package/network/services/dropbear/patches/014-dropbearkey-ignore-unsupported-command-line-option.patch

   1 From ec26975d442163b66d1646a48e022bc8c2f1607a Mon Sep 17 00:00:00 2001
   2 From: Sergey Ponomarev <stokito@gmail.com>
   3 Date: Sun, 27 Aug 2023 00:07:05 +0300
   4 Subject: dropbearkey.c Ignore unsupported command line options
   5
   6 To generate non interactively a key with OpenSSH the simplest command is:
   7
   8 ssh-keygen -t ed25519 -q -N '' -f ~/.ssh/id_ed25519
   9
  10 The command has two options -q quiet and -N passphrase which aren't supported by the dropbearkey.
  11
  12 To improve interoperability add explicit ignoring of the -q and -N with empty passphrase.
  13 Also ignore the -v even if the DEBUG_TRACE is not set.
  14
  15 Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
  16 ---
  17  dropbearkey.c | 15 +++++++++++++--
  18  1 file changed, 13 insertions(+), 2 deletions(-)
  19
  20 --- a/dropbearkey.c
  21 +++ b/dropbearkey.c
  22 @@ -159,6 +159,7 @@ int main(int argc, char ** argv) {
  23         enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE;
  24         char * typetext = NULL;
  25         char * sizetext = NULL;
  26 +       char * passphrase = NULL;
  27         unsigned int bits = 0, genbits;
  28         int printpub = 0;
  29
  30 @@ -194,11 +195,16 @@ int main(int argc, char ** argv) {
  31                                         printhelp(argv[0]);
  32                                         exit(EXIT_SUCCESS);
  33                                         break;
  34 -#if DEBUG_TRACE
  35                                 case 'v':
  36 +#if DEBUG_TRACE
  37                                         debug_trace = DROPBEAR_VERBOSE_LEVEL;
  38 -                                       break;
  39  #endif
  40 +                                       break;
  41 +                               case 'q':
  42 +                                       break;  /* quiet is default */
  43 +                               case 'N':
  44 +                                       next = &passphrase;
  45 +                                       break;
  46                                 default:
  47                                         fprintf(stderr, "Unknown argument %s\n", argv[i]);
  48                                         printhelp(argv[0]);
  49 @@ -266,6 +272,11 @@ int main(int argc, char ** argv) {
  50                 check_signkey_bits(keytype, bits);;
  51         }
  52
  53 +       if (passphrase && *passphrase != '\0') {
  54 +               fprintf(stderr, "Only empty passphrase is supported\n");
  55 +               exit(EXIT_FAILURE);
  56 +       }
  57 +
  58         genbits = signkey_generate_get_bits(keytype, bits);
  59         fprintf(stderr, "Generating %u bit %s key, this may take a while...\n", genbits, typetext);
  60         if (signkey_generate(keytype, bits, filename, 0) == DROPBEAR_FAILURE)