comparison options.h @ 299:740e782679be ucc-axis-hack

Various changes to compile+kind of run on UCC's axis board. Note that fprintf(stdin -> printf( accounts for many of the changes
author Matt Johnston <matt@ucc.asn.au>
date Sat, 25 Mar 2006 12:57:09 +0000
parents e37b160c414c
children 973fccb59ea4
comparison
equal deleted inserted replaced
266:e37b160c414c 299:740e782679be
44 several kB in binary size, however will make the symmetrical ciphers (AES, DES 44 several kB in binary size, however will make the symmetrical ciphers (AES, DES
45 etc) slower (perhaps by 50%). Recommended for most small systems. */ 45 etc) slower (perhaps by 50%). Recommended for most small systems. */
46 #define DROPBEAR_SMALL_CODE 46 #define DROPBEAR_SMALL_CODE
47 47
48 /* Enable X11 Forwarding - server only */ 48 /* Enable X11 Forwarding - server only */
49 #define ENABLE_X11FWD 49 //#define ENABLE_X11FWD
50 50
51 /* Enable TCP Fowarding */ 51 /* Enable TCP Fowarding */
52 /* 'Local' is "-L" style (client listening port forwarded via server) 52 /* 'Local' is "-L" style (client listening port forwarded via server)
53 * 'Remote' is "-R" style (server listening port forwarded via client) */ 53 * 'Remote' is "-R" style (server listening port forwarded via client) */
54 54
63 63
64 /* Encryption - at least one required. 64 /* Encryption - at least one required.
65 * RFC Draft requires 3DES and recommends AES128 for interoperability. 65 * RFC Draft requires 3DES and recommends AES128 for interoperability.
66 * Including multiple keysize variants the same cipher 66 * Including multiple keysize variants the same cipher
67 * (eg AES256 as well as AES128) will result in a minimal size increase.*/ 67 * (eg AES256 as well as AES128) will result in a minimal size increase.*/
68 #define DROPBEAR_AES128_CBC 68 //#define DROPBEAR_AES128_CBC
69 #define DROPBEAR_3DES_CBC 69 #define DROPBEAR_3DES_CBC
70 #define DROPBEAR_AES256_CBC 70 //#define DROPBEAR_AES256_CBC
71 #define DROPBEAR_BLOWFISH_CBC 71 //#define DROPBEAR_BLOWFISH_CBC
72 #define DROPBEAR_TWOFISH256_CBC 72 //#define DROPBEAR_TWOFISH256_CBC
73 #define DROPBEAR_TWOFISH128_CBC 73 //#define DROPBEAR_TWOFISH128_CBC
74 74
75 /* Message Integrity - at least one required. 75 /* Message Integrity - at least one required.
76 * RFC Draft requires sha1 and recommends sha1-96. 76 * RFC Draft requires sha1 and recommends sha1-96.
77 * sha1-96 may be of use for slow links, as it has a smaller overhead. 77 * sha1-96 may be of use for slow links, as it has a smaller overhead.
78 * 78 *
84 * These hashes are also used for public key fingerprints in logs. 84 * These hashes are also used for public key fingerprints in logs.
85 * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, 85 * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
86 * which are not the standard form. */ 86 * which are not the standard form. */
87 #define DROPBEAR_SHA1_HMAC 87 #define DROPBEAR_SHA1_HMAC
88 #define DROPBEAR_SHA1_96_HMAC 88 #define DROPBEAR_SHA1_96_HMAC
89 #define DROPBEAR_MD5_HMAC 89 //#define DROPBEAR_MD5_HMAC
90 90
91 /* Hostkey/public key algorithms - at least one required, these are used 91 /* Hostkey/public key algorithms - at least one required, these are used
92 * for hostkey as well as for verifying signatures with pubkey auth. 92 * for hostkey as well as for verifying signatures with pubkey auth.
93 * Removing either of these won't save very much space. 93 * Removing either of these won't save very much space.
94 * SSH2 RFC Draft requires dss, recommends rsa */ 94 * SSH2 RFC Draft requires dss, recommends rsa */
95 #define DROPBEAR_RSA 95 #define DROPBEAR_RSA
96 #define DROPBEAR_DSS 96 //#define DROPBEAR_DSS
97 97
98 /* RSA can be vulnerable to timing attacks which use the time required for 98 /* RSA can be vulnerable to timing attacks which use the time required for
99 * signing to guess the private key. Blinding avoids this attack, though makes 99 * signing to guess the private key. Blinding avoids this attack, though makes
100 * signing operations slightly slower. */ 100 * signing operations slightly slower. */
101 #define RSA_BLINDING 101 #define RSA_BLINDING
105 * ~4k in binary size with static uclibc, but your DSS hostkey could be exposed 105 * ~4k in binary size with static uclibc, but your DSS hostkey could be exposed
106 * if the random number source isn't good. In general this isn't required */ 106 * if the random number source isn't good. In general this isn't required */
107 /* #define DSS_PROTOK */ 107 /* #define DSS_PROTOK */
108 108
109 /* Whether to do reverse DNS lookups. */ 109 /* Whether to do reverse DNS lookups. */
110 #define DO_HOST_LOOKUP 110 //#define DO_HOST_LOOKUP
111 111
112 /* Whether to print the message of the day (MOTD). This doesn't add much code 112 /* Whether to print the message of the day (MOTD). This doesn't add much code
113 * size */ 113 * size */
114 #define DO_MOTD 114 //#define DO_MOTD
115 115
116 /* The MOTD file path */ 116 /* The MOTD file path */
117 #ifndef MOTD_FILENAME 117 #ifndef MOTD_FILENAME
118 #define MOTD_FILENAME "/etc/motd" 118 #define MOTD_FILENAME "/etc/motd"
119 #endif 119 #endif
152 /* If you are lacking entropy on the system then using /dev/urandom 152 /* If you are lacking entropy on the system then using /dev/urandom
153 * will prevent Dropbear from blocking on the device. This could 153 * will prevent Dropbear from blocking on the device. This could
154 * however significantly reduce the security of your ssh connections 154 * however significantly reduce the security of your ssh connections
155 * if the PRNG state becomes guessable - make sure you know what you are 155 * if the PRNG state becomes guessable - make sure you know what you are
156 * doing if you change this. */ 156 * doing if you change this. */
157 #define DROPBEAR_RANDOM_DEV "/dev/random" 157 #define DROPBEAR_RANDOM_DEV "/dev/urandom"
158 158
159 /* prngd must be manually set up to produce output */ 159 /* prngd must be manually set up to produce output */
160 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ 160 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
161 161
162 /* Specify the number of clients we will allow to be connected but 162 /* Specify the number of clients we will allow to be connected but