# HG changeset patch # User Matt Johnston # Date 1648607019 -28800 # Node ID 13cb8cc1b0e4eb3af71aeb363ee0487e0bbe56db # Parent f978a15194baa326fe672a8a42c427f587c31573 Remove twofish and remnants of blowfish Twofish CTR was never enabled by default and CBC modes are deprecated diff -r f978a15194ba -r 13cb8cc1b0e4 SMALL --- a/SMALL Wed Mar 30 10:10:15 2022 +0800 +++ b/SMALL Wed Mar 30 10:23:39 2022 +0800 @@ -9,10 +9,7 @@ --- -The following are set in options.h: - - - You can safely disable blowfish and twofish ciphers, and MD5 hmac, without - affecting interoperability +The following are set in localoptions.h: - If you're compiling statically, you can turn off host lookups diff -r f978a15194ba -r 13cb8cc1b0e4 common-algo.c --- a/common-algo.c Wed Mar 30 10:10:15 2022 +0800 +++ b/common-algo.c Wed Mar 30 10:23:39 2022 +0800 @@ -64,14 +64,6 @@ static const struct dropbear_cipher dropbear_aes128 = {&aes_desc, 16, 16}; #endif -#if DROPBEAR_TWOFISH256 -static const struct dropbear_cipher dropbear_twofish256 = - {&twofish_desc, 32, 16}; -#endif -#if DROPBEAR_TWOFISH128 -static const struct dropbear_cipher dropbear_twofish128 = - {&twofish_desc, 16, 16}; -#endif #if DROPBEAR_3DES static const struct dropbear_cipher dropbear_3des = {&des3_desc, 24, 8}; @@ -156,15 +148,6 @@ #if DROPBEAR_AES256 {"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr}, #endif -#if DROPBEAR_TWOFISH_CTR -/* twofish ctr is conditional as it hasn't been tested for interoperability, see options.h */ -#if DROPBEAR_TWOFISH256 - {"twofish256-ctr", 0, &dropbear_twofish256, 1, &dropbear_mode_ctr}, -#endif -#if DROPBEAR_TWOFISH128 - {"twofish128-ctr", 0, &dropbear_twofish128, 1, &dropbear_mode_ctr}, -#endif -#endif /* DROPBEAR_TWOFISH_CTR */ #endif /* DROPBEAR_ENABLE_CTR_MODE */ #if DROPBEAR_ENABLE_CBC_MODE @@ -174,13 +157,6 @@ #if DROPBEAR_AES256 {"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc}, #endif -#if DROPBEAR_TWOFISH256 - {"twofish256-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc}, - {"twofish-cbc", 0, &dropbear_twofish256, 1, &dropbear_mode_cbc}, -#endif -#if DROPBEAR_TWOFISH128 - {"twofish128-cbc", 0, &dropbear_twofish128, 1, &dropbear_mode_cbc}, -#endif #endif /* DROPBEAR_ENABLE_CBC_MODE */ #if DROPBEAR_3DES diff -r f978a15194ba -r 13cb8cc1b0e4 crypto_desc.c --- a/crypto_desc.c Wed Mar 30 10:10:15 2022 +0800 +++ b/crypto_desc.c Wed Mar 30 10:23:39 2022 +0800 @@ -24,12 +24,6 @@ #if DROPBEAR_AES &aes_desc, #endif -#if DROPBEAR_BLOWFISH - &blowfish_desc, -#endif -#if DROPBEAR_TWOFISH - &twofish_desc, -#endif #if DROPBEAR_3DES &des3_desc, #endif diff -r f978a15194ba -r 13cb8cc1b0e4 default_options.h --- a/default_options.h Wed Mar 30 10:10:15 2022 +0800 +++ b/default_options.h Wed Mar 30 10:23:39 2022 +0800 @@ -95,8 +95,6 @@ #define DROPBEAR_AES128 1 #define DROPBEAR_AES256 1 #define DROPBEAR_3DES 0 -#define DROPBEAR_TWOFISH256 0 -#define DROPBEAR_TWOFISH128 0 /* Enable Chacha20-Poly1305 authenticated encryption mode. This is * generally faster than AES256 on CPU w/o dedicated AES instructions, diff -r f978a15194ba -r 13cb8cc1b0e4 sysoptions.h --- a/sysoptions.h Wed Mar 30 10:10:15 2022 +0800 +++ b/sysoptions.h Wed Mar 30 10:23:39 2022 +0800 @@ -131,14 +131,6 @@ #define DROPBEAR_MD5_HMAC 0 #endif -/* Twofish counter mode is disabled by default because it -has not been tested for interoperability with other SSH implementations. -If you test it please contact the Dropbear author */ -#ifndef DROPBEAR_TWOFISH_CTR -#define DROPBEAR_TWOFISH_CTR 0 -#endif - - #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA)) /* Debian doesn't define this in system headers */ @@ -235,8 +227,6 @@ #define DROPBEAR_AES ((DROPBEAR_AES256) || (DROPBEAR_AES128)) -#define DROPBEAR_TWOFISH ((DROPBEAR_TWOFISH256) || (DROPBEAR_TWOFISH128)) - #define DROPBEAR_AEAD_MODE ((DROPBEAR_CHACHA20POLY1305) || (DROPBEAR_ENABLE_GCM_MODE)) #define DROPBEAR_CLI_ANYTCPFWD ((DROPBEAR_CLI_REMOTETCPFWD) || (DROPBEAR_CLI_LOCALTCPFWD)) @@ -280,8 +270,7 @@ #error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins" #endif -#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \ - || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128 || DROPBEAR_CHACHA20POLY1305) +#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_CHACHA20POLY1305) #error "At least one encryption algorithm must be enabled. AES128 is recommended." #endif