This allows the user to select only the encryption algorithms (s)he requires (e.g., disabling AES and keeping only ChaCha20-Poly1305). The default selection maintains the current functionality.
Additionally, make sure at least one encryption algorithm is selected, lest the build would fail. Signed-off-by: Rui Salvaterra <rsalvate...@gmail.com> --- package/network/services/dropbear/Config.in | 21 +++++++++++++++++++++ package/network/services/dropbear/Makefile | 4 +++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in index 5b7be04ade..6d2b4cdfae 100644 --- a/package/network/services/dropbear/Config.in +++ b/package/network/services/dropbear/Config.in @@ -64,6 +64,20 @@ config DROPBEAR_AUTOSEL_PK endmenu +menu "Encryption algorithm selection" + +config DROPBEAR_AES128 + bool "AES-128 support" + default y + help + This enables support for the 128-bit AES cipher + +config DROPBEAR_AES256 + bool "AES-256 support" + default y + help + This enables support for the 256-bit AES cipher + config DROPBEAR_CHACHA20POLY1305 bool "Chacha20-Poly1305 support" default y @@ -73,6 +87,13 @@ config DROPBEAR_CHACHA20POLY1305 Increases binary size by about 4 kB (MIPS). +config DROPBEAR_AUTOSEL_EA + def_bool y + depends on !(DROPBEAR_AES256 || DROPBEAR_CHACHA20POLY1305) + select DROPBEAR_AES128 + +endmenu + config DROPBEAR_CURVE25519 bool "Curve25519 support" default y diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index d0b6a4b7ea..1d131455a2 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -33,7 +33,7 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \ CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \ CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS \ - CONFIG_DROPBEAR_RSA + CONFIG_DROPBEAR_RSA CONFIG_DROPBEAR_AES128 CONFIG_DROPBEAR_AES256 include $(INCLUDE_DIR)/package.mk @@ -139,6 +139,8 @@ DB_OPT_CONFIG = \ !!DROPBEAR_ECC_521|CONFIG_DROPBEAR_ECC_FULL|1|0 \ DROPBEAR_CLI_ASKPASS_HELPER|CONFIG_DROPBEAR_ASKPASS|1|0 \ DROPBEAR_RSA|CONFIG_DROPBEAR_RSA|1|0 \ + DROPBEAR_AES128|CONFIG_DROPBEAR_AES128|1|0 \ + DROPBEAR_AES256|CONFIG_DROPBEAR_AES256|1|0 TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections -flto TARGET_LDFLAGS += -Wl,--gc-sections -flto=jobserver -- 2.29.2 _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel