Mercurial > dropbear
annotate sysoptions.h @ 1909:43ebe0028187
Add tests for dropbearconvert
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Tue, 29 Mar 2022 22:29:17 +0800 |
parents | 6f265a35159a |
children | 13cb8cc1b0e4 |
rev | line source |
---|---|
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /******************************************************************* |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * You shouldn't edit this file unless you know you need to. |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * This file is only included from options.h |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 *******************************************************************/ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 #ifndef DROPBEAR_VERSION |
1761 | 7 #define DROPBEAR_VERSION "2020.81" |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 #define PROGNAME "dropbear" |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 /* Spec recommends after one hour or 1 gigabyte of data. One hour |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * is a bit too verbose, so we try 8 hours */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 #ifndef KEX_REKEY_TIMEOUT |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 #define KEX_REKEY_TIMEOUT (3600 * 8) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 #ifndef KEX_REKEY_DATA |
887
0459ff21e320
Back out accidentally committed files
Matt Johnston <matt@ucc.asn.au>
parents:
886
diff
changeset
|
19 #define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */ |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 #ifndef AUTH_TIMEOUT |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 |
1514
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
26 #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS)) |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
27 |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
28 #if !(NON_INETD_MODE || INETD_MODE) |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
29 #error "NON_INETD_MODE or INETD_MODE (or both) must be enabled." |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
30 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
31 |
1861 | 32 /* Would probably work on freebsd but hasn't been tested */ |
1862
6f265a35159a
Fix -Wexpansion-to-defined failure on clang
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
33 #if defined(HAVE_FEXECVE) && DROPBEAR_REEXEC && defined(__linux__) |
6f265a35159a
Fix -Wexpansion-to-defined failure on clang
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
34 #define DROPBEAR_DO_REEXEC 1 |
6f265a35159a
Fix -Wexpansion-to-defined failure on clang
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
35 #else |
6f265a35159a
Fix -Wexpansion-to-defined failure on clang
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
36 #define DROPBEAR_DO_REEXEC 0 |
6f265a35159a
Fix -Wexpansion-to-defined failure on clang
Matt Johnston <matt@ucc.asn.au>
parents:
1861
diff
changeset
|
37 #endif |
1861 | 38 |
746
465fefc4f6e0
Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents:
745
diff
changeset
|
39 /* A client should try and send an initial key exchange packet guessing |
465fefc4f6e0
Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents:
745
diff
changeset
|
40 * the algorithm that will match - saves a round trip connecting, has little |
465fefc4f6e0
Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents:
745
diff
changeset
|
41 * overhead if the guess was "wrong". */ |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
42 #ifndef DROPBEAR_KEX_FIRST_FOLLOWS |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
43 #define DROPBEAR_KEX_FIRST_FOLLOWS 1 |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
44 #endif |
746
465fefc4f6e0
Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents:
745
diff
changeset
|
45 /* Use protocol extension to allow "first follows" to succeed more frequently. |
465fefc4f6e0
Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents:
745
diff
changeset
|
46 * This is currently Dropbear-specific but will gracefully fallback when connecting |
465fefc4f6e0
Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents:
745
diff
changeset
|
47 * to other implementations. */ |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
48 #ifndef DROPBEAR_KEXGUESS2 |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
49 #define DROPBEAR_KEXGUESS2 1 |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
50 #endif |
746
465fefc4f6e0
Put some #ifdef options around first-follows options in case they
Matt Johnston <matt@ucc.asn.au>
parents:
745
diff
changeset
|
51 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 /* Minimum key sizes for DSS and RSA */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 #ifndef MIN_DSS_KEYLEN |
1414
9236e7120c3e
increase min DSS and RSA lengths
Matt Johnston <matt@ucc.asn.au>
parents:
1342
diff
changeset
|
54 #define MIN_DSS_KEYLEN 1024 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 #ifndef MIN_RSA_KEYLEN |
1414
9236e7120c3e
increase min DSS and RSA lengths
