CC: dropbear: split out curve25519 support into a separate config option

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index e2a7610..19ef71c 100644 (file)
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -1,6 +1,15 @@
 menu "Configuration"
        depends on PACKAGE_dropbear
 
 menu "Configuration"
        depends on PACKAGE_dropbear
 

+config DROPBEAR_CURVE25519
+       bool "Curve25519 support"
+       default n
+       help
+               This enables the following key exchange algorithm:
+                 curve25519-sha256@libssh.org
+
+               Increases binary size by about 13 kB uncompressed (MIPS).
+

 config DROPBEAR_ECC
        bool "Elliptic curve cryptography (ECC)"
        default n
 config DROPBEAR_ECC
        bool "Elliptic curve cryptography (ECC)"
        default n


@@ -12,7 +21,6 @@ config DROPBEAR_ECC
                  ecdh-sha2-nistp256
                  ecdh-sha2-nistp384
                  ecdh-sha2-nistp521
                  ecdh-sha2-nistp256
                  ecdh-sha2-nistp384
                  ecdh-sha2-nistp521

-                 curve25519-sha256@libssh.org

 
                Public key algorithms:
                  ecdsa-sha2-nistp256
 
                Public key algorithms:
                  ecdsa-sha2-nistp256


@@ -22,6 +30,6 @@ config DROPBEAR_ECC
                Does not generate ECC host keys by default (ECC key exchange will not be used,
                only ECC public key auth).
 
                Does not generate ECC host keys by default (ECC key exchange will not be used,
                only ECC public key auth).
 

-               Increases binary size by about 36 kB (MIPS).
+               Increases binary size by about 23 kB (MIPS).

 
 endmenu
 
 endmenu

diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 4515165..ca67ed3 100644 (file)
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -23,7 +23,7 @@ PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
 PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0
 
 PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0
 

-PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC
+PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_CURVE25519

 
 include $(INCLUDE_DIR)/package.mk
 
 
 include $(INCLUDE_DIR)/package.mk
 


@@ -80,9 +80,16 @@ TARGET_LDFLAGS += -Wl,--gc-sections
 define Build/Configure
        $(Build/Configure/Default)
 
 define Build/Configure
        $(Build/Configure/Default)
 

+       awk 'BEGIN { rc = 1 } \
+            /'DROPBEAR_CURVE25519'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_CURVE25519),,// )#define 'DROPBEAR_CURVE25519'"; rc = 0 } \
+            { print } \
+            END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \
+            >$(PKG_BUILD_DIR)/options.h.new && \
+       mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h
+

        # Enforce that all replacements are made, otherwise options.h has changed
        # format and this logic is broken.
        # Enforce that all replacements are made, otherwise options.h has changed
        # format and this logic is broken.

-       for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \
+       for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH; do \

          awk 'BEGIN { rc = 1 } \
               /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \
               { print } \
          awk 'BEGIN { rc = 1 } \
               /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \
               { print } \