Mercurial > dropbear

comparison default_options.h @ 1519:2f4d52b1334e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
missed regenerating
author Matt Johnston <matt@ucc.asn.au>
date Sun, 18 Feb 2018 23:48:24 +0800
parents 6c16a05023aa
children
comparison
equal deleted inserted replaced
1518:b222c027a733 1519:2f4d52b1334e
14 14
15 Local customisation should be added to localoptions.h which is 15 Local customisation should be added to localoptions.h which is
16 used if it exists. Options defined there will override any options in this 16 used if it exists. Options defined there will override any options in this
17 file. 17 file.
18 18
19 Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS 19 Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS
20 20
21 IMPORTANT: Many options will require "make clean" after changes */ 21 IMPORTANT: Some options will require "make clean" after changes */
22 22
23 #ifndef DROPBEAR_DEFPORT 23 #ifndef DROPBEAR_DEFPORT
24 #define DROPBEAR_DEFPORT "22" 24 #define DROPBEAR_DEFPORT "22"
25 #endif 25 #endif
26 26
62 #ifndef DEBUG_TRACE 62 #ifndef DEBUG_TRACE
63 #define DEBUG_TRACE 0 63 #define DEBUG_TRACE 0
64 #endif 64 #endif
65 65
66 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save 66 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
67 several kB in binary size however will make the symmetrical ciphers and hashes 67 * several kB in binary size however will make the symmetrical ciphers and hashes
68 slower, perhaps by 50%. Recommended for small systems that aren't doing 68 * slower, perhaps by 50%. Recommended for small systems that aren't doing
69 much traffic. */ 69 * much traffic. */
70 #ifndef DROPBEAR_SMALL_CODE 70 #ifndef DROPBEAR_SMALL_CODE
71 #define DROPBEAR_SMALL_CODE 1 71 #define DROPBEAR_SMALL_CODE 1
72 #endif 72 #endif
73 73
74 /* Enable X11 Forwarding - server only */ 74 /* Enable X11 Forwarding - server only */
77 #endif 77 #endif
78 78
79 /* Enable TCP Fowarding */ 79 /* Enable TCP Fowarding */
80 /* 'Local' is "-L" style (client listening port forwarded via server) 80 /* 'Local' is "-L" style (client listening port forwarded via server)
81 * 'Remote' is "-R" style (server listening port forwarded via client) */ 81 * 'Remote' is "-R" style (server listening port forwarded via client) */
82
83 #ifndef DROPBEAR_CLI_LOCALTCPFWD 82 #ifndef DROPBEAR_CLI_LOCALTCPFWD
84 #define DROPBEAR_CLI_LOCALTCPFWD 1 83 #define DROPBEAR_CLI_LOCALTCPFWD 1
85 #endif 84 #endif
86 #ifndef DROPBEAR_CLI_REMOTETCPFWD 85 #ifndef DROPBEAR_CLI_REMOTETCPFWD
87 #define DROPBEAR_CLI_REMOTETCPFWD 1 86 #define DROPBEAR_CLI_REMOTETCPFWD 1
135 #endif 134 #endif
136 #ifndef DROPBEAR_AES256 135 #ifndef DROPBEAR_AES256
137 #define DROPBEAR_AES256 1 136 #define DROPBEAR_AES256 1
138 #endif 137 #endif
139 #ifndef DROPBEAR_TWOFISH256 138 #ifndef DROPBEAR_TWOFISH256
140 #define DROPBEAR_TWOFISH256 1 139 #define DROPBEAR_TWOFISH256 0
141 #endif 140 #endif
142 #ifndef DROPBEAR_TWOFISH128 141 #ifndef DROPBEAR_TWOFISH128
143 #define DROPBEAR_TWOFISH128 1 142 #define DROPBEAR_TWOFISH128 0
144 #endif 143 #endif
145 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ 144 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
146 #ifndef DROPBEAR_BLOWFISH 145 #ifndef DROPBEAR_BLOWFISH
147 #define DROPBEAR_BLOWFISH 0 146 #define DROPBEAR_BLOWFISH 0
148 #endif 147 #endif
158 * and forwards compatibility */ 157 * and forwards compatibility */
159 #ifndef DROPBEAR_ENABLE_CTR_MODE 158 #ifndef DROPBEAR_ENABLE_CTR_MODE
160 #define DROPBEAR_ENABLE_CTR_MODE 1 159 #define DROPBEAR_ENABLE_CTR_MODE 1
161 #endif 160 #endif
162 161
163 /* Twofish counter mode is disabled by default because it
164 has not been tested for interoperability with other SSH implementations.