Matt Johnston <matt@ucc.asn.au>
parents:
1342
diff
changeset
|
57 #define MIN_RSA_KEYLEN 1024 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 |
1832
a974a80f5f44
Banner size should account for newlines
Matt Johnston <matt@codeconstruct.com.au>
parents:
1831
diff
changeset
|
60 #define MAX_BANNER_SIZE 2050 /* this is 25*80 chars, any more is foolish */ |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 #define MAX_BANNER_LINES 20 /* How many lines the client will display */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 /* the number of NAME=VALUE pairs to malloc for environ, if we don't have |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 * the clearenv() function */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 #define ENV_SIZE 100 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 |
1138
cc3916a7afd9
increase MAX_CMD_LEN to 9000
Matt Johnston <matt@ucc.asn.au>
parents:
1084
diff
changeset
|
67 #define MAX_CMD_LEN 9000 /* max length of a command */ |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 #define MAX_TERM_LEN 200 /* max length of TERM name */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 #define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 #define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified, |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 ipv4 and ipv6 don't count twice */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 /* Each port might have at least a v4 and a v6 address */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
77 #define MAX_LISTEN_ADDR (DROPBEAR_MAX_PORTS*3) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
78 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 #define _PATH_TTY "/dev/tty" |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
80 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 #define _PATH_CP "/bin/cp" |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 |
722
4a274f47eabd
Add ~. and ~^Z handling to exit/suspend dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
718
diff
changeset
|
83 #define DROPBEAR_ESCAPE_CHAR '~' |
4a274f47eabd
Add ~. and ~^Z handling to exit/suspend dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
718
diff
changeset
|
84 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 /* success/failure defines */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 #define DROPBEAR_SUCCESS 0 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 #define DROPBEAR_FAILURE -1 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
88 |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
89 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD" |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
90 |
1537
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1517
diff
changeset
|
91 #define DROPBEAR_NGROUP_MAX 1024 |
6a83b1944432
Fix restricted group code for BSDs, move to separate function
Matt Johnston <matt@ucc.asn.au>
parents:
1517
diff
changeset
|
92 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
93 /* Required for pubkey auth */ |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
94 #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) || (DROPBEAR_CLIENT)) |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
95 |
1831
0a3d02c66bf6
Comment on reason for DROPBEAR_MAX_PASSWORD_LEN limit
Matt Johnston <matt@codeconstruct.com.au>
parents:
1761
diff
changeset
|
96 /* crypt(password) must take less time than the auth failure delay |
0a3d02c66bf6
Comment on reason for DROPBEAR_MAX_PASSWORD_LEN limit
Matt Johnston <matt@codeconstruct.com.au>
parents:
1761
diff
changeset
|
97 (250ms set in svr-auth.c). On Linux the delay depends on |
0a3d02c66bf6
Comment on reason for DROPBEAR_MAX_PASSWORD_LEN limit
Matt Johnston <matt@codeconstruct.com.au>
parents:
1761
diff
changeset
|
98 password length, 100 characters here was empirically derived. |
0a3d02c66bf6
Comment on reason for DROPBEAR_MAX_PASSWORD_LEN limit
Matt Johnston <matt@codeconstruct.com.au>
parents:
1761
diff
changeset
|
99 |
0a3d02c66bf6
Comment on reason for DROPBEAR_MAX_PASSWORD_LEN limit
Matt Johnston <matt@codeconstruct.com.au>
parents:
1761
diff
changeset
|
100 If a longer password is allowed Dropbear cannot compensate |
0a3d02c66bf6
Comment on reason for DROPBEAR_MAX_PASSWORD_LEN limit
Matt Johnston <matt@codeconstruct.com.au>
parents:
1761
diff
changeset
|
101 for the crypt time which will expose which usernames exist */ |
1640
228b086794b7
limit password length to 100
Matt Johnston <matt@ucc.asn.au>
parents:
1617
diff
changeset
|
102 #define DROPBEAR_MAX_PASSWORD_LEN 100 |
228b086794b7
limit password length to 100
Matt Johnston <matt@ucc.asn.au>
parents:
1617
diff
changeset
|
103 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
104 #define SHA1_HASH_SIZE 20 |
1855
35d504d59c05
Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents:
1834
diff
changeset
|
105 #define SHA256_HASH_SIZE 32 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 #define MD5_HASH_SIZE 16 |
855
04ede40a529a
- Some fixes for old compilers like tru64 v4 from Daniel Richard G.
