ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-04-20 06:05:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add config option to disable cbc. Disable twofish by default

Browse Source
This commit is contained in:
Matt Johnston 2015-01-23 22:37:14 +08:00
parent 5c57a31184
commit 6cbb23a819
2 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
common-algo.c
View File

@ -84,10 +84,14 @@ const struct dropbear_cipher dropbear_nocipher =
/* A few void* s are required to silence warnings /* A few void* s are required to silence warnings
* about the symmetric_CBC vs symmetric_CTR cipher_state pointer */ * about the symmetric_CBC vs symmetric_CTR cipher_state pointer */
#ifdef DROPBEAR_ENABLE_CBC_MODE
const struct dropbear_cipher_mode dropbear_mode_cbc = const struct dropbear_cipher_mode dropbear_mode_cbc =
{(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt}; {(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt};
#endif // DROPBEAR_ENABLE_CBC_MODE
const struct dropbear_cipher_mode dropbear_mode_none = const struct dropbear_cipher_mode dropbear_mode_none =
{void_start, void_cipher, void_cipher}; {void_start, void_cipher, void_cipher};
#ifdef DROPBEAR_ENABLE_CTR_MODE #ifdef DROPBEAR_ENABLE_CTR_MODE
/* a wrapper to make ctr_start and cbc_start look the same */ /* a wrapper to make ctr_start and cbc_start look the same */
static int dropbear_big_endian_ctr_start(int cipher, static int dropbear_big_endian_ctr_start(int cipher,
@ -98,7 +102,7 @@ static int dropbear_big_endian_ctr_start(int cipher,
} }
const struct dropbear_cipher_mode dropbear_mode_ctr = const struct dropbear_cipher_mode dropbear_mode_ctr =
{(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt}; {(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt};
#endif #endif // DROPBEAR_ENABLE_CTR_MODE
/* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc. /* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc.
{&hash_desc, keysize, hashsize} */ {&hash_desc, keysize, hashsize} */
@ -145,7 +149,7 @@ algo_type sshciphers[] = {
#endif #endif
#endif /* DROPBEAR_ENABLE_CTR_MODE */ #endif /* DROPBEAR_ENABLE_CTR_MODE */
/* CBC modes are always enabled */ #ifdef DROPBEAR_ENABLE_CBC_MODE
#ifdef DROPBEAR_AES128 #ifdef DROPBEAR_AES128
{"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc}, {"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc},
#endif #endif
@ -165,6 +169,7 @@ algo_type sshciphers[] = {
#ifdef DROPBEAR_BLOWFISH #ifdef DROPBEAR_BLOWFISH
{"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc}, {"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc},
#endif #endif
#endif /* DROPBEAR_ENABLE_CBC_MODE */
#ifdef DROPBEAR_NONE_CIPHER #ifdef DROPBEAR_NONE_CIPHER
{"none", 0, (void*)&dropbear_nocipher, 1, &dropbear_mode_none}, {"none", 0, (void*)&dropbear_nocipher, 1, &dropbear_mode_none},
#endif #endif

8
options.h
View File

@ -95,8 +95,12 @@ much traffic. */
#define DROPBEAR_AES256 #define DROPBEAR_AES256
/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
/*#define DROPBEAR_BLOWFISH*/ /*#define DROPBEAR_BLOWFISH*/
#define DROPBEAR_TWOFISH256 /*#define DROPBEAR_TWOFISH256*/
#define DROPBEAR_TWOFISH128 /*#define DROPBEAR_TWOFISH128*/
/* Enable CBC mode for ciphers. This has security issues though
* is the most compatible with older SSH implementations */
#define DROPBEAR_ENABLE_CBC_MODE
/* Enable "Counter Mode" for ciphers. This is more secure than normal /* Enable "Counter Mode" for ciphers. This is more secure than normal
* CBC mode against certain attacks. This adds around 1kB to binary * CBC mode against certain attacks. This adds around 1kB to binary