diff options
-rw-r--r-- | rules/dropbear.in | 15 | ||||
-rw-r--r-- | rules/dropbear.make | 18 |
2 files changed, 31 insertions, 2 deletions
diff --git a/rules/dropbear.in b/rules/dropbear.in index fe2ada369..1c1d813fc 100644 --- a/rules/dropbear.in +++ b/rules/dropbear.in @@ -203,6 +203,21 @@ config DROPBEAR_TWOFISH256 bijective f function made by four key-dependent 8x8-bit S-boxes. +config DROPBEAR_CBC_CIPHERS + bool + prompt "CBC mode ciphers" + help + Enable CBC mode for ciphers. This has security issues though + is the most compatible with older SSH implementations. + +config DROPBEAR_CTR_CIPHERS + bool + prompt "Counter mode ciphers" + default y + help + Enable "Counter Mode" for ciphers. This is more secure than normal + CBC mode against certain attacks. This adds around 1kB to binary + size and is recommended for most cases. comment "Integrity, at least one required --- RFC Draft requires sha1-hmac and recommends sha1-96" diff --git a/rules/dropbear.make b/rules/dropbear.make index f03d0fc0d..ab9da5d29 100644 --- a/rules/dropbear.make +++ b/rules/dropbear.make @@ -18,8 +18,8 @@ PACKAGES-$(PTXCONF_DROPBEAR) += dropbear # # Paths and names # -DROPBEAR_VERSION := 2014.65 -DROPBEAR_MD5 := 1918604238817385a156840fa2c39490 +DROPBEAR_VERSION := 2015.67 +DROPBEAR_MD5 := e967e320344cd4bfebe321e3ab8514d6 DROPBEAR := dropbear-$(DROPBEAR_VERSION) DROPBEAR_SUFFIX := tar.bz2 DROPBEAR_URL := http://matt.ucc.asn.au/dropbear/releases/$(DROPBEAR).$(DROPBEAR_SUFFIX) @@ -163,7 +163,21 @@ else @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_TWOFISH128) endif +ifdef PTXCONF_DROPBEAR_CBC_CIPHERS + @echo "ptxdist: enabling cbc ciphers" + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ENABLE_CBC_MODE) +else + @echo "ptxdist: disabling cbc ciphers" + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ENABLE_CBC_MODE) +endif +ifdef PTXCONF_DROPBEAR_CTR_CIPHERS + @echo "ptxdist: enabling ctr ciphers" + @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ENABLE_CTR_MODE) +else + @echo "ptxdist: disabling ctr ciphers" + @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_ENABLE_CTR_MODE) +endif ifdef PTXCONF_DROPBEAR_SHA1 @echo "ptxdist: enabling sha1" |