Matt Johnston <matt@ucc.asn.au>
parents:
850
diff
changeset
|
107 #define MAX_HASH_SIZE 64 /* sha512 */ |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
109 #if DROPBEAR_CHACHA20POLY1305 |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
110 #define MAX_KEY_LEN 64 /* 2 x 256 bits for chacha20 */ |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
111 #else |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */ |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
113 #endif |
762
a78a38e402d1
- Fix various hardcoded uses of SHA1
Matt Johnston <matt@ucc.asn.au>
parents:
761
diff
changeset
|
114 #define MAX_IV_LEN 20 /* must be same as max blocksize, */ |
715
cd3d3c63d189
Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents:
710
diff
changeset
|
115 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
116 #if DROPBEAR_SHA2_512_HMAC |
715
cd3d3c63d189
Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents:
710
diff
changeset
|
117 #define MAX_MAC_LEN 64 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
118 #elif DROPBEAR_SHA2_256_HMAC |
715
cd3d3c63d189
Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents:
710
diff
changeset
|
119 #define MAX_MAC_LEN 32 |
679
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
668
diff
changeset
|
120 #else |
715
cd3d3c63d189
Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents:
710
diff
changeset
|
121 #define MAX_MAC_LEN 20 |
679
03073a27abb3
- Add hmac-sha2-256 and hmac-sha2-512. Needs debugging, seems to be
Matt Johnston <matt@ucc.asn.au>
parents:
668
diff
changeset
|
122 #endif |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 |
1517
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
124 /* sha2-512 is not necessary unless unforseen problems arise with sha2-256 */ |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
125 #ifndef DROPBEAR_SHA2_512_HMAC |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
126 #define DROPBEAR_SHA2_512_HMAC 0 |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
127 #endif |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
128 |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
129 /* might be needed for compatibility with very old implementations */ |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
130 #ifndef DROPBEAR_MD5_HMAC |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
131 #define DROPBEAR_MD5_HMAC 0 |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
132 #endif |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
133 |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
134 /* Twofish counter mode is disabled by default because it |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
135 has not been tested for interoperability with other SSH implementations. |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
136 If you test it please contact the Dropbear author */ |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
137 #ifndef DROPBEAR_TWOFISH_CTR |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
138 #define DROPBEAR_TWOFISH_CTR 0 |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
139 #endif |
7c7c5326ad73
clean up some default options
Matt Johnston <matt@ucc.asn.au>
parents:
1514
diff
changeset
|
140 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
141 |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
142 #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA)) |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
143 |
838
4365e12c68e6
A few small fixes for ECC compilation
Matt Johnston <matt@ucc.asn.au>
parents:
835
diff
changeset
|
144 /* Debian doesn't define this in system headers */ |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
145 #if !defined(LTM_DESC) && (DROPBEAR_ECC) |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
146 #define LTM_DESC |
869
c63e7644db60
Only define LTM_DESC if it isn't already
Matt Johnston <matt@ucc.asn.au>
parents:
861
diff
changeset
|
147 #endif |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
148 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
149 #define DROPBEAR_ECC_256 (DROPBEAR_ECC) |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
150 #define DROPBEAR_ECC_384 (DROPBEAR_ECC) |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
151 #define DROPBEAR_ECC_521 (DROPBEAR_ECC) |
756 | 152 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
153 #define DROPBEAR_LTC_PRNG (DROPBEAR_ECC) |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
154 |
850
7507b174bba0
- Make curve25519 work after fixing a typo, interoperates with OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
155 /* RSA can be vulnerable to timing attacks which use the time required for |
7507b174bba0
- Make curve25519 work after fixing a typo, interoperates with OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
156 * signing to guess the private key. Blinding avoids this attack, though makes |
7507b174bba0
- Make curve25519 work after fixing a typo, interoperates with OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
157 * signing operations slightly slower. */ |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
158 #define DROPBEAR_RSA_BLINDING 1 |
850
7507b174bba0
- Make curve25519 work after fixing a typo, interoperates with OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
159 |
1674
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
160 #ifndef DROPBEAR_RSA_SHA1 |
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
161 #define DROPBEAR_RSA_SHA1 DROPBEAR_RSA |
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
162 #endif |
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
163 #ifndef DROPBEAR_RSA_SHA256 |
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
164 #define DROPBEAR_RSA_SHA256 DROPBEAR_RSA |
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
165 #endif |
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
