Mercurial > dropbear
comparison default_options.h @ 1916:3f4cdf839a1a
Make SHA1 optional, implement SHA256 fingerprints
SHA256 is always compiled and only enable SHA1 when needed. Fingerprints
are always SHA256: base64 format, md5 and sha1 are removed. dbrandom now
uses sha256 its hash function.
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 30 Mar 2022 11:44:04 +0800 |
parents | 13cb8cc1b0e4 |
children | ff8a81386a2b |
comparison
equal
deleted
inserted
replaced
1915:13cb8cc1b0e4 | 1916:3f4cdf839a1a |
---|---|
114 * for security and forwards compatibility, but slower than CTR on | 114 * for security and forwards compatibility, but slower than CTR on |
115 * CPU w/o dedicated AES/GHASH instructions. | 115 * CPU w/o dedicated AES/GHASH instructions. |
116 * Compiling in will add ~6kB to binary size on x86-64 */ | 116 * Compiling in will add ~6kB to binary size on x86-64 */ |
117 #define DROPBEAR_ENABLE_GCM_MODE 0 | 117 #define DROPBEAR_ENABLE_GCM_MODE 0 |
118 | 118 |
119 /* Message integrity. sha2-256 is recommended as a default, | 119 /* Message integrity. sha2-256 is recommended as a default, |
120 sha1 for compatibility */ | 120 sha1 for compatibility */ |
121 #define DROPBEAR_SHA1_HMAC 1 | 121 #define DROPBEAR_SHA1_HMAC 1 |
122 #define DROPBEAR_SHA2_256_HMAC 1 | 122 #define DROPBEAR_SHA2_256_HMAC 1 |
123 #define DROPBEAR_SHA1_96_HMAC 0 | 123 #define DROPBEAR_SHA1_96_HMAC 0 |
124 | 124 |
170 * curve25519 increases binary size by ~2,5kB on x86-64 | 170 * curve25519 increases binary size by ~2,5kB on x86-64 |
171 * including either ECDH or ECDSA increases binary size by ~30kB on x86-64 | 171 * including either ECDH or ECDSA increases binary size by ~30kB on x86-64 |
172 | 172 |
173 * Small systems should generally include either curve25519 or ecdh for performance. | 173 * Small systems should generally include either curve25519 or ecdh for performance. |
174 * curve25519 is less widely supported but is faster | 174 * curve25519 is less widely supported but is faster |
175 */ | 175 */ |
176 #define DROPBEAR_DH_GROUP14_SHA1 1 | 176 #define DROPBEAR_DH_GROUP14_SHA1 1 |
177 #define DROPBEAR_DH_GROUP14_SHA256 1 | 177 #define DROPBEAR_DH_GROUP14_SHA256 1 |
178 #define DROPBEAR_DH_GROUP16 0 | 178 #define DROPBEAR_DH_GROUP16 0 |
179 #define DROPBEAR_CURVE25519 1 | 179 #define DROPBEAR_CURVE25519 1 |
180 #define DROPBEAR_ECDH 1 | 180 #define DROPBEAR_ECDH 1 |