dropbear: split out curve25519 support into a separate config option

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 48195

diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index e2a761034fa64225439db4a18030dee75fb0775c..19ef71c0b21551f5951b44668481d8cc2ea944d7 100644 (file)
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -1,6 +1,15 @@
 menu "Configuration"
        depends on PACKAGE_dropbear
 
 menu "Configuration"
        depends on PACKAGE_dropbear
 

+config DROPBEAR_CURVE25519
+       bool "Curve25519 support"
+       default n
+       help
+               This enables the following key exchange algorithm:
+                 curve25519-sha256@libssh.org
+
+               Increases binary size by about 13 kB uncompressed (MIPS).
+

 config DROPBEAR_ECC
        bool "Elliptic curve cryptography (ECC)"
        default n
 config DROPBEAR_ECC
        bool "Elliptic curve cryptography (ECC)"
        default n


@@ -12,7 +21,6 @@ config DROPBEAR_ECC
                  ecdh-sha2-nistp256
                  ecdh-sha2-nistp384
                  ecdh-sha2-nistp521
                  ecdh-sha2-nistp256
                  ecdh-sha2-nistp384
                  ecdh-sha2-nistp521

-                 curve25519-sha256@libssh.org

 
                Public key algorithms:
                  ecdsa-sha2-nistp256
 
                Public key algorithms:
                  ecdsa-sha2-nistp256


@@ -22,6 +30,6 @@ config DROPBEAR_ECC
                Does not generate ECC host keys by default (ECC key exchange will not be used,
                only ECC public key auth).
 
                Does not generate ECC host keys by default (ECC key exchange will not be used,
                only ECC public key auth).
 

-               Increases binary size by about 36 kB (MIPS).
+               Increases binary size by about 23 kB (MIPS).

 
 endmenu
 
 endmenu

diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 4515165ad428480f346fe2832b6182db7cd25d3f..ca67ed3c6039957d57d38fbae03b1970db41512a 100644 (file)
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -23,7 +23,7 @@ PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
 PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0
 
 PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0
 

-PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC
+PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_CURVE25519

 
 include $(INCLUDE_DIR)/package.mk
 
 
 include $(INCLUDE_DIR)/package.mk
 


@@ -80,9 +80,16 @@ TARGET_LDFLAGS += -Wl,--gc-sections
 define Build/Configure
        $(Build/Configure/Default)
 
 define Build/Configure
        $(Build/Configure/Default)
 

+       awk 'BEGIN { rc = 1 } \
+            /'DROPBEAR_CURVE25519'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_CURVE25519),,// )#define 'DROPBEAR_CURVE25519'"; rc = 0 } \
+            { print } \
+            END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \
+            >$(PKG_BUILD_DIR)/options.h.new && \
+       mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h
+

        # Enforce that all replacements are made, otherwise options.h has changed
        # format and this logic is broken.
        # Enforce that all replacements are made, otherwise options.h has changed
        # format and this logic is broken.

-       for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \
+       for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH; do \

          awk 'BEGIN { rc = 1 } \
               /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \
               { print } \
          awk 'BEGIN { rc = 1 } \
               /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \
               { print } \