diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2015-01-23 22:37:14 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2015-01-23 22:37:14 +0800 |
| commit | 6cbb23a819fc92099b7c23b1d17a63af76b378b6 (patch) | |
| tree | bba207fcdd6ad566438607a31f5928b8998586ab | |
| parent | 5c57a31184c78ffb0c8f3be491c0c314f0776aae (diff) | |
Add config option to disable cbc. Disable twofish by default
| -rw-r--r-- | common-algo.c | 9 | ||||
| -rw-r--r-- | options.h | 8 |
2 files changed, 13 insertions, 4 deletions
diff --git a/common-algo.c b/common-algo.c index e57f37c..ab3086e 100644 --- a/common-algo.c +++ b/common-algo.c @@ -84,10 +84,14 @@ const struct dropbear_cipher dropbear_nocipher = /* A few void* s are required to silence warnings * about the symmetric_CBC vs symmetric_CTR cipher_state pointer */ +#ifdef DROPBEAR_ENABLE_CBC_MODE const struct dropbear_cipher_mode dropbear_mode_cbc = {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt}; +#endif // DROPBEAR_ENABLE_CBC_MODE + const struct dropbear_cipher_mode dropbear_mode_none = {void_start, void_cipher, void_cipher}; + #ifdef DROPBEAR_ENABLE_CTR_MODE /* a wrapper to make ctr_start and cbc_start look the same */ static int dropbear_big_endian_ctr_start(int cipher, @@ -98,7 +102,7 @@ static int dropbear_big_endian_ctr_start(int cipher, } const struct dropbear_cipher_mode dropbear_mode_ctr = {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt}; -#endif +#endif // DROPBEAR_ENABLE_CTR_MODE /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. {&hash_desc, keysize, hashsize} */ @@ -145,7 +149,7 @@ algo_type sshciphers[] = { #endif #endif /* DROPBEAR_ENABLE_CTR_MODE */ -/* CBC modes are always enabled */ +#ifdef DROPBEAR_ENABLE_CBC_MODE #ifdef DROPBEAR_AES128 {"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc}, #endif @@ -165,6 +169,7 @@ algo_type sshciphers[] = { #ifdef DROPBEAR_BLOWFISH {"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc}, #endif +#endif /* DROPBEAR_ENABLE_CBC_MODE */ #ifdef DROPBEAR_NONE_CIPHER {"none", 0, (void*)&dropbear_nocipher, 1, &dropbear_mode_none}, #endif @@ -95,8 +95,12 @@ much traffic. */ #define DROPBEAR_AES256 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ /*#define DROPBEAR_BLOWFISH*/ -#define DROPBEAR_TWOFISH256 -#define DROPBEAR_TWOFISH128 +/*#define DROPBEAR_TWOFISH256*/ +/*#define DROPBEAR_TWOFISH128*/ + +/* Enable CBC mode for ciphers. This has security issues though + * is the most compatible with older SSH implementations */ +#define DROPBEAR_ENABLE_CBC_MODE /* Enable "Counter Mode" for ciphers. This is more secure than normal * CBC mode against certain attacks. This adds around 1kB to binary |