From 1455b5b89af9fecaf957393aa33878e85d2826a9 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Sun, 10 Jan 2016 22:38:53 +0000
Subject: [PATCH] dropbear: split out curve25519 support into a separate config
 option

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48195
---
 package/network/services/dropbear/Config.in | 12 ++++++++++--
 package/network/services/dropbear/Makefile  | 11 +++++++++--
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index e2a761034f..19ef71c0b2 100644
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -1,6 +1,15 @@
 menu "Configuration"
 	depends on PACKAGE_dropbear
 
+config DROPBEAR_CURVE25519
+	bool "Curve25519 support"
+	default n
+	help
+		This enables the following key exchange algorithm:
+		  curve25519-sha256@libssh.org
+
+		Increases binary size by about 13 kB uncompressed (MIPS).
+
 config DROPBEAR_ECC
 	bool "Elliptic curve cryptography (ECC)"
 	default n
@@ -12,7 +21,6 @@ config DROPBEAR_ECC
 		  ecdh-sha2-nistp256
 		  ecdh-sha2-nistp384
 		  ecdh-sha2-nistp521
-		  curve25519-sha256@libssh.org
 
 		Public key algorithms:
 		  ecdsa-sha2-nistp256
@@ -22,6 +30,6 @@ config DROPBEAR_ECC
 		Does not generate ECC host keys by default (ECC key exchange will not be used,
 		only ECC public key auth).
 
-		Increases binary size by about 36 kB (MIPS).
+		Increases binary size by about 23 kB (MIPS).
 
 endmenu
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 4515165ad4..ca67ed3c60 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -23,7 +23,7 @@ PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
 PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0
 
-PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC
+PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC CONFIG_DROPBEAR_CURVE25519
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -80,9 +80,16 @@ TARGET_LDFLAGS += -Wl,--gc-sections
 define Build/Configure
 	$(Build/Configure/Default)
 
+	awk 'BEGIN { rc = 1 } \
+	     /'DROPBEAR_CURVE25519'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_CURVE25519),,// )#define 'DROPBEAR_CURVE25519'"; rc = 0 } \
+	     { print } \
+	     END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \
+	     >$(PKG_BUILD_DIR)/options.h.new && \
+	mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h
+
 	# Enforce that all replacements are made, otherwise options.h has changed
 	# format and this logic is broken.
-	for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \
+	for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH; do \
 	  awk 'BEGIN { rc = 1 } \
 	       /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \
 	       { print } \
-- 
GitLab