dropbear: update to 2014.63

Upstream changelog:
https://matt.ucc.asn.au/dropbear/CHANGES

This adds elliptic curve cryptography (ECC) support as an option, disabled
by default.

dropbear mips 34kc uClibc binary size:
before: 161,672 bytes
after, without ECC (default): 164,968
after, with ECC: 198,008

Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>

SVN-Revision: 40297
owl
Felix Fietkau 2014-03-29 16:59:26 +00:00
parent f5fce5e0da
commit ad52658be7
7 changed files with 61 additions and 52 deletions

View File

@ -0,0 +1,27 @@
menu "Configuration"
depends on PACKAGE_dropbear
config DROPBEAR_ECC
bool "Elliptic curve cryptography (ECC)"
default n
help
Enables elliptic curve cryptography (ECC) support in key exchange and public key
authentication.
Key exchange algorithms:
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
curve25519-sha256@libssh.org
Public key algorithms:
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
Does not generate ECC host keys by default (ECC key exchange will not be used,
only ECC public key auth).
Increases binary size by about 36 kB (MIPS).
endmenu

View File

@ -8,26 +8,32 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear
PKG_VERSION:=2013.59
PKG_VERSION:=2014.63
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
http://matt.ucc.asn.au/dropbear/releases/ \
https://dropbear.nl/mirror/releases/
PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9
PKG_MD5SUM:=7066bb9a2da708f3ed06314fdc9c47fd
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
PKG_BUILD_PARALLEL:=1
PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC
include $(INCLUDE_DIR)/package.mk
define Package/dropbear/Default
URL:=http://matt.ucc.asn.au/dropbear/
endef
define Package/dropbear/config
source "$(SOURCE)/Config.in"
endef
define Package/dropbear
$(call Package/dropbear/Default)
SECTION:=net
@ -72,6 +78,20 @@ CONFIGURE_ARGS += \
TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
define Build/Prepare
$(call Build/Prepare/Default)
# Enforce that all replacements are made, otherwise options.h has changed
# format and this logic is broken.
for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \
awk 'BEGIN { rc = 1 } \
/'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \
{ print } \
END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \
>$(PKG_BUILD_DIR)/options.h.new && \
mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \
done
endef
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \

View File

@ -1,6 +1,6 @@
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
@@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al
@@ -208,17 +208,21 @@ static int checkpubkey(unsigned char* al
goto out;
}
@ -33,7 +33,7 @@
if (authfile == NULL) {
goto out;
}
@@ -372,26 +376,35 @@ static int checkpubkeyperms() {
@@ -371,26 +375,35 @@ static int checkpubkeyperms() {
goto out;
}

View File

@ -1,6 +1,6 @@
--- a/options.h
+++ b/options.h
@@ -38,7 +38,7 @@
@@ -41,7 +41,7 @@
* Both of these flags can be defined at once, don't compile without at least
* one of them. */
#define NON_INETD_MODE
@ -9,16 +9,7 @@
/* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
* perhaps 20% slower for pubkey operations (it is probably worth experimenting
@@ -49,7 +49,7 @@
several kB in binary size however will make the symmetrical ciphers and hashes
slower, perhaps by 50%. Recommended for small systems that aren't doing
much traffic. */
-/*#define DROPBEAR_SMALL_CODE*/
+#define DROPBEAR_SMALL_CODE
/* Enable X11 Forwarding - server only */
#define ENABLE_X11FWD
@@ -78,7 +78,7 @@ much traffic. */
@@ -81,7 +81,7 @@ much traffic. */
/* Enable "Netcat mode" option. This will forward standard input/output
* to a remote TCP-forwarded connection */
@ -27,7 +18,7 @@
/* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
#define ENABLE_USER_ALGO_LIST
@@ -92,8 +92,8 @@ much traffic. */
@@ -95,8 +95,8 @@ much traffic. */
#define DROPBEAR_AES256
/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
/*#define DROPBEAR_BLOWFISH*/
@ -38,7 +29,7 @@
/* Enable "Counter Mode" for ciphers. This is more secure than normal
* CBC mode against certain attacks. This adds around 1kB to binary
@@ -119,7 +119,7 @@ much traffic. */
@@ -122,7 +122,7 @@ much traffic. */
* If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
* which are not the standard form. */
#define DROPBEAR_SHA1_HMAC
@ -47,7 +38,7 @@
/*#define DROPBEAR_SHA2_256_HMAC*/
/*#define DROPBEAR_SHA2_512_HMAC*/
#define DROPBEAR_MD5_HMAC
@@ -157,7 +157,7 @@ much traffic. */
@@ -175,7 +175,7 @@ much traffic. */
/* Whether to print the message of the day (MOTD). This doesn't add much code
* size */
@ -56,7 +47,7 @@
/* The MOTD file path */
#ifndef MOTD_FILENAME
@@ -195,7 +195,7 @@ much traffic. */
@@ -213,7 +213,7 @@ much traffic. */
* note that it will be provided for all "hidden" client-interactive
* style prompts - if you want something more sophisticated, use
* SSH_ASKPASS instead. Comment out this var to remove this functionality.*/

View File

@ -9,6 +9,6 @@
+#define DROPBEAR_CLIENT
+#endif
+
/******************************************************************
* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
* parts are to allow for commandline -DDROPBEAR_XXX options etc.
/* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
* parts are to allow for commandline -DDROPBEAR_XXX options etc. */

View File

@ -1,29 +0,0 @@
--- a/Makefile.in
+++ b/Makefile.in
@@ -56,7 +56,7 @@ HEADERS=options.h dbutil.h session.h pac
loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
listener.h fake-rfc2553.h
-dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) @CRYPTLIB@
+dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS)
dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
@@ -78,7 +78,7 @@ STRIP=@STRIP@
INSTALL=@INSTALL@
CPPFLAGS=@CPPFLAGS@
CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@
-LIBS+=@LIBS@
+LIBS+=@CRYPTLIB@ @LIBS@
LDFLAGS=@LDFLAGS@
EXEEXT=@EXEEXT@
@@ -168,7 +168,7 @@ scp: $(SCPOBJS) $(HEADERS) Makefile
# multi-binary compilation.
MULTIOBJS=
ifeq ($(MULTI),1)
- MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs))) @CRYPTLIB@
+ MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs)))
CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
endif

View File

@ -1,6 +1,6 @@
--- a/options.h
+++ b/options.h
@@ -301,7 +301,7 @@ be overridden at runtime with -I. 0 disa
@@ -318,7 +318,7 @@ be overridden at runtime with -I. 0 disa
#define DEFAULT_IDLE_TIMEOUT 0
/* The default path. This will often get replaced by the shell */