From: Felix Fietkau Date: Thu, 31 Aug 2017 06:46:10 +0000 (+0200) Subject: CC: dropbear: split out curve25519 support into a separate config option X-Git-Url: https://git.archive.openwrt.org/?p=15.05%2Fopenwrt.git;a=commitdiff_plain;h=3e107d670cb029cf24d41229ffb84c9ab59d7e80;ds=sidebyside CC: dropbear: split out curve25519 support into a separate config option Signed-off-by: Felix Fietkau --- diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in index e2a761034f..19ef71c0b2 100644 --- a/package/network/services/dropbear/Config.in +++ b/package/network/services/dropbear/Config.in @@ -1,6 +1,15 @@ menu "Configuration" depends on PACKAGE_dropbear +config DROPBEAR_CURVE25519 + bool "Curve25519 support" + default n + help + This enables the following key exchange algorithm: + curve25519-sha256@libssh.org + + Increases binary size by about 13 kB uncompressed (MIPS). + config DROPBEAR_ECC bool "Elliptic curve cryptography (ECC)" default n @@ -12,7 +21,6 @@ config DROPBEAR_ECC ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 - curve25519-sha256@libssh.org Public key algorithms: ecdsa-sha2-nistp256 @@ -22,6 +30,6 @@ config DROPBEAR_ECC Does not generate ECC host keys by default (ECC key exchange will not be used, only ECC public key auth). - Increases binary size by about 36 kB (MIPS). + Increases binary size by about 23 kB (MIPS). endmenu diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 4515165ad4..ca67ed3c60 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -23,7 +23,7 @@ PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE PKG_BUILD_PARALLEL:=1 PKG_USE_MIPS16:=0 -PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC +PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_CURVE25519 include $(INCLUDE_DIR)/package.mk @@ -80,9 +80,16 @@ TARGET_LDFLAGS += -Wl,--gc-sections define Build/Configure $(Build/Configure/Default) + awk 'BEGIN { rc = 1 } \ + /'DROPBEAR_CURVE25519'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_CURVE25519),,// )#define 'DROPBEAR_CURVE25519'"; rc = 0 } \ + { print } \ + END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \ + >$(PKG_BUILD_DIR)/options.h.new && \ + mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h + # Enforce that all replacements are made, otherwise options.h has changed # format and this logic is broken. - for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \ + for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH; do \ awk 'BEGIN { rc = 1 } \ /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \ { print } \