166 |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
838
diff
changeset
|
167 /* hashes which will be linked and registered */ |
1674
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
168 #define DROPBEAR_SHA256 ((DROPBEAR_SHA2_256_HMAC) || (DROPBEAR_ECC_256) \ |
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
169 || (DROPBEAR_CURVE25519) || (DROPBEAR_DH_GROUP14_SHA256) \ |
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
170 || (DROPBEAR_RSA_SHA256)) |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
171 #define DROPBEAR_SHA384 (DROPBEAR_ECC_384) |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
838
diff
changeset
|
172 /* LTC SHA384 depends on SHA512 */ |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
173 #define DROPBEAR_SHA512 ((DROPBEAR_SHA2_512_HMAC) || (DROPBEAR_ECC_521) \ |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
174 || (DROPBEAR_SHA384) || (DROPBEAR_DH_GROUP16) \ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
175 || (DROPBEAR_ED25519)) |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
176 #define DROPBEAR_MD5 (DROPBEAR_MD5_HMAC) |
759
76fba0856749
More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents:
756
diff
changeset
|
177 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
178 #define DROPBEAR_DH_GROUP14 ((DROPBEAR_DH_GROUP14_SHA256) || (DROPBEAR_DH_GROUP14_SHA1)) |
1294
56aba7dedbea
options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents:
1293
diff
changeset
|
179 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
180 #define DROPBEAR_NORMAL_DH ((DROPBEAR_DH_GROUP1) || (DROPBEAR_DH_GROUP14) || (DROPBEAR_DH_GROUP16)) |
1248
739b3909c499
Get rid of group15, move group16 to sha512.
Matt Johnston <matt@ucc.asn.au>
parents:
1230
diff
changeset
|
181 |
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
182 /* Dropbear only uses server-sig-algs, only needed if we have rsa-sha256 pubkey auth */ |
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
183 #define DROPBEAR_EXT_INFO ((DROPBEAR_RSA_SHA256) \ |
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
184 && ((DROPBEAR_CLI_PUBKEY_AUTH) || (DROPBEAR_SVR_PUBKEY_AUTH))) |
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
185 |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
838
diff
changeset
|
186 /* roughly 2x 521 bits */ |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
187 #define MAX_ECC_SIZE 140 |
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
188 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
189 #define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 explicitly specified for all protocols (just |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
191 for algos) but seems valid */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
192 |
1753
7c0fcd19e492
Increase MAX_PROPOSED_ALGO to 50, warn if exceeded
Matt Johnston <matt@ucc.asn.au>
parents:
1734
diff
changeset
|
193 #define MAX_PROPOSED_ALGO 50 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
195 /* size/count limits */ |
603
3aa74a4d83ae
Refer to RFCs rather than drafts, update some section references
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
196 /* From transport rfc */ |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
197 #define MIN_PACKET_LEN 16 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 #define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100))) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 /* for channel code */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
202 #define TRANS_MAX_WINDOW 500000000 /* 500MB is sufficient, stopping overflow */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
203 #define TRANS_MAX_WIN_INCR 500000000 /* overflow prevention */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
204 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 #define RECV_WINDOWEXTEND (opts.recv_window / 3) /* We send a "window extend" every |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
206 RECV_WINDOWEXTEND bytes */ |
1834
94dc11094e26
Increase max window size to 10MB, fallback rather than
Matt Johnston <matt@codeconstruct.com.au>
parents:
1832
diff
changeset
|
207 #define MAX_RECV_WINDOW (10*1024*1024) /* 10 MB should be enough */ |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 |
1169
41a5820cab8b
Increase channel limit to 1000
Matt Johnston <matt@ucc.asn.au>
parents:
1147
diff
changeset
|
209 #define MAX_CHANNELS 1000 /* simple mem restriction, includes each tcp/x11 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 connection, so can't be _too_ small */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
211 |
1138
cc3916a7afd9
increase MAX_CMD_LEN to 9000
Matt Johnston <matt@ucc.asn.au>
parents:
1084
diff
changeset
|
212 #define MAX_STRING_LEN (MAX(MAX_CMD_LEN, 2400)) /* Sun SSH needs 2400 for algos, |
cc3916a7afd9
increase MAX_CMD_LEN to 9000
Matt Johnston <matt@ucc.asn.au>
parents:
1084
diff
changeset
|
213 MAX_CMD_LEN is usually longer */ |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 /* For a 4096 bit DSS key, empirically determined */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 #define MAX_PUBKEY_SIZE 1700 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
217 /* For a 4096 bit DSS key, empirically determined */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
218 #define MAX_PRIVKEY_SIZE 1700 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
219 |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
220 #define MAX_HOSTKEYS 4 |
795 | 221 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 /* The maximum size of the bignum portion of the kexhash buffer */ |
603
3aa74a4d83ae
Refer to RFCs rather than drafts, update some section references
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
223 /* Sect. 8 of the transport rfc 4253, K_S + e + f + K */ |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
224 #define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
225 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
226 #define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
227 in a few years time.... */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
228 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
229 #define DROPBEAR_MAX_CLI_PASS 1024 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
230 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
231 #define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
232 accept for keyb-interactive |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
233 auth */ |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
234 |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
878
diff
changeset
|
235 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
236 #define DROPBEAR_AES ((DROPBEAR_AES256) || (DROPBEAR_AES128)) |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
237 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
238 #define DROPBEAR_TWOFISH ((DROPBEAR_TWOFISH256) || (DROPBEAR_TWOFISH128)) |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
239 |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
240 #define DROPBEAR_AEAD_MODE ((DROPBEAR_CHACHA20POLY1305) || (DROPBEAR_ENABLE_GCM_MODE)) |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
241 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
242 #define DROPBEAR_CLI_ANYTCPFWD ((DROPBEAR_CLI_REMOTETCPFWD) || (DROPBEAR_CLI_LOCALTCPFWD)) |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
243 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
244 #define DROPBEAR_TCP_ACCEPT ((DROPBEAR_CLI_LOCALTCPFWD) || (DROPBEAR_SVR_REMOTETCPFWD)) |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
245 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
246 #define DROPBEAR_LISTENERS \ |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
247 ((DROPBEAR_CLI_REMOTETCPFWD) || (DROPBEAR_CLI_LOCALTCPFWD) || \ |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
248 (DROPBEAR_SVR_REMOTETCPFWD) || (DROPBEAR_SVR_LOCALTCPFWD) || \ |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
249 (DROPBEAR_SVR_AGENTFWD) || (DROPBEAR_X11FWD)) |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
250 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
251 #define DROPBEAR_CLI_MULTIHOP ((DROPBEAR_CLI_NETCAT) && (DROPBEAR_CLI_PROXYCMD)) |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
252 |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1477
diff
changeset
|
253 #define ENABLE_CONNECT_UNIX ((DROPBEAR_CLI_AGENTFWD) || (DROPBEAR_USE_PRNGD)) |
547
cf376c696dfc
Make it compile, update for changes in channel structure.
Matt Johnston <matt@ucc.asn.au>
parents:
521
diff
changeset
|
254 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
255 /* if we're using authorized_keys or known_hosts */ |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
256 #define DROPBEAR_KEY_LINES ((DROPBEAR_CLIENT) || (DROPBEAR_SVR_PUBKEY_AUTH)) |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
257 |
605
53c21d4ec98a
- Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
258 /* Changing this is inadvisable, it appears to have problems |
53c21d4ec98a
- Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
259 * with flushing compressed data */ |
53c21d4ec98a
- Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
260 #define DROPBEAR_ZLIB_MEM_LEVEL 8 |
53c21d4ec98a
- Don't allow setting memLevel since that doesn't work properly
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
261 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
262 #if (DROPBEAR_SVR_PASSWORD_AUTH) && (DROPBEAR_SVR_PAM_AUTH) |
1615
cd23631dab5c
fix error message to say localoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1554
diff
changeset
|
263 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in localoptions.h" |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
264 #endif |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
265 |
1514
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
266 /* PAM requires ./configure --enable-pam */ |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
267 #if !defined(HAVE_LIBPAM) && DROPBEAR_SVR_PAM_AUTH |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
268 #error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?" |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
269 #endif |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
270 |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
271 #if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
272 #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'." |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
273 #endif |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
274 |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
275 #if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH) |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
276 #error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended." |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
277 #endif |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
278 |
1654 | 279 #if (DROPBEAR_PLUGIN && !DROPBEAR_SVR_PUBKEY_AUTH) |
280 #error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins" | |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1650
diff
changeset
|
281 #endif |
1514
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
282 |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
283 #if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \ |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1659
diff
changeset
|
284 || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128 || DROPBEAR_CHACHA20POLY1305) |
1514
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
285 #error "At least one encryption algorithm must be enabled. AES128 is recommended." |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
