From: Felix Fietkau Date: Sun, 10 Jan 2016 22:38:53 +0000 (+0000) Subject: dropbear: split out curve25519 support into a separate config option X-Git-Tag: reboot~918 X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=1455b5b89af9fecaf957393aa33878e85d2826a9;p=openwrt%2Fstaging%2Fpepe2k.git dropbear: split out curve25519 support into a separate config option Signed-off-by: Felix Fietkau SVN-Revision: 48195 --- diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in index e2a761034f..19ef71c0b2 100644 --- a/package/network/services/dropbear/Config.in +++ b/package/network/services/dropbear/Config.in @@ -1,6 +1,15 @@ menu "Configuration" depends on PACKAGE_dropbear +config DROPBEAR_CURVE25519 + bool "Curve25519 support" + default n + help + This enables the following key exchange algorithm: + curve25519-sha256@libssh.org + + Increases binary size by about 13 kB uncompressed (MIPS). + config DROPBEAR_ECC bool "Elliptic curve cryptography (ECC)" default n @@ -12,7 +21,6 @@ config DROPBEAR_ECC ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 - curve25519-sha256@libssh.org Public key algorithms: ecdsa-sha2-nistp256 @@ -22,6 +30,6 @@ config DROPBEAR_ECC Does not generate ECC host keys by default (ECC key exchange will not be used, only ECC public key auth). - Increases binary size by about 36 kB (MIPS). + Increases binary size by about 23 kB (MIPS). endmenu diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 4515165ad4..ca67ed3c60 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -23,7 +23,7 @@ PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE PKG_BUILD_PARALLEL:=1 PKG_USE_MIPS16:=0 -PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC +PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_CURVE25519 include $(INCLUDE_DIR)/package.mk @@ -80,9 +80,16 @@ TARGET_LDFLAGS += -Wl,--gc-sections define Build/Configure $(Build/Configure/Default) + awk 'BEGIN { rc = 1 } \ + /'DROPBEAR_CURVE25519'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_CURVE25519),,// )#define 'DROPBEAR_CURVE25519'"; rc = 0 } \ + { print } \ + END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \ + >$(PKG_BUILD_DIR)/options.h.new && \ + mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h + # Enforce that all replacements are made, otherwise options.h has changed # format and this logic is broken. - for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \ + for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH; do \ awk 'BEGIN { rc = 1 } \ /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \ { print } \