aboutsummaryrefslogtreecommitdiff
path: root/package/dropbear/0001-only-advertise-single-server-ecdsa-key-when-R-is-used.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/dropbear/0001-only-advertise-single-server-ecdsa-key-when-R-is-used.patch')
-rw-r--r--package/dropbear/0001-only-advertise-single-server-ecdsa-key-when-R-is-used.patch113
1 files changed, 0 insertions, 113 deletions
diff --git a/package/dropbear/0001-only-advertise-single-server-ecdsa-key-when-R-is-used.patch b/package/dropbear/0001-only-advertise-single-server-ecdsa-key-when-R-is-used.patch
deleted file mode 100644
index 1467e3bc2d..0000000000
--- a/package/dropbear/0001-only-advertise-single-server-ecdsa-key-when-R-is-used.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-# HG changeset patch
-# User Matt Johnston <matt@ucc.asn.au>
-# Date 1520519133 -28800
-# Node ID 0dc3103a5900971d1d06d9101e062ddbd1112436
-# Parent 0f149d63068d90705db7fb52c8dea15ff32eedd7
-Only advertise a single server ecdsa key when -R (generate as required) is
-specified. Fixes -R now that default ecdsa key size has changed.
-
-Upstream-URL: https://secure.ucc.asn.au/hg/dropbear/rev/0dc3103a5900
-Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-diff -r 0f149d63068d -r 0dc3103a5900 svr-runopts.c
---- a/svr-runopts.c Thu Mar 08 22:22:11 2018 +0800
-+++ b/svr-runopts.c Thu Mar 08 22:25:33 2018 +0800
-@@ -526,8 +526,10 @@
-
- void load_all_hostkeys() {
- int i;
-- int disable_unset_keys = 1;
- int any_keys = 0;
-+#ifdef DROPBEAR_ECDSA
-+ int loaded_any_ecdsa = 0;
-+#endif
-
- svr_opts.hostkey = new_sign_key();
-
-@@ -552,14 +554,8 @@
- #endif
- }
-
--#if DROPBEAR_DELAY_HOSTKEY
-- if (svr_opts.delay_hostkey) {
-- disable_unset_keys = 0;
-- }
--#endif
--
- #if DROPBEAR_RSA
-- if (disable_unset_keys && !svr_opts.hostkey->rsakey) {
-+ if (!svr_opts.delay_hostkey && !svr_opts.hostkey->rsakey) {
- disablekey(DROPBEAR_SIGNKEY_RSA);
- } else {
- any_keys = 1;
-@@ -567,39 +563,54 @@
- #endif
-
- #if DROPBEAR_DSS
-- if (disable_unset_keys && !svr_opts.hostkey->dsskey) {
-+ if (!svr_opts.delay_hostkey && !svr_opts.hostkey->dsskey) {
- disablekey(DROPBEAR_SIGNKEY_DSS);
- } else {
- any_keys = 1;
- }
- #endif
-
-+#if DROPBEAR_ECDSA
-+ /* We want to advertise a single ecdsa algorithm size.
-+ - If there is a ecdsa hostkey at startup we choose that that size.
-+ - If we generate at runtime we choose the default ecdsa size.
-+ - Otherwise no ecdsa keys will be advertised */
-
--#if DROPBEAR_ECDSA
-+ /* check if any keys were loaded at startup */
-+ loaded_any_ecdsa =
-+ 0
- #if DROPBEAR_ECC_256
-- if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 256)
-- && !svr_opts.hostkey->ecckey256) {
-+ || svr_opts.hostkey->ecckey256
-+#endif
-+#if DROPBEAR_ECC_384
-+ || svr_opts.hostkey->ecckey384
-+#endif
-+#if DROPBEAR_ECC_521
-+ || svr_opts.hostkey->ecckey521
-+#endif
-+ ;
-+ any_keys |= loaded_any_ecdsa;
-+
-+ /* Or an ecdsa key could be generated at runtime */
-+ any_keys |= svr_opts.delay_hostkey;
-+
-+ /* At most one ecdsa key size will be left enabled */
-+#if DROPBEAR_ECC_256
-+ if (!svr_opts.hostkey->ecckey256
-+ && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 256 )) {
- disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP256);
-- } else {
-- any_keys = 1;
- }
- #endif
--
- #if DROPBEAR_ECC_384
-- if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 384)
-- && !svr_opts.hostkey->ecckey384) {
-+ if (!svr_opts.hostkey->ecckey384
-+ && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 384 )) {
- disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP384);
-- } else {
-- any_keys = 1;
- }
- #endif
--
- #if DROPBEAR_ECC_521
-- if ((disable_unset_keys || ECDSA_DEFAULT_SIZE != 521)
-- && !svr_opts.hostkey->ecckey521) {
-+ if (!svr_opts.hostkey->ecckey521
-+ && (!svr_opts.delay_hostkey || loaded_any_ecdsa || ECDSA_DEFAULT_SIZE != 521 )) {
- disablekey(DROPBEAR_SIGNKEY_ECDSA_NISTP521);
-- } else {
-- any_keys = 1;
- }
- #endif
- #endif /* DROPBEAR_ECDSA */
-