diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2022-03-30 10:23:39 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2022-03-30 10:23:39 +0800 |
| commit | 2bfc2be6e411572c9050fae7c83b132af605dd39 (patch) | |
| tree | 7ed310c0120fcf069573e7f0c9a1e5bd7e7cb4d9 | |
| parent | f4a5f8bfac37472d7a4e3457c9bda642091a1dcf (diff) | |
| download | dropbear-2bfc2be6e411572c9050fae7c83b132af605dd39.tar.gz | |
Remove twofish and remnants of blowfish
Twofish CTR was never enabled by default and CBC modes are
deprecated
| -rw-r--r-- | SMALL | 5 | ||||
| -rw-r--r-- | common-algo.c | 24 | ||||
| -rw-r--r-- | crypto_desc.c | 6 | ||||
| -rw-r--r-- | default_options.h | 2 | ||||
| -rw-r--r-- | sysoptions.h | 13 |
5 files changed, 2 insertions, 48 deletions
@@ -9,10 +9,7 @@ The same applies if you are compiling just a client. --- -The following are set in options.h: - - - You can safely disable blowfish and twofish ciphers, and MD5 hmac, without - affecting interoperability +The following are set in localoptions.h: - If you're compiling statically, you can turn off host lookups diff --git a/common-algo.c b/common-algo.c index b9ad4ae..7564df8 100644 --- a/common-algo.c +++ b/common-algo.c @@ -64,14 +64,6 @@ static const struct dropbear_cipher dropbear_aes256 = static const struct dropbear_cipher dropbear_aes128 = {&aes_desc, 16, 16}; #endif -#if DROPBEAR_TWOFISH256 -static const struct dropbear_cipher dropbear_twofish256 = - {&twofish_desc, 32, 16}; -#endif -#if DROPBEAR_TWOFISH128 -static const struct dropbear_cipher dropbear_twofish128 = - {&twofish_desc, 16, 16}; -#endif #if DROPBEAR_3DES static const struct dropbear_cipher dropbear_3des = {&des3_desc, 24, 8}; @@ -156,15 +148,6 @@ algo_type sshciphers[] = { #if DROPBEAR_AES256 {"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr}, #endif -#if DROPBEAR_TWOFISH_CTR -/* twofish ctr is conditional as it hasn't been tested for interoperability, see options.h */ -#if DROPBEAR_TWOFISH256 - {"twofish256-ctr", 0, &dropbear_twofish256, 1, &dropbear_mode_ctr}, -#endif -#if DROPBEAR_TWOFISH128 - {"twofish128-ctr", 0, &dropbear_twofish128, 1, &dropbear_mode_ctr}, -#endif -#endif /* DROPBEAR_TWOFISH_CTR */ #endif /* DROPBEAR_ENABLE_CTR_MODE */ #if DROPBEAR_ENABLE_CBC_MODE @@ -174,13 +157,6 @@ algo_type sshciphers[] = { #if DROPBEAR_AES256 {"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc}, #endif -#if DROPBEAR_TWOFISH256 - {"twofish256-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc}, - {"twofish-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc}, -#endif -#if DROPBEAR_TWOFISH128 - {"twofish128-cbc", 0, &dropbear_twofish128, 1, &dropbear_mode_cbc}, -#endif #endif /* DROPBEAR_ENABLE_CBC_MODE */ #if DROPBEAR_3DES diff --git a/crypto_desc.c b/crypto_desc.c index 50b63dc..b370728 100644 --- a/crypto_desc.c +++ b/crypto_desc.c @@ -24,12 +24,6 @@ void crypto_init() { #if DROPBEAR_AES &aes_desc, #endif -#if DROPBEAR_BLOWFISH - &blowfish_desc, -#endif -#if DROPBEAR_TWOFISH - &twofish_desc, -#endif #if DROPBEAR_3DES &des3_desc, #endif diff --git a/default_options.h b/default_options.h index d37b1d8..d9e7ba2 100644 --- a/default_options.h +++ b/default_options.h @@ -95,8 +95,6 @@ IMPORTANT: Some options will require "make clean" after changes */ #define DROPBEAR_AES128 1 #define DROPBEAR_AES256 1 #define DROPBEAR_3DES 0 -#define DROPBEAR_TWOFISH256 0 -#define DROPBEAR_TWOFISH128 0 /* Enable Chacha20-Poly1305 authenticated encryption mode. This is * generally faster than AES256 on CPU w/o dedicated AES instructions, diff --git a/sysoptions.h b/sysoptions.h index ed838ba..3267d95 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -131,14 +131,6 @@ #define DROPBEAR_MD5_HMAC 0 #endif -/* Twofish counter mode is disabled by default because it -has not been tested for interoperability with other SSH implementations. -If you test it please contact the Dropbear author */ -#ifndef DROPBEAR_TWOFISH_CTR -#define DROPBEAR_TWOFISH_CTR 0 -#endif - - #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA)) /* Debian doesn't define this in system headers */ @@ -235,8 +227,6 @@ If you test it please contact the Dropbear author */ #define DROPBEAR_AES ((DROPBEAR_AES256) || (DROPBEAR_AES128)) -#define DROPBEAR_TWOFISH ((DROPBEAR_TWOFISH256) || (DROPBEAR_TWOFISH128)) - #define DROPBEAR_AEAD_MODE ((DROPBEAR_CHACHA20POLY1305) || (DROPBEAR_ENABLE_GCM_MODE)) #define DROPBEAR_CLI_ANYTCPFWD ((DROPBEAR_CLI_REMOTETCPFWD) || (DROPBEAR_CLI_LOCALTCPFWD)) @@ -280,8 +270,7 @@ If you test it please contact the Dropbear author */ #error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins" #endif -#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \ - || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128 || DROPBEAR_CHACHA20POLY1305) +#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_CHACHA20POLY1305) #error "At least one encryption algorithm must be enabled. AES128 is recommended." #endif |