Changeset 40297

Timestamp:

2014-03-29T17:59:26+01:00 (4 years ago)

Author:

nbd

Message:

dropbear: update to 2014.63

Upstream changelog:
​https://matt.ucc.asn.au/dropbear/CHANGES

This adds elliptic curve cryptography (ECC) support as an option, disabled
by default.

dropbear mips 34kc uClibc binary size:
before: 161,672 bytes
after, without ECC (default): 164,968
after, with ECC: 198,008

Signed-off-by: Catalin Patulea <cat@…>

Location:

trunk/package/network/services/dropbear

Files:

• Config.in (added)
• Makefile (modified) (4 diffs)
• patches/100-pubkey_path.patch (modified) (2 diffs)
• patches/120-openwrt_options.patch (modified) (6 diffs)
• patches/150-dbconvert_standalone.patch (modified) (1 diff)
• patches/200-lcrypt_bsdfix.patch (deleted)
• patches/500-set-default-path.patch (modified) (1 diff)

trunk/package/network/services/dropbear/Makefile

@@ -9 +9 @@
 
 PKG_NAME:=dropbear
-PKG_VERSION:=2013.59
+PKG_VERSION:=2014.63
 PKG_RELEASE:=1
 
@@ -16 +16 @@
         http://matt.ucc.asn.au/dropbear/releases/ \
         https://dropbear.nl/mirror/releases/
-PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9
+PKG_MD5SUM:=7066bb9a2da708f3ed06314fdc9c47fd
 
 PKG_LICENSE:=MIT
@@ -23 +23 @@
 PKG_BUILD_PARALLEL:=1
 
+PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/dropbear/Default
   URL:=http://matt.ucc.asn.au/dropbear/
+endef
+
+define Package/dropbear/config
+        source "$(SOURCE)/Config.in"
 endef
 
@@ -73 +79 @@
 TARGET_LDFLAGS += -Wl,--gc-sections
 
+define Build/Prepare
+        $(call Build/Prepare/Default)
+        # Enforce that all replacements are made, otherwise options.h has changed
+        # format and this logic is broken.
+        for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \
+          awk 'BEGIN { rc = 1 } \
+               /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \
+               { print } \
+               END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \
+               >$(PKG_BUILD_DIR)/options.h.new && \
+          mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \
+        done
+endef
+
 define Build/Compile
         +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \

trunk/package/network/services/dropbear/patches/100-pubkey_path.patch

@@ -1 +1 @@
 --- a/svr-authpubkey.c
 +++ b/svr-authpubkey.c
-@@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al
+@@ -208,17 +208,21 @@ static int checkpubkey(unsigned char* al
                 goto out;
         }
@@ -34 +34 @@
                 goto out;
         }
-@@ -372,26 +376,35 @@ static int checkpubkeyperms() {
+@@ -371,26 +375,35 @@ static int checkpubkeyperms() {
                 goto out;
         }

trunk/package/network/services/dropbear/patches/120-openwrt_options.patch

@@ -1 +1 @@
 --- a/options.h
 +++ b/options.h
-@@ -38,7 +38,7 @@
+@@ -41,7 +41,7 @@
   * Both of these flags can be defined at once, don't compile without at least
   * one of them. */
@@ -10 +10 @@
  /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
   * perhaps 20% slower for pubkey operations (it is probably worth experimenting
-@@ -49,7 +49,7 @@
- several kB in binary size however will make the symmetrical ciphers and hashes
- slower, perhaps by 50%. Recommended for small systems that aren't doing
- much traffic. */
--/*#define DROPBEAR_SMALL_CODE*/
-+#define DROPBEAR_SMALL_CODE
- 
- /* Enable X11 Forwarding - server only */
- #define ENABLE_X11FWD
-@@ -78,7 +78,7 @@ much traffic. */
+@@ -81,7 +81,7 @@ much traffic. */
  
  /* Enable "Netcat mode" option. This will forward standard input/output
@@ -28 +19 @@
  /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
  #define ENABLE_USER_ALGO_LIST
-@@ -92,8 +92,8 @@ much traffic. */
+@@ -95,8 +95,8 @@ much traffic. */
  #define DROPBEAR_AES256
  /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
@@ -39 +30 @@
  /* Enable "Counter Mode" for ciphers. This is more secure than normal
   * CBC mode against certain attacks. This adds around 1kB to binary 
-@@ -119,7 +119,7 @@ much traffic. */
+@@ -122,7 +122,7 @@ much traffic. */
   * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
   * which are not the standard form. */
@@ -48 +39 @@
  /*#define DROPBEAR_SHA2_512_HMAC*/
  #define DROPBEAR_MD5_HMAC
-@@ -157,7 +157,7 @@ much traffic. */
+@@ -175,7 +175,7 @@ much traffic. */
  
  /* Whether to print the message of the day (MOTD). This doesn't add much code
@@ -57 +48 @@
  /* The MOTD file path */
  #ifndef MOTD_FILENAME
-@@ -195,7 +195,7 @@ much traffic. */
+@@ -213,7 +213,7 @@ much traffic. */
   * note that it will be provided for all "hidden" client-interactive
   * style prompts - if you want something more sophisticated, use 

trunk/package/network/services/dropbear/patches/150-dbconvert_standalone.patch

@@ -10 +10 @@
 +#endif
 +
- /******************************************************************
-  * Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
-  * parts are to allow for commandline -DDROPBEAR_XXX options etc.
+ /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
+  * parts are to allow for commandline -DDROPBEAR_XXX options etc. */
+ 

trunk/package/network/services/dropbear/patches/500-set-default-path.patch

@@ -1 +1 @@
 --- a/options.h
 +++ b/options.h
-@@ -301,7 +301,7 @@ be overridden at runtime with -I. 0 disa
+@@ -318,7 +318,7 @@ be overridden at runtime with -I. 0 disa
  #define DEFAULT_IDLE_TIMEOUT 0