Skip to content
Snippets Groups Projects
Commit 6cbb23a8 authored by Matt Johnston's avatar Matt Johnston
Browse files

Add config option to disable cbc. Disable twofish by default

parent 5c57a311
Branches
Tags
No related merge requests found
...@@ -84,10 +84,14 @@ const struct dropbear_cipher dropbear_nocipher = ...@@ -84,10 +84,14 @@ const struct dropbear_cipher dropbear_nocipher =
/* A few void* s are required to silence warnings /* A few void* s are required to silence warnings
* about the symmetric_CBC vs symmetric_CTR cipher_state pointer */ * about the symmetric_CBC vs symmetric_CTR cipher_state pointer */
#ifdef DROPBEAR_ENABLE_CBC_MODE
const struct dropbear_cipher_mode dropbear_mode_cbc = const struct dropbear_cipher_mode dropbear_mode_cbc =
{(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt}; {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt};
#endif // DROPBEAR_ENABLE_CBC_MODE
const struct dropbear_cipher_mode dropbear_mode_none = const struct dropbear_cipher_mode dropbear_mode_none =
{void_start, void_cipher, void_cipher}; {void_start, void_cipher, void_cipher};
#ifdef DROPBEAR_ENABLE_CTR_MODE #ifdef DROPBEAR_ENABLE_CTR_MODE
/* a wrapper to make ctr_start and cbc_start look the same */ /* a wrapper to make ctr_start and cbc_start look the same */
static int dropbear_big_endian_ctr_start(int cipher, static int dropbear_big_endian_ctr_start(int cipher,
...@@ -98,7 +102,7 @@ static int dropbear_big_endian_ctr_start(int cipher, ...@@ -98,7 +102,7 @@ static int dropbear_big_endian_ctr_start(int cipher,
} }
const struct dropbear_cipher_mode dropbear_mode_ctr = const struct dropbear_cipher_mode dropbear_mode_ctr =
{(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt}; {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt};
#endif #endif // DROPBEAR_ENABLE_CTR_MODE
/* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc.
{&hash_desc, keysize, hashsize} */ {&hash_desc, keysize, hashsize} */
...@@ -145,7 +149,7 @@ algo_type sshciphers[] = { ...@@ -145,7 +149,7 @@ algo_type sshciphers[] = {
#endif #endif
#endif /* DROPBEAR_ENABLE_CTR_MODE */ #endif /* DROPBEAR_ENABLE_CTR_MODE */
/* CBC modes are always enabled */ #ifdef DROPBEAR_ENABLE_CBC_MODE
#ifdef DROPBEAR_AES128 #ifdef DROPBEAR_AES128
{"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc}, {"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc},
#endif #endif
...@@ -165,6 +169,7 @@ algo_type sshciphers[] = { ...@@ -165,6 +169,7 @@ algo_type sshciphers[] = {
#ifdef DROPBEAR_BLOWFISH #ifdef DROPBEAR_BLOWFISH
{"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc}, {"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc},
#endif #endif
#endif /* DROPBEAR_ENABLE_CBC_MODE */
#ifdef DROPBEAR_NONE_CIPHER #ifdef DROPBEAR_NONE_CIPHER
{"none", 0, (void*)&dropbear_nocipher, 1, &dropbear_mode_none}, {"none", 0, (void*)&dropbear_nocipher, 1, &dropbear_mode_none},
#endif #endif
......
...@@ -95,8 +95,12 @@ much traffic. */ ...@@ -95,8 +95,12 @@ much traffic. */
#define DROPBEAR_AES256 #define DROPBEAR_AES256
/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
/*#define DROPBEAR_BLOWFISH*/ /*#define DROPBEAR_BLOWFISH*/
#define DROPBEAR_TWOFISH256 /*#define DROPBEAR_TWOFISH256*/
#define DROPBEAR_TWOFISH128 /*#define DROPBEAR_TWOFISH128*/
/* Enable CBC mode for ciphers. This has security issues though
* is the most compatible with older SSH implementations */
#define DROPBEAR_ENABLE_CBC_MODE
/* Enable "Counter Mode" for ciphers. This is more secure than normal /* Enable "Counter Mode" for ciphers. This is more secure than normal
* CBC mode against certain attacks. This adds around 1kB to binary * CBC mode against certain attacks. This adds around 1kB to binary
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment