Hi Peter, External libraries are fine - Debian has used them for a while. The only security-important change is https://secure.ucc.asn.au/hg/dropbear/rev/a55b97f5a485 which I assume is already in buildroot.
I've made a few small changes to clear memory or avoid memory allocations - those could go upstream to libtom at some point. Cheers, Matt On Sat, Apr 16, 2016 at 11:29:02AM +0200, Peter Korsgaard wrote: > Hi, > > We've recently received patches in Buildroot (http://buildroot.org) to > build libtommath/libtomcrypt (statically) seperately and link dropbear > against those instead of the bundled copies. > > In general we prefer to use system libraries instead of bundled versions > whenever possible, but as dropbear is security sensitive I wanted to > check before making the change. > > I see that the bundled copies contain local changes. What is the > pro/cons of using the bundled versions vs external? > > -- > Bye, Peter Korsgaard