[LEDE-DEV] [PATCH] openssl: Remove RIPEMD-160 from OpenSSL

Alexandru Ardelean ardeleanalex at gmail.com
Mon Mar 27 23:09:08 PDT 2017


On Tue, Mar 28, 2017 at 1:45 AM, txt.file <txt.file at txtfile.eu> wrote:
> The topic and patch is about OpenSSL but description is about OpenSSH.
> What has OpenSSL to do with OpenSSH?
>
> kind regards
> txt.file
> --
> This message is signed.
>
> Rosen Penev:
>> The commit that removed no-ripemd stated that it was needed for openssh.
>> However with recent OpenSSH releases (7.4), RIPEMD-160 is run-time disabled.
>> I've verified this with ssh -vvv making no mention of RIPEMD-160 anywhere.
>> ---
>>  package/libs/openssl/Makefile | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
>> index 2543a46..a2d3ce3 100644
>> --- a/package/libs/openssl/Makefile
>> +++ b/package/libs/openssl/Makefile
>> @@ -100,7 +100,7 @@ endef
>>
>>
>>  OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia no-krb5 \
>> - no-whrlpool no-whirlpool no-seed no-jpake
>> + no-whrlpool no-whirlpool no-seed no-jpake no-ripemd
>>  OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 no-ssl2-method no-heartbeats
>>
>>  ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
>>
>
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
>

as far as things go, openssh is part of the package feeds here:
https://github.com/openwrt/packages/tree/master/net/openssh

while openssl is part of the core packages
removing this cipher if unused, makes sense also to reduce openssl size

my 2c :)

thanks
Alex



More information about the Lede-dev mailing list