165 If you test it please contact the Dropbear author */
166 #ifndef DROPBEAR_TWOFISH_CTR
167 #define DROPBEAR_TWOFISH_CTR 0
168 #endif
169
170 /* Message integrity. sha2-256 is recommended as a default, 162 /* Message integrity. sha2-256 is recommended as a default,
171 sha1 for compatibility */ 163 sha1 for compatibility */
172 #ifndef DROPBEAR_SHA1_HMAC 164 #ifndef DROPBEAR_SHA1_HMAC
173 #define DROPBEAR_SHA1_HMAC 1 165 #define DROPBEAR_SHA1_HMAC 1
174 #endif 166 #endif
175 #ifndef DROPBEAR_SHA1_96_HMAC 167 #ifndef DROPBEAR_SHA1_96_HMAC
176 #define DROPBEAR_SHA1_96_HMAC 1 168 #define DROPBEAR_SHA1_96_HMAC 1
177 #endif 169 #endif
178 #ifndef DROPBEAR_SHA2_256_HMAC 170 #ifndef DROPBEAR_SHA2_256_HMAC
179 #define DROPBEAR_SHA2_256_HMAC 1 171 #define DROPBEAR_SHA2_256_HMAC 1
180 #endif
181 /* Default is to include it if sha512 is being compiled in for ECDSA */
182 #ifndef DROPBEAR_SHA2_512_HMAC
183 #define DROPBEAR_SHA2_512_HMAC (DROPBEAR_ECDSA)
184 #endif
185
186 /* XXX needed for fingerprints */
187 #ifndef DROPBEAR_MD5_HMAC
188 #define DROPBEAR_MD5_HMAC 0
189 #endif 172 #endif
190 173
191 /* Hostkey/public key algorithms - at least one required, these are used 174 /* Hostkey/public key algorithms - at least one required, these are used
192 * for hostkey as well as for verifying signatures with pubkey auth. 175 * for hostkey as well as for verifying signatures with pubkey auth.
193 * Removing either of these won't save very much space. 176 * Removing either of these won't save very much space.
220 with badly seeded /dev/urandom when systems first boot. */ 203 with badly seeded /dev/urandom when systems first boot. */
221 #ifndef DROPBEAR_DELAY_HOSTKEY 204 #ifndef DROPBEAR_DELAY_HOSTKEY
222 #define DROPBEAR_DELAY_HOSTKEY 1 205 #define DROPBEAR_DELAY_HOSTKEY 1
223 #endif 206 #endif
224 207
225 /* Enable Curve25519 for key exchange. This is another elliptic
226 * curve method with good security properties. Increases binary size
227 * by ~8kB on x86-64 */
228 #ifndef DROPBEAR_CURVE25519
229 #define DROPBEAR_CURVE25519 1
230 #endif
231
232 /* Enable elliptic curve Diffie Hellman key exchange, see note about
233 * ECDSA above */
234 #ifndef DROPBEAR_ECDH
235 #define DROPBEAR_ECDH 1
236 #endif
237 208
238 /* Key exchange algorithm. 209 /* Key exchange algorithm.
210
239 * group14_sha1 - 2048 bit, sha1 211 * group14_sha1 - 2048 bit, sha1
240 * group14_sha256 - 2048 bit, sha2-256 212 * group14_sha256 - 2048 bit, sha2-256
241 * group16 - 4096 bit, sha2-512 213 * group16 - 4096 bit, sha2-512
242 * group1 - 1024 bit, sha1 214 * group1 - 1024 bit, sha1
215 * curve25519 - elliptic curve DH
216 * ecdh - NIST elliptic curve DH (256, 384, 521)
243 * 217 *
218 * group1 is too small for security though is necessary if you need
219 compatibility with some implementations such as Dropbear versions < 0.53
244 * group14 is supported by most implementations. 220 * group14 is supported by most implementations.
245 * group16 provides a greater strength level but is slower and increases binary size 221 * group16 provides a greater strength level but is slower and increases binary size
246 * group1 is too small for security though is necessary if you need 222 * curve25519 and ecdh algorithms are faster than non-elliptic curve methods
247 compatibility with some implementations such as Dropbear versions < 0.53 223 * curve25519 increases binary size by ~8kB on x86-64
224 * including either ECDH or ECDSA increases binary size by ~30kB on x86-64
225
226 * Small systems should generally include either curve25519 or ecdh for performance.
227 * curve25519 is less widely supported but is faster
248 */ 228 */
249 #ifndef DROPBEAR_DH_GROUP1 229 #ifndef DROPBEAR_DH_GROUP1
250 #define DROPBEAR_DH_GROUP1 1 230 #define DROPBEAR_DH_GROUP1 1
251 #endif 231 #endif
252 #ifndef DROPBEAR_DH_GROUP14_SHA1 232 #ifndef DROPBEAR_DH_GROUP14_SHA1
255 #ifndef DROPBEAR_DH_GROUP14_SHA256 235 #ifndef DROPBEAR_DH_GROUP14_SHA256
256 #define DROPBEAR_DH_GROUP14_SHA256 1 236 #define DROPBEAR_DH_GROUP14_SHA256 1
257 #endif 237 #endif
258 #ifndef DROPBEAR_DH_GROUP16 238 #ifndef DROPBEAR_DH_GROUP16
259 #define DROPBEAR_DH_GROUP16 0 239 #define DROPBEAR_DH_GROUP16 0
240 #endif
241 #ifndef DROPBEAR_CURVE25519
242 #define DROPBEAR_CURVE25519 1
243 #endif
244 #ifndef DROPBEAR_ECDH
245 #define DROPBEAR_ECDH 1
260 #endif 246 #endif
261 247
262 /* Control the memory/performance/compression tradeoff for zlib. 248 /* Control the memory/performance/compression tradeoff for zlib.
263 * Set windowBits=8 for least memory usage, see your system's 249 * Set windowBits=8 for least memory usage, see your system's
264 * zlib.h for full details. 250 * zlib.h for full details.
277 263
278 /* Whether to print the message of the day (MOTD). */ 264 /* Whether to print the message of the day (MOTD). */
279 #ifndef DO_MOTD 265 #ifndef DO_MOTD
280 #define DO_MOTD 0 266 #define DO_MOTD 0
281 #endif 267 #endif
282
283 /* The MOTD file path */
284 #ifndef MOTD_FILENAME 268 #ifndef MOTD_FILENAME
285 #define MOTD_FILENAME "/etc/motd" 269 #define MOTD_FILENAME "/etc/motd"
286 #endif 270 #endif
287 271
288 /* Authentication Types - at least one required. 272 /* Authentication Types - at least one required.
342 #endif 326 #endif
343 327
344 /* Save a network roundtrip by sendng a real auth request immediately after 328 /* Save a network roundtrip by sendng a real auth request immediately after
345 * sending a query for the available methods. This is not yet enabled by default 329 * sending a query for the available methods. This is not yet enabled by default
346 since it could cause problems with non-compliant servers */ 330 since it could cause problems with non-compliant servers */
347 #define DROPBEAR_CLI_IMMEDIATE_AUTH 0 331 #ifndef DROPBEAR_CLI_IMMEDIATE_AUTH
332 #define DROPBEAR_CLI_IMMEDIATE_AUTH 0
333 #endif
348 334
349 /* Set this to use PRNGD or EGD instead of /dev/urandom */ 335 /* Set this to use PRNGD or EGD instead of /dev/urandom */
350 #ifndef DROPBEAR_USE_PRNGD 336 #ifndef DROPBEAR_USE_PRNGD
351 #define DROPBEAR_USE_PRNGD 0 337 #define DROPBEAR_USE_PRNGD 0
352 #endif 338 #endif