@@ -94,6 +94,16 @@ config DROPBEAR_AUTOSEL_EA
endmenu
+menu "Key exchange algorithm selection"
+
+config DROPBEAR_DH_GROUP14_SHA1
+ bool "Group 14 SHA-1"
+ default y
+
+config DROPBEAR_DH_GROUP14_SHA256
+ bool "Group 14 SHA-256"
+ default y
+
config DROPBEAR_CURVE25519
bool "Curve25519 support"
default y
@@ -103,6 +113,13 @@ config DROPBEAR_CURVE25519
Increases binary size by about 4 kB (MIPS).
+config DROPBEAR_AUTOSEL_KEX
+ def_bool y
+ depends on !(DROPBEAR_DH_GROUP14_SHA1 || DROPBEAR_CURVE25519)
+ select DROPBEAR_DH_GROUP14_SHA256
+
+endmenu
+
config DROPBEAR_ZLIB
bool "Enable compression"
default n
@@ -33,7 +33,8 @@ PKG_CONFIG_DEPENDS:= \
CONFIG_DROPBEAR_ED25519 CONFIG_DROPBEAR_CHACHA20POLY1305 \
CONFIG_DROPBEAR_UTMP CONFIG_DROPBEAR_PUTUTLINE \
CONFIG_DROPBEAR_DBCLIENT CONFIG_DROPBEAR_SCP CONFIG_DROPBEAR_ASKPASS \
- CONFIG_DROPBEAR_RSA CONFIG_DROPBEAR_AES128 CONFIG_DROPBEAR_AES256
+ CONFIG_DROPBEAR_RSA CONFIG_DROPBEAR_AES128 CONFIG_DROPBEAR_AES256 \
+ DROPBEAR_DH_GROUP14_SHA1 DROPBEAR_DH_GROUP14_SHA256
include $(INCLUDE_DIR)/package.mk
@@ -140,7 +141,9 @@ DB_OPT_CONFIG = \
DROPBEAR_CLI_ASKPASS_HELPER|CONFIG_DROPBEAR_ASKPASS|1|0 \
DROPBEAR_RSA|CONFIG_DROPBEAR_RSA|1|0 \
DROPBEAR_AES128|CONFIG_DROPBEAR_AES128|1|0 \
- DROPBEAR_AES256|CONFIG_DROPBEAR_AES256|1|0
+ DROPBEAR_AES256|CONFIG_DROPBEAR_AES256|1|0 \
+ DROPBEAR_DH_GROUP14_SHA1|CONFIG_DROPBEAR_DH_GROUP14_SHA1|1|0 \
+ DROPBEAR_DH_GROUP14_SHA256|CONFIG_DROPBEAR_DH_GROUP14_SHA256|1|0
TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections -flto
TARGET_LDFLAGS += -Wl,--gc-sections -flto=jobserver
This allows the user to select only the key exchange algorithms (s)he requires (e.g., disabling group 14 SHA-{1,256} and keeping only Curve25519). The default selection maintains the current functionality. Additionally, make sure at least one key exchange algorithm is selected, lest the build would fail. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> --- package/network/services/dropbear/Config.in | 17 +++++++++++++++++ package/network/services/dropbear/Makefile | 7 +++++-- 2 files changed, 22 insertions(+), 2 deletions(-)