286 #endif |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
287 |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
288 #if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA || DROPBEAR_ED25519) |
1514
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
289 #error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended." |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
290 #endif |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
291 |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
292 /* Source for randomness. This must be able to provide hundreds of bytes per SSH |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
293 * connection without blocking. */ |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
294 #ifndef DROPBEAR_URANDOM_DEV |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
295 #define DROPBEAR_URANDOM_DEV "/dev/urandom" |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
296 #endif |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
297 |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
298 /* client keyboard interactive authentication is often used for password auth. |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
299 rfc4256 */ |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
300 #define DROPBEAR_CLI_INTERACT_AUTH (DROPBEAR_CLI_PASSWORD_AUTH) |
6c16a05023aa
rename some options and move some to sysoptions.h
Matt Johnston <matt@ucc.asn.au>
parents:
1499
diff
changeset
|
301 |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
302 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
303 * code, if we're just compiling as client or server */ |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
304 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT) |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
305 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
306 #define IS_DROPBEAR_SERVER (ses.isserver == 1) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
307 #define IS_DROPBEAR_CLIENT (ses.isserver == 0) |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
308 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
309 #elif DROPBEAR_SERVER |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
310 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
311 #define IS_DROPBEAR_SERVER 1 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
312 #define IS_DROPBEAR_CLIENT 0 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
313 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
314 #elif DROPBEAR_CLIENT |
499
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
315 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
316 #define IS_DROPBEAR_SERVER 0 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
317 #define IS_DROPBEAR_CLIENT 1 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
318 |
f3ca5ebc319a
Split options.h out into sysoptions.h for options that aren't usually
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
319 #else |
521
cc2dff9bd671
- Allow building with neither server nor client specified
Matt Johnston <matt@ucc.asn.au>
parents:
516
diff
changeset
|
320 /* Just building key utils? */ |
cc2dff9bd671
- Allow building with neither server nor client specified
Matt Johnston <matt@ucc.asn.au>
parents:
516
diff
changeset
|
321 #define IS_DROPBEAR_SERVER 0 |
cc2dff9bd671
- Allow building with neither server nor client specified
Matt Johnston <matt@ucc.asn.au>
parents:
516
diff
changeset
|
322 #define IS_DROPBEAR_CLIENT 0 |
cc2dff9bd671
- Allow building with neither server nor client specified
Matt Johnston <matt@ucc.asn.au>
parents:
516
diff
changeset
|
323 |
667
fc7ae88e63b3
Rename HAVE_FORK to USE_VFORK
Matt Johnston <matt@ucc.asn.au>
parents:
661
diff
changeset
|
324 #endif /* neither DROPBEAR_SERVER nor DROPBEAR_CLIENT */ |
fc7ae88e63b3
Rename HAVE_FORK to USE_VFORK
Matt Johnston <matt@ucc.asn.au>
parents:
661
diff
changeset
|
325 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
326 #ifdef HAVE_FORK |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
327 #define DROPBEAR_VFORK 0 |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
328 #else |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
329 #define DROPBEAR_VFORK 1 |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
330 #endif |
667
fc7ae88e63b3
Rename HAVE_FORK to USE_VFORK
Matt Johnston <matt@ucc.asn.au>
parents:
661
diff
changeset
|
331 |
1440
8b74d5f876a7
sysoptions.h: Add ability to override DROPBEAR_LISTEN_BACKLOG
Ben Gardner <bgardner@wabtec.com>
parents:
1342
diff
changeset
|
332 #ifndef DROPBEAR_LISTEN_BACKLOG |
936
d93a6bcf616f
Improve handling lots of concurrent forwarded connections. Increase
Matt Johnston <matt@ucc.asn.au>
parents:
902
diff
changeset
|
333 #if MAX_UNAUTH_CLIENTS > MAX_CHANNELS |
d93a6bcf616f
Improve handling lots of concurrent forwarded connections. Increase
Matt Johnston <matt@ucc.asn.au>
parents:
902
diff
changeset
|
334 #define DROPBEAR_LISTEN_BACKLOG MAX_UNAUTH_CLIENTS |
d93a6bcf616f
Improve handling lots of concurrent forwarded connections. Increase
Matt Johnston <matt@ucc.asn.au>
parents:
902
diff
changeset
|
335 #else |
d93a6bcf616f
Improve handling lots of concurrent forwarded connections. Increase
Matt Johnston <matt@ucc.asn.au>
parents:
902
diff
changeset
|
336 #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS |
d93a6bcf616f
Improve handling lots of concurrent forwarded connections. Increase
Matt Johnston <matt@ucc.asn.au>
parents:
902
diff
changeset
|
337 #endif |
1440
8b74d5f876a7
sysoptions.h: Add ability to override DROPBEAR_LISTEN_BACKLOG
Ben Gardner <bgardner@wabtec.com>
parents:
1342
diff
changeset
|
338 #endif |
936
d93a6bcf616f
Improve handling lots of concurrent forwarded connections. Increase
Matt Johnston <matt@ucc.asn.au>
parents:
902
diff
changeset
|
339 |
1040
2b4fd440399d
Free memory before exiting. Based on patch from Thorsten Horstmann.
