[Buildroot] [PATCH v2] package/libssh: add support for mbedtls crypto backend

Mircea Gliga gliga.mircea at gmail.com
Wed Oct 2 05:16:00 UTC 2019


Hello,

I didn't got any feedback in regards to this and I was wondering if this
v2 patch is better and if it has any chances to go to master.
In this version, the choice selects the crypto provider package, and
as a default it uses OpenSSL.
Also I improved the commit message.

Thanks and regards
Mircea


On Tue, Sep 24, 2019 at 4:26 PM Mircea Gliga <gliga.mircea at gmail.com> wrote:

> At this point Buildroot doesn't allow to use mbedTLS crypto
> backend even though libssh supports it. In case of fully statically
> linked ELF executables the size difference between OpenSSL and mbedTLS
> is significant: it matters for embedded targets with very limited
> storage.
>
> This patch adds support for compiling libssh with mbedTLS as a
> crypto backend. It also allows the selection of the crypto backend
> libssh will use through a choice in the package config.
>
> Currently, the selection of the backend is based on a priority order,
> which is not always desirable, as in some cases multiple backends
> can exists at the same time for various reasons.
>
> Switch to OpenSSL as the default crypto backend, instead of libgcrypt,
> since OpenSSL is more commonly used.
>
> Signed-off-by: Mircea Gliga <gliga.mircea at gmail.com>
>
> ---
> Changes V1->V2:
> * choice now selects the crypto provider package
> * more detailed description in commit message
> * switch default crypto backend to OpenSSL
> ---
>  package/libssh/Config.in | 26 ++++++++++++++++++++++++--
>  package/libssh/libssh.mk | 10 +++++-----
>  2 files changed, 29 insertions(+), 7 deletions(-)
>
> diff --git a/package/libssh/Config.in b/package/libssh/Config.in
> index 3dbfa7d561..f31b35f9ab 100644
> --- a/package/libssh/Config.in
> +++ b/package/libssh/Config.in
> @@ -3,8 +3,6 @@ config BR2_PACKAGE_LIBSSH
>         depends on BR2_USE_MMU # fork()
>         depends on !BR2_STATIC_LIBS
>         depends on BR2_TOOLCHAIN_HAS_THREADS
> -       # Either OpenSSL or libgcrypt are mandatory
> -       select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_LIBGCRYPT
>         help
>           libssh is a multiplatform C library implementing the SSHv2
>           and SSHv1 protocol on client and server side. With libssh,
> @@ -13,6 +11,30 @@ config BR2_PACKAGE_LIBSSH
>
>           http://www.libssh.org/
>
> +if BR2_PACKAGE_LIBSSH
> +
> +choice
> +       prompt "Crypto Backend"
> +       default BR2_PACKAGE_LIBSSH_OPENSSL
> +       help
> +         Select crypto library to be used in libssh.
> +
> +config BR2_PACKAGE_LIBSSH_MBEDTLS
> +       bool "mbedtls"
> +       select BR2_PACKAGE_MBEDTLS
> +
> +config BR2_PACKAGE_LIBSSH_LIBGCRYPT
> +       bool "gcrypt"
> +       depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt
> +       select BR2_PACKAGE_LIBGCRYPT
> +
> +config BR2_PACKAGE_LIBSSH_OPENSSL
> +       bool "openssl"
> +       select BR2_PACKAGE_OPENSSL
> +
> +endchoice
> +endif
> +
>  comment "libssh needs a toolchain w/ dynamic library, threads"
>         depends on BR2_USE_MMU
>         depends on BR2_STATIC_LIBS || !BR2_TOOLCHAIN_HAS_THREADS
> diff --git a/package/libssh/libssh.mk b/package/libssh/libssh.mk
> index d5f22c29a0..7ee23ca6ba 100644
> --- a/package/libssh/libssh.mk
> +++ b/package/libssh/libssh.mk
> @@ -27,13 +27,13 @@ else
>  LIBSSH_CONF_OPTS += -DWITH_ZLIB=OFF
>  endif
>
> -# Dependency is either on libgcrypt or openssl, guaranteed in Config.in.
> -# Favour libgcrypt.
> -ifeq ($(BR2_PACKAGE_LIBGCRYPT),y)
> +ifeq ($(BR2_PACKAGE_LIBSSH_MBEDTLS),y)
> +LIBSSH_CONF_OPTS += -DWITH_MBEDTLS=ON
> +LIBSSH_DEPENDENCIES += mbedtls
> +else ifeq ($(BR2_PACKAGE_LIBSSH_LIBGCRYPT),y)
>  LIBSSH_CONF_OPTS += -DWITH_GCRYPT=ON
>  LIBSSH_DEPENDENCIES += libgcrypt
> -else
> -LIBSSH_CONF_OPTS += -DWITH_GCRYPT=OFF
> +else ifeq ($(BR2_PACKAGE_LIBSSH_OPENSSL),y)
>  LIBSSH_DEPENDENCIES += openssl
>  endif
>
> --
> 2.23.0
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20191002/b4d2290a/attachment.html>


More information about the buildroot mailing list