This line in the Makefile is incorrect CBC_BROKEN= ./session.h:77:3: error: unknown type name 'symmetric_CBC' CBC functions correctly iff CTR is also selected. This is what I use and suggest CBC=on: Use CBC mode for ciphers (less secure) requires CTR CTR=on: Use CTR mode for ciphers (more secure) Which I have running on FreeBSD11.1 and 11.2Stable i386 and amd64 servers.
Created attachment 198027 [details] patch to add CBC_IMPLIES Perhaps this will do the trick?
Comment on attachment 198027 [details] patch to add CBC_IMPLIES Thank-you it does. Though I have a bit of a thing about, behind the scenes selection. I wouldn't rule out "some noddy" wanting CBC without CTR, perhaps in an effort to limit dropbear's size. Would it be possible to append to the CBC_DESC, ie (implies CTR). :)
(In reply to dewayne from comment #2) Will do. Need approval from maintainer tho, or to wait for the timeout.
I know about this issue, but I didn't have time to take care of it since I was busy with other things (related to FreeBSD ports as well), sorry. Anyway, this patch is good to go.
A commit references this bug: Author: swills Date: Fri Nov 9 19:42:12 UTC 2018 New revision: 484543 URL: https://svnweb.freebsd.org/changeset/ports/484543 Log: security/dropbear: fix CBC option PR: 232143 Reported by: dewayne@heuristicsystems.com.au Approved by: Piotr Kubaj <pkubaj@anongoth.pl> (maintainer) Changes: head/security/dropbear/Makefile
Committed, thanks!