Matt Johnston <matt@ucc.asn.au>
parents:
1009
diff
changeset
|
340 /* free memory before exiting */ |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
341 #define DROPBEAR_CLEANUP 1 |
1040
2b4fd440399d
Free memory before exiting. Based on patch from Thorsten Horstmann.
Matt Johnston <matt@ucc.asn.au>
parents:
1009
diff
changeset
|
342 |
970
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
343 /* Use this string since some implementations might special-case it */ |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
344 #define DROPBEAR_KEEPALIVE_STRING "[email protected]" |
0bb16232e7c4
Make keepalive handling more robust, this should now match what OpenSSH does
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
345 |
1084
2265d7ebfdeb
separate client/server fastopen options
Matt Johnston <matt@ucc.asn.au>
parents:
1049
diff
changeset
|
346 /* Linux will attempt TCP fast open, falling back if not supported by the kernel. |
2265d7ebfdeb
separate client/server fastopen options
Matt Johnston <matt@ucc.asn.au>
parents:
1049
diff
changeset
|
347 * Currently server is enabled but client is disabled by default until there |
2265d7ebfdeb
separate client/server fastopen options
Matt Johnston <matt@ucc.asn.au>
parents:
1049
diff
changeset
|
348 * is further compatibility testing */ |
1033
ca71904cf3ee
Fixes for backwards compatibility
Matt Johnston <matt@ucc.asn.au>
parents:
1009
diff
changeset
|
349 #ifdef __linux__ |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
350 #define DROPBEAR_SERVER_TCP_FAST_OPEN 1 |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
351 #define DROPBEAR_CLIENT_TCP_FAST_OPEN 0 |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
352 #else |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
353 #define DROPBEAR_SERVER_TCP_FAST_OPEN 0 |
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
354 #define DROPBEAR_CLIENT_TCP_FAST_OPEN 0 |
1033
ca71904cf3ee
Fixes for backwards compatibility
Matt Johnston <matt@ucc.asn.au>
parents:
1009
diff
changeset
|
355 #endif |
ca71904cf3ee
Fixes for backwards compatibility
Matt Johnston <matt@ucc.asn.au>
parents:
1009
diff
changeset
|
356 |
1569
c42e8ff42bd1
Only use malloc wrapper if fuzzing
Matt Johnston <matt@ucc.asn.au>
parents:
1554
diff
changeset
|
357 #define DROPBEAR_TRACKING_MALLOC (DROPBEAR_FUZZ) |
c42e8ff42bd1
Only use malloc wrapper if fuzzing
Matt Johnston <matt@ucc.asn.au>
parents:
1554
diff
changeset
|
358 |
1596
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1569
diff
changeset
|
359 /* Used to work around Memory Sanitizer false positives */ |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1569
diff
changeset
|
360 #if defined(__has_feature) |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1569
diff
changeset
|
361 # if __has_feature(memory_sanitizer) |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1569
diff
changeset
|
362 # define DROPBEAR_MSAN 1 |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1569
diff
changeset
|
363 # endif |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1569
diff
changeset
|
364 #endif |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1569
diff
changeset
|
365 #ifndef DROPBEAR_MSAN |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1569
diff
changeset
|
366 #define DROPBEAR_MSAN 0 |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1569
diff
changeset
|
367 #endif |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1569
diff
changeset
|
368 |
60fceff95858
workaround memory sanitizer FD_ZERO false positives
Matt Johnston <matt@ucc.asn.au>
parents:
1569
diff
changeset
|
369 |
667
fc7ae88e63b3
Rename HAVE_FORK to USE_VFORK
Matt Johnston <matt@ucc.asn.au>
parents:
661
diff
changeset
|
370 /* no include guard for this file */ |