mirror of https://github.com/hak5/openwrt.git
dropbear: update to 2014.63
Upstream changelog: https://matt.ucc.asn.au/dropbear/CHANGES This adds elliptic curve cryptography (ECC) support as an option, disabled by default. dropbear mips 34kc uClibc binary size: before: 161,672 bytes after, without ECC (default): 164,968 after, with ECC: 198,008 Signed-off-by: Catalin Patulea <cat@vv.carleton.ca> SVN-Revision: 40297lede-17.01
parent
f5fce5e0da
commit
ad52658be7
|
@ -0,0 +1,27 @@
|
|||
menu "Configuration"
|
||||
depends on PACKAGE_dropbear
|
||||
|
||||
config DROPBEAR_ECC
|
||||
bool "Elliptic curve cryptography (ECC)"
|
||||
default n
|
||||
help
|
||||
Enables elliptic curve cryptography (ECC) support in key exchange and public key
|
||||
authentication.
|
||||
|
||||
Key exchange algorithms:
|
||||
ecdh-sha2-nistp256
|
||||
ecdh-sha2-nistp384
|
||||
ecdh-sha2-nistp521
|
||||
curve25519-sha256@libssh.org
|
||||
|
||||
Public key algorithms:
|
||||
ecdsa-sha2-nistp256
|
||||
ecdsa-sha2-nistp384
|
||||
ecdsa-sha2-nistp521
|
||||
|
||||
Does not generate ECC host keys by default (ECC key exchange will not be used,
|
||||
only ECC public key auth).
|
||||
|
||||
Increases binary size by about 36 kB (MIPS).
|
||||
|
||||
endmenu
|
|
@ -8,26 +8,32 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=dropbear
|
||||
PKG_VERSION:=2013.59
|
||||
PKG_VERSION:=2014.63
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||
PKG_SOURCE_URL:= \
|
||||
http://matt.ucc.asn.au/dropbear/releases/ \
|
||||
https://dropbear.nl/mirror/releases/
|
||||
PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9
|
||||
PKG_MD5SUM:=7066bb9a2da708f3ed06314fdc9c47fd
|
||||
|
||||
PKG_LICENSE:=MIT
|
||||
PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
|
||||
|
||||
PKG_BUILD_PARALLEL:=1
|
||||
|
||||
PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/dropbear/Default
|
||||
URL:=http://matt.ucc.asn.au/dropbear/
|
||||
endef
|
||||
|
||||
define Package/dropbear/config
|
||||
source "$(SOURCE)/Config.in"
|
||||
endef
|
||||
|
||||
define Package/dropbear
|
||||
$(call Package/dropbear/Default)
|
||||
SECTION:=net
|
||||
|
@ -72,6 +78,20 @@ CONFIGURE_ARGS += \
|
|||
TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections
|
||||
TARGET_LDFLAGS += -Wl,--gc-sections
|
||||
|
||||
define Build/Prepare
|
||||
$(call Build/Prepare/Default)
|
||||
# Enforce that all replacements are made, otherwise options.h has changed
|
||||
# format and this logic is broken.
|
||||
for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \
|
||||
awk 'BEGIN { rc = 1 } \
|
||||
/'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \
|
||||
{ print } \
|
||||
END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \
|
||||
>$(PKG_BUILD_DIR)/options.h.new && \
|
||||
mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \
|
||||
done
|
||||
endef
|
||||
|
||||
define Build/Compile
|
||||
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
|
||||
$(TARGET_CONFIGURE_OPTS) \
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
--- a/svr-authpubkey.c
|
||||
+++ b/svr-authpubkey.c
|
||||
@@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al
|
||||
@@ -208,17 +208,21 @@ static int checkpubkey(unsigned char* al
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -33,7 +33,7 @@
|
|||
if (authfile == NULL) {
|
||||
goto out;
|
||||
}
|
||||
@@ -372,26 +376,35 @@ static int checkpubkeyperms() {
|
||||
@@ -371,26 +375,35 @@ static int checkpubkeyperms() {
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
--- a/options.h
|
||||
+++ b/options.h
|
||||
@@ -38,7 +38,7 @@
|
||||
@@ -41,7 +41,7 @@
|
||||
* Both of these flags can be defined at once, don't compile without at least
|
||||
* one of them. */
|
||||
#define NON_INETD_MODE
|
||||
|
@ -9,16 +9,7 @@
|
|||
|
||||
/* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
|
||||
* perhaps 20% slower for pubkey operations (it is probably worth experimenting
|
||||
@@ -49,7 +49,7 @@
|
||||
several kB in binary size however will make the symmetrical ciphers and hashes
|
||||
slower, perhaps by 50%. Recommended for small systems that aren't doing
|
||||
much traffic. */
|
||||
-/*#define DROPBEAR_SMALL_CODE*/
|
||||
+#define DROPBEAR_SMALL_CODE
|
||||
|
||||
/* Enable X11 Forwarding - server only */
|
||||
#define ENABLE_X11FWD
|
||||
@@ -78,7 +78,7 @@ much traffic. */
|
||||
@@ -81,7 +81,7 @@ much traffic. */
|
||||
|
||||
/* Enable "Netcat mode" option. This will forward standard input/output
|
||||
* to a remote TCP-forwarded connection */
|
||||
|
@ -27,7 +18,7 @@
|
|||
|
||||
/* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
|
||||
#define ENABLE_USER_ALGO_LIST
|
||||
@@ -92,8 +92,8 @@ much traffic. */
|
||||
@@ -95,8 +95,8 @@ much traffic. */
|
||||
#define DROPBEAR_AES256
|
||||
/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
|
||||
/*#define DROPBEAR_BLOWFISH*/
|
||||
|
@ -38,7 +29,7 @@
|
|||
|
||||
/* Enable "Counter Mode" for ciphers. This is more secure than normal
|
||||
* CBC mode against certain attacks. This adds around 1kB to binary
|
||||
@@ -119,7 +119,7 @@ much traffic. */
|
||||
@@ -122,7 +122,7 @@ much traffic. */
|
||||
* If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
|
||||
* which are not the standard form. */
|
||||
#define DROPBEAR_SHA1_HMAC
|
||||
|
@ -47,7 +38,7 @@
|
|||
/*#define DROPBEAR_SHA2_256_HMAC*/
|
||||
/*#define DROPBEAR_SHA2_512_HMAC*/
|
||||
#define DROPBEAR_MD5_HMAC
|
||||
@@ -157,7 +157,7 @@ much traffic. */
|
||||
@@ -175,7 +175,7 @@ much traffic. */
|
||||
|
||||
/* Whether to print the message of the day (MOTD). This doesn't add much code
|
||||
* size */
|
||||
|
@ -56,7 +47,7 @@
|
|||
|
||||
/* The MOTD file path */
|
||||
#ifndef MOTD_FILENAME
|
||||
@@ -195,7 +195,7 @@ much traffic. */
|
||||
@@ -213,7 +213,7 @@ much traffic. */
|
||||
* note that it will be provided for all "hidden" client-interactive
|
||||
* style prompts - if you want something more sophisticated, use
|
||||
* SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
|
||||
|
|
|
@ -9,6 +9,6 @@
|
|||
+#define DROPBEAR_CLIENT
|
||||
+#endif
|
||||
+
|
||||
/******************************************************************
|
||||
* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
|
||||
* parts are to allow for commandline -DDROPBEAR_XXX options etc.
|
||||
/* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
|
||||
* parts are to allow for commandline -DDROPBEAR_XXX options etc. */
|
||||
|
||||
|
|
|
@ -1,29 +0,0 @@
|
|||
--- a/Makefile.in
|
||||
+++ b/Makefile.in
|
||||
@@ -56,7 +56,7 @@ HEADERS=options.h dbutil.h session.h pac
|
||||
loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
|
||||
listener.h fake-rfc2553.h
|
||||
|
||||
-dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) @CRYPTLIB@
|
||||
+dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS)
|
||||
dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
|
||||
dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
|
||||
dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
|
||||
@@ -78,7 +78,7 @@ STRIP=@STRIP@
|
||||
INSTALL=@INSTALL@
|
||||
CPPFLAGS=@CPPFLAGS@
|
||||
CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@
|
||||
-LIBS+=@LIBS@
|
||||
+LIBS+=@CRYPTLIB@ @LIBS@
|
||||
LDFLAGS=@LDFLAGS@
|
||||
|
||||
EXEEXT=@EXEEXT@
|
||||
@@ -168,7 +168,7 @@ scp: $(SCPOBJS) $(HEADERS) Makefile
|
||||
# multi-binary compilation.
|
||||
MULTIOBJS=
|
||||
ifeq ($(MULTI),1)
|
||||
- MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs))) @CRYPTLIB@
|
||||
+ MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs)))
|
||||
CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
|
||||
endif
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
--- a/options.h
|
||||
+++ b/options.h
|
||||
@@ -301,7 +301,7 @@ be overridden at runtime with -I. 0 disa
|
||||
@@ -318,7 +318,7 @@ be overridden at runtime with -I. 0 disa
|
||||
#define DEFAULT_IDLE_TIMEOUT 0
|
||||
|
||||
/* The default path. This will often get replaced by the shell */
|
||||
|
|
Loading…
Reference in New Issue