projects
/
openwrt
/
openwrt.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
dropbear: add option to enable modern crypto only
[openwrt/openwrt.git]
/
package
/
network
/
services
/
dropbear
/
patches
/
910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
diff --git
a/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
b/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
index 442fdcfc756d8887275605a0114a93ae326f1243..059177a1c58174d0e7304554f94b6d0f40181f34 100644
(file)
--- a/
package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
+++ b/
package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
@@
-21,7
+21,7
@@
Signed-off-by: Petr Štetiar <ynezz@true.cz>
--- a/signkey.c
+++ b/signkey.c
--- a/signkey.c
+++ b/signkey.c
-@@ -652,
8 +652,12
@@ int buf_verify(buffer * buf, sign_key *k
+@@ -652,
10 +652,18
@@ int buf_verify(buffer * buf, sign_key *k
sigtype = signature_type_from_name(type_name, type_name_len);
m_free(type_name);
sigtype = signature_type_from_name(type_name, type_name_len);
m_free(type_name);
@@
-29,10
+29,16
@@
Signed-off-by: Petr Štetiar <ynezz@true.cz>
- dropbear_exit("Non-matching signing type");
+ if (sigtype == DROPBEAR_SIGNATURE_NONE) {
+ dropbear_exit("No signature type");
- dropbear_exit("Non-matching signing type");
+ if (sigtype == DROPBEAR_SIGNATURE_NONE) {
+ dropbear_exit("No signature type");
-+ }
-+
-+ if ((expect_sigtype != DROPBEAR_SIGNATURE_RSA_SHA256) && (expect_sigtype != sigtype)) {
-+ dropbear_exit("Non-matching signing type");
}
}
++#if DROPBEAR_RSA
++#if DROPBEAR_RSA_SHA256
++ if ((expect_sigtype != DROPBEAR_SIGNATURE_RSA_SHA256) && (expect_sigtype != sigtype)) {
++ dropbear_exit("Non-matching signing type");
++ }
++#endif
++#endif
++
keytype = signkey_type_from_signature(sigtype);
keytype = signkey_type_from_signature(sigtype);
+ #if DROPBEAR_DSS
+ if (keytype == DROPBEAR_SIGNKEY_DSS) {