How to support cipher 'none'?

Michael Wiedmann michael.wiedmann at aastra.com
Fri Nov 21 19:27:25 WST 2008


Hi,

I wonder how I could support 'none' as sshcipher.
I tried to add 

	{"none", 0, NULL, 1},

as first entry in 'sshciphers[]' and rebuilt the server and client.
In the TRACE msgs I can see, that client and server agree on 'none' 
as encryption method:

TRACE: buf_match_algo: none,aes128-cbc,3des-cbc,aes256-cbc
TRACE: enc c2s is  none
TRACE: buf_match_algo: none,aes128-cbc,3des-cbc,aes256-cbc
TRACE: enc s2c is  none

But the client dumps core before authentication is completed:

TRACE: leave send_msg_newkeys
TRACE: leave recv_msg_kexdh_init
TRACE: leave process_packet
TRACE: maybe_empty_reply_queue - no data allowed
TRACE: enter cli_sessionloop
TRACE: leave cli_sessionloop: kex_state != KEX_NOTHING
TRACE: enter write_packet
TRACE: empty queue dequeing
TRACE: leave write_packet
TRACE: enter read_packet
TRACE: enter decrypt_packet
TRACE: leave decrypt_packet
TRACE: leave read_packet
TRACE: enter process_packet
TRACE: process_packet: packet type = 21
TRACE: <- MSG_NEWKEYS
TRACE: enter recv_msg_newkeys
TRACE: while SENTNEWKEYS=1
TRACE: enter gen_new_keys
TRACE: enter buf_putmpint
TRACE: leave buf_putmpint
Segmentation fault (core dumped)

Cheers
Michael
PS: I try to find out how much overhead causes e.g. "aes128-cbc" and looking for 
    an easy way to switch between the offered ciphers from the client so that we
    can optionally setup an unencrypted connection.



More information about the Dropbear mailing list