On 04/27/2018 05:58 PM, Koen Vandeputte wrote: > Config moved from option.h to localoptions.h > refreshed all patches > > deleted upstreamed patches: > - 010-runtime-maxauthtries.patch > - 610-skip-default-keys-in-custom-runs.patch > > introduced new patch: > - 610-disable-ec-by-default.patch > > This patch adds the EC definitions which are altered by the Makefile when > (de)selecting EC options. > > Tested on both LE (arm) and BE (mips) architectures. > Tested with all dropbear menuoptions on/off
Please post the size of the binary and the ipkg with and without this patch. I think it compiles the math library by default with O2 or O3 and not with Os can you check this too please. Hauke > > Signed-off-by: Koen Vandeputte <koen.vandepu...@ncentric.com> > --- > package/network/services/dropbear/Makefile | 28 ++--- > .../patches/010-runtime-maxauthtries.patch | 130 > --------------------- > .../dropbear/patches/100-pubkey_path.patch | 28 +++-- > .../dropbear/patches/110-change_user.patch | 2 +- > .../dropbear/patches/120-openwrt_options.patch | 94 ++------------- > .../dropbear/patches/130-ssh_ignore_x_args.patch | 4 +- > .../patches/150-dbconvert_standalone.patch | 21 ++-- > .../patches/600-allow-blank-root-password.patch | 2 +- > .../patches/610-disable-ec-by-default.patch | 10 ++ > .../610-skip-default-keys-in-custom-runs.patch | 18 --- > 10 files changed, 62 insertions(+), 275 deletions(-) > delete mode 100644 > package/network/services/dropbear/patches/010-runtime-maxauthtries.patch > create mode 100644 > package/network/services/dropbear/patches/610-disable-ec-by-default.patch > delete mode 100644 > package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch > > diff --git a/package/network/services/dropbear/Makefile > b/package/network/services/dropbear/Makefile > index 21ac09f72452..e89043531f78 100644 > --- a/package/network/services/dropbear/Makefile > +++ b/package/network/services/dropbear/Makefile > @@ -8,14 +8,14 @@ > include $(TOPDIR)/rules.mk > > PKG_NAME:=dropbear > -PKG_VERSION:=2017.75 > -PKG_RELEASE:=5 > +PKG_VERSION:=2018.76 > +PKG_RELEASE:=1 > > PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 > PKG_SOURCE_URL:= \ > http://matt.ucc.asn.au/dropbear/releases/ \ > https://dropbear.nl/mirror/releases/ > -PKG_HASH:=6cbc1dcb1c9709d226dff669e5604172a18cf5dbf9a201474d5618ae4465098c > +PKG_HASH:=f2fb9167eca8cf93456a5fc1d4faf709902a3ab70dd44e352f3acbc3ffdaea65 > > PKG_LICENSE:=MIT > PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE > @@ -57,7 +57,7 @@ endef > > define Package/dropbear/conffiles > /etc/dropbear/dropbear_rsa_host_key > -/etc/config/dropbear > +/etc/config/dropbear > endef > > define Package/dropbearconvert > @@ -89,24 +89,24 @@ define Build/Configure > $(Build/Configure/Default) > > $(SED) 's,^#define DEFAULT_PATH .*$$$$,#define DEFAULT_PATH > "$(TARGET_INIT_PATH)",g' \ > - $(PKG_BUILD_DIR)/options.h > + $(PKG_BUILD_DIR)/default_options.h > > awk 'BEGIN { rc = 1 } \ > - /'DROPBEAR_CURVE25519'/ { $$$$0 = "$(if > $(CONFIG_DROPBEAR_CURVE25519),,// )#define 'DROPBEAR_CURVE25519'"; rc = 0 } \ > + /'DROPBEAR_CURVE25519'/ { $$$$0 = "$(if > $(CONFIG_DROPBEAR_CURVE25519),#define 'DROPBEAR_CURVE25519' 1,#define > 'DROPBEAR_CURVE25519' 0)"; rc = 0 } \ > { print } \ > - END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \ > - >$(PKG_BUILD_DIR)/options.h.new && \ > - mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h > + END { exit(rc) }' $(PKG_BUILD_DIR)/localoptions.h \ > + >$(PKG_BUILD_DIR)/localoptions.h.new && \ > + mv $(PKG_BUILD_DIR)/localoptions.h.new $(PKG_BUILD_DIR)/localoptions.h > > - # Enforce that all replacements are made, otherwise options.h has > changed > + # Enforce that all replacements are made, otherwise localoptions.h has > changed > # format and this logic is broken. > for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH; do \ > awk 'BEGIN { rc = 1 } \ > - /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// > )#define '$$$$OPTION'"; rc = 0 } \ > + /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),#define > '$$$$OPTION' 1,#define '$$$$OPTION' 0)"; rc = 0 } \ > { print } \ > - END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \ > - >$(PKG_BUILD_DIR)/options.h.new && \ > - mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit > 1; \ > + END { exit(rc) }' $(PKG_BUILD_DIR)/localoptions.h \ > + >$(PKG_BUILD_DIR)/localoptions.h.new && \ > + mv $(PKG_BUILD_DIR)/localoptions.h.new > $(PKG_BUILD_DIR)/localoptions.h || exit 1; \ > done > > # remove protocol idented software version number > diff --git > a/package/network/services/dropbear/patches/010-runtime-maxauthtries.patch > b/package/network/services/dropbear/patches/010-runtime-maxauthtries.patch > deleted file mode 100644 > index 26db3181f2d8..000000000000 > --- a/package/network/services/dropbear/patches/010-runtime-maxauthtries.patch > +++ /dev/null > @@ -1,130 +0,0 @@ > -From 46b22e57d91e33a591d0fba97da52672af4d6ed2 Mon Sep 17 00:00:00 2001 > -From: Kevin Darbyshire-Bryant <ke...@darbyshire-bryant.me.uk> > -Date: Mon, 29 May 2017 10:25:09 +0100 > -Subject: [PATCH] dropbear server: support -T max auth tries > - > -Add support for '-T n' for a run-time specification for maximum number > -of authentication attempts where 'n' is between 1 and compile time > -option MAX_AUTH_TRIES. > - > -A default number of tries can be specified at compile time using > -'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for > -backwards compatibility. > - > -Signed-off-by: Kevin Darbyshire-Bryant <ke...@darbyshire-bryant.me.uk> > ---- > - options.h | 7 +++++++ > - runopts.h | 1 + > - svr-auth.c | 2 +- > - svr-runopts.c | 17 +++++++++++++++++ > - 4 files changed, 26 insertions(+), 1 deletion(-) > - > -diff --git a/options.h b/options.h > -index 0c51bb1..4d22704 100644 > ---- a/options.h > -+++ b/options.h > -@@ -284,6 +284,13 @@ Homedir is prepended unless path begins with / */ > - #define MAX_AUTH_TRIES 10 > - #endif > - > -+/* Default maximum number of failed authentication tries. > -+ * defaults to MAX_AUTH_TRIES */ > -+ > -+#ifndef DEFAULT_AUTH_TRIES > -+#define DEFAULT_AUTH_TRIES MAX_AUTH_TRIES > -+#endif > -+ > - /* The default file to store the daemon's process ID, for shutdown > - scripts etc. This can be overridden with the -P flag */ > - #ifndef DROPBEAR_PIDFILE > -diff --git a/runopts.h b/runopts.h > -index f7c869d..2f7da63 100644 > ---- a/runopts.h > -+++ b/runopts.h > -@@ -96,6 +96,7 @@ typedef struct svr_runopts { > - int noauthpass; > - int norootpass; > - int allowblankpass; > -+ unsigned int maxauthtries; > - > - #ifdef ENABLE_SVR_REMOTETCPFWD > - int noremotetcp; > -diff --git a/svr-auth.c b/svr-auth.c > -index 577ea88..6a7ce0b 100644 > ---- a/svr-auth.c > -+++ b/svr-auth.c > -@@ -362,7 +362,7 @@ void send_msg_userauth_failure(int partial, int > incrfail) { > - ses.authstate.failcount++; > - } > - > -- if (ses.authstate.failcount >= MAX_AUTH_TRIES) { > -+ if (ses.authstate.failcount >= svr_opts.maxauthtries) { > - char * userstr; > - /* XXX - send disconnect ? */ > - TRACE(("Max auth tries reached, exiting")) > -diff --git a/svr-runopts.c b/svr-runopts.c > -index 8f60059..1e7440f 100644 > ---- a/svr-runopts.c > -+++ b/svr-runopts.c > -@@ -73,6 +73,7 @@ static void printhelp(const char * progname) { > - "-g Disable password logins > for root\n" > - "-B Allow blank password > logins\n" > - #endif > -+ "-T <1 to %d> Maximum authentication > tries (default %d)\n" > - #ifdef ENABLE_SVR_LOCALTCPFWD > - "-j Disable local port > forwarding\n" > - #endif > -@@ -106,6 +107,7 @@ static void printhelp(const char * progname) { > - #ifdef DROPBEAR_ECDSA > - ECDSA_PRIV_FILENAME, > - #endif > -+ MAX_AUTH_TRIES, DEFAULT_AUTH_TRIES, > - DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT, > DROPBEAR_PIDFILE, > - DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, > DEFAULT_IDLE_TIMEOUT); > - } > -@@ -118,6 +120,7 @@ void svr_getopts(int argc, char ** argv) { > - char* recv_window_arg = NULL; > - char* keepalive_arg = NULL; > - char* idle_timeout_arg = NULL; > -+ char* maxauthtries_arg = NULL; > - char* keyfile = NULL; > - char c; > - > -@@ -130,6 +133,7 @@ void svr_getopts(int argc, char ** argv) { > - svr_opts.noauthpass = 0; > - svr_opts.norootpass = 0; > - svr_opts.allowblankpass = 0; > -+ svr_opts.maxauthtries = DEFAULT_AUTH_TRIES; > - svr_opts.inetdmode = 0; > - svr_opts.portcount = 0; > - svr_opts.hostkey = NULL; > -@@ -234,6 +238,9 @@ void svr_getopts(int argc, char ** argv) { > - case 'I': > - next = &idle_timeout_arg; > - break; > -+ case 'T': > -+ next = &maxauthtries_arg; > -+ break; > - #if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH) > - case 's': > - svr_opts.noauthpass = 1; > -@@ -330,6 +337,16 @@ void svr_getopts(int argc, char ** argv) { > - dropbear_exit("Bad recv window '%s'", recv_window_arg); > - } > - } > -+ > -+ if (maxauthtries_arg) { > -+ unsigned int val = 0; > -+ if (m_str_to_uint(maxauthtries_arg, &val) == DROPBEAR_FAILURE || > -+ val == 0 || val > MAX_AUTH_TRIES) { > -+ dropbear_exit("Bad maxauthtries '%s'", > maxauthtries_arg); > -+ } > -+ svr_opts.maxauthtries = val; > -+ } > -+ > - > - if (keepalive_arg) { > - unsigned int val; > --- > -2.7.4 > - > diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch > b/package/network/services/dropbear/patches/100-pubkey_path.patch > index 401c7e1ba564..6672b7633fe7 100644 > --- a/package/network/services/dropbear/patches/100-pubkey_path.patch > +++ b/package/network/services/dropbear/patches/100-pubkey_path.patch > @@ -1,6 +1,6 @@ > --- a/svr-authpubkey.c > +++ b/svr-authpubkey.c > -@@ -220,14 +220,20 @@ static int checkpubkey(char* algo, unsig > +@@ -320,14 +320,20 @@ static int checkpubkey(const char* algo, > goto out; > } > > @@ -29,7 +29,7 @@ > > /* open the file as the authenticating user. */ > origuid = getuid(); > -@@ -396,26 +402,35 @@ static int checkpubkeyperms() { > +@@ -404,26 +410,35 @@ static int checkpubkeyperms() { > goto out; > } > > @@ -42,17 +42,6 @@ > - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { > - goto out; > - } > -- > -- /* check ~/.ssh */ > -- strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ > -- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { > -- goto out; > -- } > -- > -- /* now check ~/.ssh/authorized_keys */ > -- strncat(filename, "/authorized_keys", 16); > -- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { > -- goto out; > + if (ses.authstate.pw_uid == 0) { > + if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { > + goto out; > @@ -70,13 +59,22 @@ > + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { > + goto out; > + } > -+ > + > +- /* check ~/.ssh */ > +- strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ > +- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { > +- goto out; > +- } > + /* check ~/.ssh */ > + strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ > + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { > + goto out; > + } > -+ > + > +- /* now check ~/.ssh/authorized_keys */ > +- strncat(filename, "/authorized_keys", 16); > +- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { > +- goto out; > + /* now check ~/.ssh/authorized_keys */ > + strncat(filename, "/authorized_keys", 16); > + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { > diff --git a/package/network/services/dropbear/patches/110-change_user.patch > b/package/network/services/dropbear/patches/110-change_user.patch > index 4b5c1cb51bb1..5f0c5a99161a 100644 > --- a/package/network/services/dropbear/patches/110-change_user.patch > +++ b/package/network/services/dropbear/patches/110-change_user.patch > @@ -1,6 +1,6 @@ > --- a/svr-chansession.c > +++ b/svr-chansession.c > -@@ -922,12 +922,12 @@ static void execchild(void *user_data) { > +@@ -935,12 +935,12 @@ static void execchild(const void *user_d > /* We can only change uid/gid as root ... */ > if (getuid() == 0) { > > diff --git > a/package/network/services/dropbear/patches/120-openwrt_options.patch > b/package/network/services/dropbear/patches/120-openwrt_options.patch > index 7f47a7430479..b35c0398fdb3 100644 > --- a/package/network/services/dropbear/patches/120-openwrt_options.patch > +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch > @@ -1,82 +1,12 @@ > ---- a/options.h > -+++ b/options.h > -@@ -41,7 +41,7 @@ > - * Both of these flags can be defined at once, don't compile without at > least > - * one of them. */ > - #define NON_INETD_MODE > --#define INETD_MODE > -+/*#define INETD_MODE*/ > - > - /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is > - * perhaps 20% slower for pubkey operations (it is probably worth > experimenting > -@@ -81,7 +81,7 @@ much traffic. */ > - > - /* Enable "Netcat mode" option. This will forward standard input/output > - * to a remote TCP-forwarded connection */ > --#define ENABLE_CLI_NETCAT > -+/*#define ENABLE_CLI_NETCAT*/ > - > - /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime > */ > - #define ENABLE_USER_ALGO_LIST > -@@ -91,16 +91,16 @@ much traffic. */ > - * Including multiple keysize variants the same cipher > - * (eg AES256 as well as AES128) will result in a minimal size increase.*/ > - #define DROPBEAR_AES128 > --#define DROPBEAR_3DES > -+/*#define DROPBEAR_3DES*/ > - #define DROPBEAR_AES256 > - /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ > - /*#define DROPBEAR_BLOWFISH*/ > --#define DROPBEAR_TWOFISH256 > --#define DROPBEAR_TWOFISH128 > -+/*#define DROPBEAR_TWOFISH256*/ > -+/*#define DROPBEAR_TWOFISH128*/ > - > - /* Enable CBC mode for ciphers. This has security issues though > - * is the most compatible with older SSH implementations */ > --#define DROPBEAR_ENABLE_CBC_MODE > -+/*#define DROPBEAR_ENABLE_CBC_MODE*/ > - > - /* Enable "Counter Mode" for ciphers. This is more secure than normal > - * CBC mode against certain attacks. It is recommended for security > -@@ -131,10 +131,10 @@ If you test it please contact the Dropbe > - * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, > - * which are not the standard form. */ > - #define DROPBEAR_SHA1_HMAC > --#define DROPBEAR_SHA1_96_HMAC > -+/*#define DROPBEAR_SHA1_96_HMAC*/ > - #define DROPBEAR_SHA2_256_HMAC > --#define DROPBEAR_SHA2_512_HMAC > --#define DROPBEAR_MD5_HMAC > -+/*#define DROPBEAR_SHA2_512_HMAC*/ > -+/*#define DROPBEAR_MD5_HMAC*/ > - > - /* You can also disable integrity. Don't bother disabling this if you're > - * still using a cipher, it's relatively cheap. If you disable this it's > dead > -@@ -146,7 +146,7 @@ If you test it please contact the Dropbe > - * Removing either of these won't save very much space. > - * SSH2 RFC Draft requires dss, recommends rsa */ > - #define DROPBEAR_RSA > --#define DROPBEAR_DSS > -+/*#define DROPBEAR_DSS*/ > - /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC > - * code (either ECDSA or ECDH) increases binary size - around 30kB > - * on x86-64 */ > -@@ -194,7 +194,7 @@ If you test it please contact the Dropbe > - > - /* Whether to print the message of the day (MOTD). This doesn't add much > code > - * size */ > --#define DO_MOTD > -+/*#define DO_MOTD*/ > - > - /* The MOTD file path */ > - #ifndef MOTD_FILENAME > -@@ -242,7 +242,7 @@ Homedir is prepended unless path begins > - * note that it will be provided for all "hidden" client-interactive > - * style prompts - if you want something more sophisticated, use > - * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ > --#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD" > -+/*#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"*/ > - > - /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of > - * a helper program for the ssh client. The helper program should be > +--- /dev/null > ++++ b/localoptions.h > +@@ -0,0 +1,9 @@ > ++/* OpenWrt defined options */ > ++ > ++#define INETD_MODE 0 > ++#define ENABLE_CLI_NETCAT 0 > ++#define DROPBEAR_3DES 0 > ++#define DROPBEAR_ENABLE_CBC_MODE 0 > ++#define DROPBEAR_SHA1_96_HMAC 0 > ++#define DROPBEAR_DSS 0 > ++#define DROPBEAR_USE_PASSWORD_ENV 0 > diff --git > a/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch > b/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch > index ab09c2f3dc3a..5e736320cc75 100644 > --- a/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch > +++ b/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch > @@ -1,6 +1,6 @@ > --- a/cli-runopts.c > +++ b/cli-runopts.c > -@@ -296,6 +296,8 @@ void cli_getopts(int argc, char ** argv) > +@@ -299,6 +299,8 @@ void cli_getopts(int argc, char ** argv) > debug_trace = 1; > break; > #endif > @@ -8,4 +8,4 @@ > + break; > case 'F': > case 'e': > - #ifndef ENABLE_USER_ALGO_LIST > + #if !DROPBEAR_USER_ALGO_LIST > diff --git > a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch > b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch > index ccc2cb792598..974b440d49f6 100644 > --- a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch > +++ b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch > @@ -1,14 +1,11 @@ > ---- a/options.h > -+++ b/options.h > -@@ -5,6 +5,11 @@ > - #ifndef DROPBEAR_OPTIONS_H_ > - #define DROPBEAR_OPTIONS_H_ > - > +--- a/localoptions.h > ++++ b/localoptions.h > +@@ -7,3 +7,8 @@ > + #define DROPBEAR_SHA1_96_HMAC 0 > + #define DROPBEAR_DSS 0 > + #define DROPBEAR_USE_PASSWORD_ENV 0 > ++ > +#if !defined(DROPBEAR_CLIENT) && !defined(DROPBEAR_SERVER) > -+#define DROPBEAR_SERVER > -+#define DROPBEAR_CLIENT > ++ #define DROPBEAR_SERVER 1 > ++ #define DROPBEAR_CLIENT 1 > +#endif > -+ > - /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... > #endif" > - * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ > - > diff --git > a/package/network/services/dropbear/patches/600-allow-blank-root-password.patch > > b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch > index 7c67b086bbac..223c94767a02 100644 > --- > a/package/network/services/dropbear/patches/600-allow-blank-root-password.patch > +++ > b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch > @@ -1,6 +1,6 @@ > --- a/svr-auth.c > +++ b/svr-auth.c > -@@ -149,7 +149,7 @@ void recv_msg_userauth_request() { > +@@ -122,7 +122,7 @@ void recv_msg_userauth_request() { > AUTH_METHOD_NONE_LEN) == 0) { > TRACE(("recv_msg_userauth_request: 'none' request")) > if (valid_user > diff --git > a/package/network/services/dropbear/patches/610-disable-ec-by-default.patch > b/package/network/services/dropbear/patches/610-disable-ec-by-default.patch > new file mode 100644 > index 000000000000..cb9761b73506 > --- /dev/null > +++ > b/package/network/services/dropbear/patches/610-disable-ec-by-default.patch > @@ -0,0 +1,10 @@ > +--- a/localoptions.h > ++++ b/localoptions.h > +@@ -12,3 +12,7 @@ > + #define DROPBEAR_SERVER 1 > + #define DROPBEAR_CLIENT 1 > + #endif > ++ > ++#define DROPBEAR_CURVE25519 0 > ++#define DROPBEAR_ECDSA 0 > ++#define DROPBEAR_ECDH 0 > diff --git > a/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch > > b/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch > deleted file mode 100644 > index a555a9e49856..000000000000 > --- > a/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch > +++ /dev/null > @@ -1,18 +0,0 @@ > ---- a/svr-runopts.c > -+++ b/svr-runopts.c > -@@ -505,6 +505,7 @@ void load_all_hostkeys() { > - m_free(hostkey_file); > - } > - > -+ if (svr_opts.num_hostkey_files <= 0) { > - #ifdef DROPBEAR_RSA > - loadhostkey(RSA_PRIV_FILENAME, 0); > - #endif > -@@ -516,6 +517,7 @@ void load_all_hostkeys() { > - #ifdef DROPBEAR_ECDSA > - loadhostkey(ECDSA_PRIV_FILENAME, 0); > - #endif > -+ } > - > - #ifdef DROPBEAR_DELAY_HOSTKEY > - if (svr_opts.delay_hostkey) { > _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev