dropbear: add option to enable modern crypto only

[openwrt/openwrt.git] / package / network / services / dropbear / patches / 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch

diff --git a/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch b/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
index 442fdcfc756d8887275605a0114a93ae326f1243..059177a1c58174d0e7304554f94b6d0f40181f34 100644 (file)
--- a/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
+++ b/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
@@ -21,7 +21,7 @@ Signed-off-by: Petr Štetiar <ynezz@true.cz>
 
 --- a/signkey.c
 +++ b/signkey.c
-@@ -652,8 +652,12 @@ int buf_verify(buffer * buf, sign_key *k
+@@ -652,10 +652,18 @@ int buf_verify(buffer * buf, sign_key *k
        sigtype = signature_type_from_name(type_name, type_name_len);
        m_free(type_name);
  
@@ -29,10 +29,16 @@ Signed-off-by: Petr Štetiar <ynezz@true.cz>
 -                      dropbear_exit("Non-matching signing type");
 +      if (sigtype == DROPBEAR_SIGNATURE_NONE) {
 +              dropbear_exit("No signature type");
-+      }
-+
-+      if ((expect_sigtype != DROPBEAR_SIGNATURE_RSA_SHA256) && (expect_sigtype != sigtype)) {
-+              dropbear_exit("Non-matching signing type");
        }
  
++#if DROPBEAR_RSA
++#if DROPBEAR_RSA_SHA256
++      if ((expect_sigtype != DROPBEAR_SIGNATURE_RSA_SHA256) && (expect_sigtype != sigtype)) {
++              dropbear_exit("Non-matching signing type");
++      }
++#endif
++#endif
++
        keytype = signkey_type_from_signature(sigtype);
+ #if DROPBEAR_DSS
+       if (keytype == DROPBEAR_SIGNKEY_DSS) {