* [ptxdist] [PATCH 1/2] dropbear: version bump 2013.60 -> 2014.63
@ 2014-06-03 7:47 Bruno Thomsen
2014-06-03 7:47 ` [ptxdist] [PATCH 2/2] dropbear: Added Elliptic Curve Cryptography options Bruno Thomsen
2014-06-13 6:47 ` [ptxdist] [PATCH 1/2] dropbear: version bump 2013.60 -> 2014.63 Michael Olbrich
0 siblings, 2 replies; 4+ messages in thread
From: Bruno Thomsen @ 2014-06-03 7:47 UTC (permalink / raw)
To: ptxdist; +Cc: bth
Added ECC (elliptic curve) support with ECDSA hostkeys (requires
new keys to be generated) and ECDH for setting up
encryption keys (no intervention required).
Added new -R option to automatically generate hostkeys as needed
(recommended for embedded platforms).
Darwin patch is no longer needed due to mainline fix.
Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
---
.../0001-Fix-build-on-Darwin.patch | 43 --------------------
patches/dropbear-2013.60/series | 4 --
rules/dropbear.make | 4 +-
3 files changed, 2 insertions(+), 49 deletions(-)
delete mode 100644 patches/dropbear-2013.60/0001-Fix-build-on-Darwin.patch
delete mode 100644 patches/dropbear-2013.60/series
diff --git a/patches/dropbear-2013.60/0001-Fix-build-on-Darwin.patch b/patches/dropbear-2013.60/0001-Fix-build-on-Darwin.patch
deleted file mode 100644
index 1d5d539..0000000
--- a/patches/dropbear-2013.60/0001-Fix-build-on-Darwin.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From: Bernhard Walle <bernhard@bwalle.de>
-Date: Tue, 20 Mar 2012 08:28:57 +0100
-Subject: [PATCH] Fix build on Darwin
-
-From
-https://dev.openwrt.org/browser/trunk/package/dropbear/patches/200-lcrypt_bsdfix.patch?rev=25891.
-
-Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
----
- Makefile.in | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index bce11c8..e0ed668 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -56,7 +56,7 @@ HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \
- loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
- listener.h fake-rfc2553.h
-
--dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) @CRYPTLIB@
-+dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS)
- dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
- dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
- dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
-@@ -79,7 +79,7 @@ STRIP=@STRIP@
- INSTALL=@INSTALL@
- CPPFLAGS=@CPPFLAGS@
- CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@
--LIBS+=@LIBS@
-+LIBS+=@LIBS@ @CRYPTLIB@
- LDFLAGS=@LDFLAGS@
-
- EXEEXT=@EXEEXT@
-@@ -169,7 +169,7 @@ scp: $(SCPOBJS) $(HEADERS) Makefile
- # multi-binary compilation.
- MULTIOBJS=
- ifeq ($(MULTI),1)
-- MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs))) @CRYPTLIB@
-+ MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs)))
- CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
- endif
-
diff --git a/patches/dropbear-2013.60/series b/patches/dropbear-2013.60/series
deleted file mode 100644
index d9df7e0..0000000
--- a/patches/dropbear-2013.60/series
+++ /dev/null
@@ -1,4 +0,0 @@
-# generated by git-ptx-patches
-#tag:base --start-number 1
-0001-Fix-build-on-Darwin.patch
-# e4c948951d2fafee17a83f484c126a7e - git-ptx-patches magic
diff --git a/rules/dropbear.make b/rules/dropbear.make
index 60de9d4..5ab6fd3 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -18,8 +18,8 @@ PACKAGES-$(PTXCONF_DROPBEAR) += dropbear
#
# Paths and names
#
-DROPBEAR_VERSION := 2013.60
-DROPBEAR_MD5 := fffa2fec0c887201bed3a3cc6df7fa35
+DROPBEAR_VERSION := 2014.63
+DROPBEAR_MD5 := 7066bb9a2da708f3ed06314fdc9c47fd
DROPBEAR := dropbear-$(DROPBEAR_VERSION)
DROPBEAR_SUFFIX := tar.bz2
DROPBEAR_URL := http://matt.ucc.asn.au/dropbear/releases/$(DROPBEAR).$(DROPBEAR_SUFFIX)
--
1.7.9.5
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 4+ messages in thread
* [ptxdist] [PATCH 2/2] dropbear: Added Elliptic Curve Cryptography options.
