statically linked binaries, and it is advisable to strip the binaries too. If you're looking to make a small binary, -you should remove unneeded ciphers and MD5, by editing localoptions.h +you should remove unneeded ciphers and algorithms, by editing localoptions.h It is possible to compile zlib in, by copying zlib.h and zconf.h into a subdirectory (ie zlibincludes), and diff --git a/common-algo.c b/common-algo.c index 7564df8..378f0ca 100644 --- a/common-algo.c +++ b/common-algo.c @@ -114,10 +114,6 @@ static const struct dropbear_hash dropbear_sha2_256 = static const struct dropbear_hash dropbear_sha2_512 = {&sha512_desc, 64, 64}; #endif -#if DROPBEAR_MD5_HMAC -static const struct dropbear_hash dropbear_md5 = - {&md5_desc, 16, 16}; -#endif const struct dropbear_hash dropbear_nohash = {NULL, 16, 0}; /* used initially */ @@ -185,9 +181,6 @@ algo_type sshhashes[] = { #endif #if DROPBEAR_SHA2_512_HMAC {"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL}, -#endif -#if DROPBEAR_MD5_HMAC - {"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL}, #endif {NULL, 0, NULL, 0, NULL} }; diff --git a/crypto_desc.c b/crypto_desc.c index 5e0e960..d0dcc82 100644 --- a/crypto_desc.c +++ b/crypto_desc.c @@ -34,9 +34,6 @@ void crypto_init() { #if DROPBEAR_SHA1_HMAC &sha1_desc, #endif -#if DROPBEAR_MD5_HMAC - &md5_desc, -#endif #if DROPBEAR_SHA256 &sha256_desc, #endif diff --git a/libtomcrypt/src/headers/tomcrypt_dropbear.h b/libtomcrypt/src/headers/tomcrypt_dropbear.h index 46e84fb..e8e933e 100644 --- a/libtomcrypt/src/headers/tomcrypt_dropbear.h +++ b/libtomcrypt/src/headers/tomcrypt_dropbear.h @@ -54,10 +54,6 @@ #define LTC_SHA1 #endif -#if DROPBEAR_MD5 -#define LTC_MD5 -#endif - /* ECC */ #if DROPBEAR_ECC #define LTC_MECC diff --git a/sysoptions.h b/sysoptions.h index 8313ef9..0efb9bb 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -111,7 +111,6 @@ #define SHA1_HASH_SIZE 20 #define SHA256_HASH_SIZE 32 -#define MD5_HASH_SIZE 16 #define MAX_HASH_SIZE 64 /* sha512 */ #if DROPBEAR_CHACHA20POLY1305 @@ -134,11 +133,6 @@ #define DROPBEAR_SHA2_512_HMAC 0 #endif -/* might be needed for compatibility with very old implementations */ -#ifndef DROPBEAR_MD5_HMAC -#define DROPBEAR_MD5_HMAC 0 -#endif - #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA)) /* Debian doesn't define this in system headers */ @@ -184,7 +178,6 @@ #define DROPBEAR_SHA512 ((DROPBEAR_SHA2_512_HMAC) || (DROPBEAR_ECC_521) \ || (DROPBEAR_SHA384) || (DROPBEAR_DH_GROUP16) \ || (DROPBEAR_ED25519)) -#define DROPBEAR_MD5 (DROPBEAR_MD5_HMAC) #define DROPBEAR_DH_GROUP14 ((DROPBEAR_DH_GROUP14_SHA256) || (DROPBEAR_DH_GROUP14_SHA1))