Hello Ian,
Am Donnerstag, 30. Juni 2022, 16:19:53 CEST schrieb Ian Abbott:
> On 30/06/2022 12:57, Alexander Dahl wrote:
> > Hello,
> >
> > trying to build dropbear as part of a ptxdist based embedded BSP for an
> > armv5te target, more precisely I try to upgrade dropbear from 2020.81 to
> > 2022.82, the previous version builds fine, the new one fails to build.
> >
> > Cross toolchain is OSELAS.Toolchain-2016.06.1/arm-v5te-linux-gnueabi/
> > gcc-5.4.0-glibc-2.23-binutils-2.26-kernel-4.6-sanitized
> >
> > According to config.log … Invocation command line was
> >
> >$ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --
> >
> > libdir=/usr/lib --build=x86_64-host-linux-gnu
> > --host=arm-v5te-linux-gnueabi -- enable-harden --enable-largefile
> > --disable-zlib --disable-pam --enable-openpty --enable-syslog
> > --enable-shadow --disable-plugin --disable-fuzz --enable- bundled-libtom
> > --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp
> > --disable-wtmpx --disable-loginfunc --disable-pututline
> > --disable-pututxline>
> > And localoptions.h was set to this:
> >/* localoptions.h created by ptxdist */
> >#define DROPBEAR_X11FWD 0
> >#define DROPBEAR_CLI_LOCALTCPFWD 1
> >#define DROPBEAR_CLI_REMOTETCPFWD 1
> >#define DROPBEAR_SVR_LOCALTCPFWD 1
> >#define DROPBEAR_SVR_REMOTETCPFWD 1
> >#define DROPBEAR_SVR_AGENTFWD 0
> >#define DROPBEAR_CLI_AGENTFWD 0
> >#define DROPBEAR_AES128 1
> >#define DROPBEAR_3DES 0
> >#define DROPBEAR_AES256 1
> >#define DROPBEAR_ENABLE_CBC_MODE 0
> >#define DROPBEAR_ENABLE_CTR_MODE 1
> >#define DROPBEAR_SHA1_HMAC 0
> >#define DROPBEAR_DH_GROUP1 0
> >#define DROPBEAR_DH_GROUP14_SHA1 0
> >#define DROPBEAR_SHA1_96_HMAC 0
> >#define DROPBEAR_SHA2_256_HMAC 1
> >#define DROPBEAR_SHA2_512_HMAC 1
> >#define DROPBEAR_DSS 0
> >#define DROPBEAR_RSA 1
> >#define DROPBEAR_ECDSA 0
> >#define DROPBEAR_ECDH 0
> >#define DROPBEAR_CURVE25519 0
> >#define DROPBEAR_SVR_PASSWORD_AUTH 1
> >#define DROPBEAR_CLI_PASSWORD_AUTH 1
> >#define DROPBEAR_SVR_PUBKEY_AUTH 1
> >#define DROPBEAR_CLI_PUBKEY_AUTH 1
> >
> > The compile error is like this:
> >arm-v5te-linux-gnueabi-gcc -c -Os -W -Wall -Wno-pointer-sign
> >-fno-strict-
> >
> > overflow -fPIE -fstack-protector-strong -D_FORTIFY_SOURCE=2
> > -I./libtomcrypt/ src/headers/ -DLOCALOPTIONS_H_EXISTS -I. -I.
> > -DDROPBEAR_SERVER -
> > DDROPBEAR_CLIENT signkey.c -o signkey.o
> >
> >In file included from signkey.c:31:0:
> >sk-ecdsa.h:11:44: error: unknown type name 'ecc_key'
> >signkey.c: In function 'buf_get_pub_key':
> >signkey.c:318:17: error: 'DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256'
> >undeclared
> >
> > (first use in this function)
> >
> >signkey.c:318:17: note: each undeclared identifier is reported only
> >once for>
> > each function it appears in
> >
> >signkey.c: In function 'buf_verify':
> >signkey.c:688:17: error: 'DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256'
> >undeclared
> >
> > (first use in this function)
> >
> >signkey.c:689:3: error: unknown type name 'ecc_key'
> >signkey.c:689:20: error: 'ecc_key' undeclared (first use in this
> >function)
> >signkey.c:689:29: error: expected expression before ')' token
> >
> > make[1]: *** [Makefile:154: signkey.o] Error 1
> >
> > I looked into the dropbear code, and sk-ecdsa.h includes "includes.h"
> > which
> > itself includes "tomcrypt.h" and in some file of that 'ecc_key' is
> > defined, so I don't know why the compiler complains here.
> >
> > Did not look into the other errors however.
> >
> > Any ideas?
>
> I think the problem occurs when DROPBEAR_SK_ECDSA is 1 and
> DROPBEAR_ECDSA is 0. The upstream maintainers can determine whether
> this combination should be supported or not.
Exactly. All three other combinations of these two bits build fine though.
> The ptxdist rules for dropbear 2020.81 (the current version in ptxdist)
> did not configure DROPBEAR_SK_ECDSA in "localoptions.h", so
> DROPBEAR_SK_ECDSA gets defined with the default value 1 in
> "default_options_guard.h" (generated from "default_options.h").
>
> As a temporary measure, you can change ptxdist's "dropbear.make" to
> forcibly configure DROPBEAR_SK_ECDSA to 0 by adding these lines in the
> appropriate place before the `@$(call touch)` line in the
> `$(STATEDIR)/dropbear.prepare` rules:
>
> @echo "ptxdist: disabling sk_ecdsa"
> @echo "#define DROPBEAR_SK_ECDSA 0" >> $(DROPBEAR_LOCALOPTIONS)
>
> You could also add these lines to forcibly configure DROPBEAR_SK_ED25519
> to 0 (not needed to fix the build, but it should reduce the executable
> size):
>
> @echo "ptxdist: disabling sk_ed25519"
> @echo "#define DROPBEAR_SK_ED25519 0" >> $(DROPBEAR_LOCALOPTIONS)
This is what I prepared in my upcoming patch series. Will send it to ptxdist
mailing list next week.
> (Ideally, extra configuration options