2014-06-03 7:47 [ptxdist] [PATCH 1/2] dropbear: version bump 2013.60 -> 2014.63 Bruno Thomsen
@ 2014-06-03 7:47 ` Bruno Thomsen
2014-06-10 5:49 ` Michael Olbrich
2014-06-13 6:47 ` [ptxdist] [PATCH 1/2] dropbear: version bump 2013.60 -> 2014.63 Michael Olbrich
1 sibling, 1 reply; 4+ messages in thread
From: Bruno Thomsen @ 2014-06-03 7:47 UTC (permalink / raw)
To: ptxdist; +Cc: bth
Support for ecdsa, ecdh and curve25519-donna options.
Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
---
rules/dropbear.in | 27 +++++++++++++++++++++++++++
rules/dropbear.make | 24 ++++++++++++++++++++++++
2 files changed, 51 insertions(+)
diff --git a/rules/dropbear.in b/rules/dropbear.in
index 21301ba..c99d432 100644
--- a/rules/dropbear.in
+++ b/rules/dropbear.in
@@ -288,6 +288,33 @@ config DROPBEAR_DSS
key size). In contrast, RSA signature length is a function
of the key length employed.
+config DROPBEAR_ECDSA
+ bool
+ prompt "ecdsa"
+ default n
+ help
+ ECDSA stands for Elliptic Curve Digital Signature Algorithm.
+ ECDSA is significantly faster than RSA or DSS.
+
+config DROPBEAR_ECDH
+ bool
+ prompt "ecdh"
+ default n
+ help
+ ECDH stands for Elliptic Curve Diffie-Hellman.
+
+config DROPBEAR_CURVE25519
+ bool
+ depends on DROPBEAR_ECDSA || DROPBEAR_ECDH
+ prompt "curve25519-donna"
+ default n
+ help
+ Enable curve25519-donna for key exchange.
+ This is another elliptic curve method with good security properties.
+ This algorithm does not rely on NIST-based curves
+ and gives us more security confidence against a possible
+ backdoor in nistp-256 curve.
+
comment "Authentication types, at least one required --- RFC Draft requires pubkey auth"
config DROPBEAR_PASSWD
diff --git a/rules/dropbear.make b/rules/dropbear.make
index 5ab6fd3..5cbd4aa 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -222,6 +222,30 @@ else
@$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_DSS)
endif
+ifdef PTXCONF_DROPBEAR_ECDSA
+ @echo "ptxdist: enabling ecdsa"
+ @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA)
+else
+ @echo "ptxdist: disabling ecdsa"
+ @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA)
+endif
+
+ifdef PTXCONF_DROPBEAR_ECDH
+ @echo "ptxdist: enabling ecdh"
+ @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH)
+else
+ @echo "ptxdist: disabling ecdh"
+ @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH)
+endif
+
+ifdef PTXCONF_DROPBEAR_CURVE25519
+ @echo "ptxdist: enabling curve25519"
+ @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519)
+else
+ @echo "ptxdist: disabling curve25519"
+ @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519)
+endif
+
ifdef PTXCONF_DROPBEAR_PASSWD
@echo "ptxdist: enabling passwd"
@$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_PASSWORD_AUTH)
--
1.7.9.5
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [ptxdist] [PATCH 2/2] dropbear: Added Elliptic Curve Cryptography options.
2014-06-03 7:47 ` [ptxdist] [PATCH 2/2] dropbear: Added Elliptic Curve Cryptography options Bruno Thomsen
@ 2014-06-10 5:49 ` Michael Olbrich
0 siblings, 0 replies; 4+ messages in thread
From: Michael Olbrich @ 2014-06-10 5:49 UTC (permalink / raw)
To: ptxdist
On Tue, Jun 03, 2014 at 09:47:38AM +0200, Bruno Thomsen wrote:
> Support for ecdsa, ecdh and curve25519-donna options.
>
> Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
> ---
> rules/dropbear.in | 27 +++++++++++++++++++++++++++
> rules/dropbear.make | 24 ++++++++++++++++++++++++
> 2 files changed, 51 insertions(+)
>
> diff --git a/rules/dropbear.in b/rules/dropbear.in
> index 21301ba..c99d432 100644
> --- a/rules/dropbear.in
> +++ b/rules/dropbear.in
> @@ -288,6 +288,33 @@ config DROPBEAR_DSS
> key size). In contrast, RSA signature length is a function
> of the key length employed.
>
> +config DROPBEAR_ECDSA
> + bool
> + prompt "ecdsa"
> + default n
drop this line. It's redundant.
> + help
> + ECDSA stands for Elliptic Curve Digital Signature Algorithm.
> + ECDSA is significantly faster than RSA or DSS.
> +
> +config DROPBEAR_ECDH
> + bool
> + prompt "ecdh"
> + default n
Here as well.
> + help
> + ECDH stands for Elliptic Curve Diffie-Hellman.
> +
> +config DROPBEAR_CURVE25519
> + bool
> + depends on DROPBEAR_ECDSA || DROPBEAR_ECDH
> + prompt "curve25519-donna"
> + default n
And here.
Michael
> + help
> + Enable curve25519-donna for key exchange.
> + This is another elliptic curve method with good security properties.
> + This algorithm does not rely on NIST-based curves
> + and gives us more security confidence against a possible
> + backdoor in nistp-256 curve.
> +
> comment "Authentication types, at least one required --- RFC Draft requires pubkey auth"
>
> config DROPBEAR_PASSWD
> diff --git a/rules/dropbear.make b/rules/dropbear.make
> index 5ab6fd3..5cbd4aa 100644
> --- a/rules/dropbear.make
> +++ b/rules/dropbear.make
> @@ -222,6 +222,30 @@ else
> @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_DSS)
> endif
>
> +ifdef PTXCONF_DROPBEAR_ECDSA
> + @echo "ptxdist: enabling ecdsa"
> + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA)
> +else
> + @echo "ptxdist: disabling ecdsa"
> + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDSA)
> +endif
> +
> +ifdef PTXCONF_DROPBEAR_ECDH
> + @echo "ptxdist: enabling ecdh"
> + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH)
> +else
> + @echo "ptxdist: disabling ecdh"
> + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ECDH)
> +endif
> +
> +ifdef PTXCONF_DROPBEAR_CURVE25519
> + @echo "ptxdist: enabling curve25519"
> + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519)
> +else
> + @echo "ptxdist: disabling curve25519"
> + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_CURVE25519)
> +endif
> +
> ifdef PTXCONF_DROPBEAR_PASSWD
> @echo "ptxdist: enabling passwd"
> @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_PASSWORD_AUTH)
> --
> 1.7.9.5
>
>
> --
> ptxdist mailing list
> ptxdist@pengutronix.de
>
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [ptxdist] [PATCH 1/2] dropbear: version bump 2013.60 -> 2014.63
2014-06-03 7:47 [ptxdist] [PATCH 1/2] dropbear: version bump 2013.60 -> 2014.63 Bruno Thomsen
2014-06-03 7:47 ` [ptxdist] [PATCH 2/2] dropbear: Added Elliptic Curve Cryptography options Bruno Thomsen
@ 2014-06-13 6:47 ` Michael Olbrich
1 sibling, 0 replies; 4+ messages in thread
From: Michael Olbrich @ 2014-06-13 6:47 UTC (permalink / raw)
To: ptxdist
On Tue, Jun 03, 2014 at 09:47:37AM +0200, Bruno Thomsen wrote:
> Added ECC (elliptic curve) support with ECDSA hostkeys (requires
> new keys to be generated) and ECDH for setting up
> encryption keys (no intervention required).
> Added new -R option to automatically generate hostkeys as needed
> (recommended for embedded platforms).
> Darwin patch is no longer needed due to mainline fix.
>
> Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
> ---
I've applied this one.
Michael
> .../0001-Fix-build-on-Darwin.patch | 43 --------------------
> patches/dropbear-2013.60/series | 4 --
> rules/dropbear.make | 4 +-
> 3 files changed, 2 insertions(+), 49 deletions(-)
> delete mode 100644 patches/dropbear-2013.60/0001-Fix-build-on-Darwin.patch
> delete mode 100644 patches/dropbear-2013.60/series
>
> diff --git a/patches/dropbear-2013.60/0001-Fix-build-on-Darwin.patch b/patches/dropbear-2013.60/0001-Fix-build-on-Darwin.patch
> deleted file mode 100644
> index 1d5d539..0000000
> --- a/patches/dropbear-2013.60/0001-Fix-build-on-Darwin.patch
> +++ /dev/null
> @@ -1,43 +0,0 @@
> -From: Bernhard Walle <bernhard@bwalle.de>
> -Date: Tue, 20 Mar 2012 08:28:57 +0100
> -Subject: [PATCH] Fix build on Darwin
> -
> -From
> -https://dev.openwrt.org/browser/trunk/package/dropbear/patches/200-lcrypt_bsdfix.patch?rev=25891.
> -
> -Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
> ----
> - Makefile.in | 6 +++---
> - 1 file changed, 3 insertions(+), 3 deletions(-)
> -
> -diff --git a/Makefile.in b/Makefile.in
> -index bce11c8..e0ed668 100644
> ---- a/Makefile.in
> -+++ b/Makefile.in
> -@@ -56,7 +56,7 @@ HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \
> - loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
> - listener.h fake-rfc2553.h
> -
> --dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) @CRYPTLIB@
> -+dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS)
> - dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
> - dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
> - dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
> -@@ -79,7 +79,7 @@ STRIP=@STRIP@
> - INSTALL=@INSTALL@
> - CPPFLAGS=@CPPFLAGS@
> - CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@
> --LIBS+=@LIBS@
> -+LIBS+=@LIBS@ @CRYPTLIB@
> - LDFLAGS=@LDFLAGS@
> -
> - EXEEXT=@EXEEXT@
> -@@ -169,7 +169,7 @@ scp: $(SCPOBJS) $(HEADERS) Makefile
> - # multi-binary compilation.
> - MULTIOBJS=
> - ifeq ($(MULTI),1)
> -- MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs))) @CRYPTLIB@
> -+ MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs)))
> - CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
> - endif
> -
> diff --git a/patches/dropbear-2013.60/series b/patches/dropbear-2013.60/series
> deleted file mode 100644
> index d9df7e0..0000000
> --- a/patches/dropbear-2013.60/series
> +++ /dev/null
> @@ -1,4 +0,0 @@
> -# generated by git-ptx-patches
> -#tag:base --start-number 1
> -0001-Fix-build-on-Darwin.patch
> -# e4c948951d2fafee17a83f484c126a7e - git-ptx-patches magic
> diff --git a/rules/dropbear.make b/rules/dropbear.make
> index 60de9d4..5ab6fd3 100644
> --- a/rules/dropbear.make
> +++ b/rules/dropbear.make
> @@ -18,8 +18,8 @@ PACKAGES-$(PTXCONF_DROPBEAR) += dropbear
> #
> # Paths and names
> #
> -DROPBEAR_VERSION := 2013.60
> -DROPBEAR_MD5 := fffa2fec0c887201bed3a3cc6df7fa35
> +DROPBEAR_VERSION := 2014.63
> +DROPBEAR_MD5 := 7066bb9a2da708f3ed06314fdc9c47fd
> DROPBEAR := dropbear-$(DROPBEAR_VERSION)
> DROPBEAR_SUFFIX := tar.bz2
> DROPBEAR_URL := http://matt.ucc.asn.au/dropbear/releases/$(DROPBEAR).$(DROPBEAR_SUFFIX)
> --
> 1.7.9.5
>
>
> --
> ptxdist mailing list
> ptxdist@pengutronix.de
>
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-06-13 6:47 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-03 7:47 [ptxdist] [PATCH 1/2] dropbear: version bump 2013.60 -> 2014.63 Bruno Thomsen
2014-06-03 7:47 ` [ptxdist] [PATCH 2/2] dropbear: Added Elliptic Curve Cryptography options Bruno Thomsen
2014-06-10 5:49 ` Michael Olbrich
2014-06-13 6:47 ` [ptxdist] [PATCH 1/2] dropbear: version bump 2013.60 -> 2014.63 Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox