Date: Mon, 17 Jul 2017 21:11:17 -0000
* These macros are not used anywhere, and have therefore been removed:
MIN_DSS_KEYLEN
ENV_SIZE
* According to `CHANGES', the macro `DROPBEAR_CLEANUP' is supposed
to be disabled by default; this commit disables it by default.
* A number of the object-like macros that have been in `constant_options.h'
are meant to be potentially customized by the user; thus, they have been
moved to the bottom of `default_options.h.in', where it is noted that
they are options which are experimental or which probably should not be
changed.
The "define guard" has been removed from each object-like macro that does
belong in `constant_options.h'; this file provides each such macro's
definition, which is not meant to be overridden.
Interestingly, The C11 standard states the following in section 6.10.3,
paragraph 2:
An identifier currently defined as an object-like macro shall not be
redefined by another #define preprocessing directive unless the second
definition is an object-like macro definition and the two replacement
lists are identical
So, in a sense, each object-like macro definition in `constant_options.h'
should perhaps be preceded by a corresponding `#undef', just to make sure
that any attempts to override the definition are undone "properly", as per
the C standard.
However, that seems ridiculous; instead, any breach of that rule can
instead be interpreted as the fault of the one who is trying to override
the definition. No corresponding `#undef' is included.
---
constant_options.h | 125 +--------------------------------------------------
default_options.h.in | 118 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 120 insertions(+), 123 deletions(-)
diff --git a/constant_options.h b/constant_options.h
index a1f33e6..21177ea 100644
--- a/constant_options.h
+++ b/constant_options.h
@@ -3,72 +3,15 @@
* This file is only included from options.h
*******************************************************************/
-#ifndef DROPBEAR_VERSION
#define DROPBEAR_VERSION "2017.75"
-#endif
#define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
#define PROGNAME "dropbear"
-/* Spec recommends after one hour or 1 gigabyte of data. One hour
- * is a bit too verbose, so we try 8 hours */
-#ifndef KEX_REKEY_TIMEOUT
-#define KEX_REKEY_TIMEOUT (3600 * 8)
-#endif
-#ifndef KEX_REKEY_DATA
-#define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */
-#endif
-/* Close connections to clients which haven't authorised after AUTH_TIMEOUT */
-#ifndef AUTH_TIMEOUT
-#define AUTH_TIMEOUT 300 /* we choose 5 minutes */
-#endif
-
- #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) &&
(DROPBEAR_SVR_PUBKEY_OPTIONS))
-
-/* A client should try and send an initial key exchange packet guessing
- * the algorithm that will match - saves a round trip connecting, has little
- * overhead if the guess was "wrong". */
-#ifndef DROPBEAR_KEX_FIRST_FOLLOWS
-#define DROPBEAR_KEX_FIRST_FOLLOWS 1
-#endif
-/* Use protocol extension to allow "first follows" to succeed more frequently.
- * This is currently Dropbear-specific but will gracefully fallback when
connecting
- * to other implementations. */
-#ifndef DROPBEAR_KEXGUESS2
-#define DROPBEAR_KEXGUESS2 1
-#endif
-
-/* Minimum key sizes for DSS and RSA */
-#ifndef MIN_DSS_KEYLEN
-#define MIN_DSS_KEYLEN 1024
-#endif
-#ifndef MIN_RSA_KEYLEN
-#define MIN_RSA_KEYLEN 1024
-#endif
+#define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) &&
(DROPBEAR_SVR_PUBKEY_OPTIONS))
-#define MAX_BANNER_SIZE 2000 /* this is 25*80 chars, any more is foolish */
-#define MAX_BANNER_LINES 20 /* How many lines the client will display */
-
-/* the number of NAME=VALUE pairs to malloc for environ, if we don't have
- * the clearenv() function */
-#define ENV_SIZE 100
-
-#define MAX_CMD_LEN 9000 /* max length of a command */
-#define MAX_TERM_LEN 200 /* max length of TERM name */
-
-#define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */
#define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */
-#define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified,
- ipv4 and ipv6
don't count twice */
-
-/* Each port might have at least a v4 and a v6 address */
-#define MAX_LISTEN_ADDR (DROPBEAR_MAX_PORTS*3)
-
-#define _PATH_TTY "/dev/tty"
-
-#define _PATH_CP "/bin/cp"
-
#define DROPBEAR_ESCAPE_CHAR '~'
/* success/failure defines */
@@ -95,7 +38,6 @@
#define MAX_MAC_LEN 20
#endif
-
#define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA))
/* Debian doesn't define this in system headers */
@@ -109,11 +51,6 @@
#define DROPBEAR_LTC_PRNG (DROPBEAR_ECC)
-/* RSA can be vulnerable to timing attacks which use the time required for
- * signing to guess the private key. Blinding avoids this attack, though makes
- * signing operations slightly slower. */
-#define DROPBEAR_RSA_BLINDING 1
-
/* hashes which will be linked and registered */
#define DROPBEAR_SHA256 ((DROPBEAR_SHA2_256_HMAC) || (DROPBEAR_ECC_256) \
|| (DROPBEAR_CURVE25519) ||
(DROPBEAR_DH_GROUP14_SHA256))
@@ -130,39 +67,15 @@
/* roughly 2x 521 bits */
#define MAX_ECC_SIZE 140
-#define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't
- explicitly specified for all
protocols (just
- for algos) but seems valid */
-
-#define MAX_PROPOSED_ALGO 20
-
/* size/count limits */
/* From transport rfc */
#define MIN_PACKET_LEN 16
-#define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100)))
-
-/* for channel code */
-#define TRANS_MAX_WINDOW 500000000 /* 500MB is sufficient, stopping overflow */
-#define TRANS_MAX_WIN_INCR 500000000 /* overflow prevention */
-
-#define RECV_WINDOWEXTEND (opts.recv_window / 3) /* We send a "window extend"
every
-
RECV_WINDOWEXTEND bytes */
-#define MAX_RECV_WINDOW (1024*1024) /* 1 MB should be enough */
-
-#define MAX_CHANNELS 1000 /* simple mem restriction, includes each tcp/x11
- connection, so can't be
_too_ small */
-
-#define MAX_STRING_LEN (MAX(MAX_CMD_LEN, 2400)) /* Sun SSH needs 2400 for
algos,
- MAX_CMD_LEN is usually
longer */
-
/* For a 4096 bit DSS key, empirically determined */
#define MAX_PUBKEY_SIZE 1700
/* For a 4096 bit DSS key, empirically determined */
#define MAX_PRIVKEY_SIZE 1700
-#define MAX_HOSTKEYS 3
-
/* The maximum size of the bignum portion of the kexhash buffer */
/* Sect. 8 of the transport rfc 4253, K_S + e + f + K */
#define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130)
@@ -170,13 +83,6 @@
#define DROPBEAR_MAX_SOCKS 2 /* IPv4, IPv6 are all we'll get for now. Revisit
in a few years
time.... */
-#define DROPBEAR_MAX_CLI_PASS 1024
-
-#define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80 /* The number of prompts we'll
-
accept for keyb-interactive
-
auth */
-
-
#define DROPBEAR_AES ((DROPBEAR_AES256) || (DROPBEAR_AES128))
#define DROPBEAR_TWOFISH ((DROPBEAR_TWOFISH256) || (DROPBEAR_TWOFISH128))
@@ -197,10 +103,6 @@
/* if we're using authorized_keys or known_hosts */
#define DROPBEAR_KEY_LINES ((DROPBEAR_CLIENT) || (DROPBEAR_SVR_PUBKEY_AUTH))
-/* Changing this is inadvisable, it appears to have problems
- * with flushing compressed data */
-#define DROPBEAR_ZLIB_MEM_LEVEL 8
-
/* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
* code, if we're just compiling as client or server */
#if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT)
@@ -223,7 +125,7 @@
#define IS_DROPBEAR_SERVER 0
#define IS_DROPBEAR_CLIENT 0
-#endif /* neither DROPBEAR_SERVER nor DROPBEAR_CLIENT */
+#endif
#ifdef HAVE_FORK
#define DROPBEAR_VFORK 0
@@ -231,33 +133,10 @@
#define DROPBEAR_VFORK 1
#endif
-#ifndef DROPBEAR_LISTEN_BACKLOG
#if MAX_UNAUTH_CLIENTS > MAX_CHANNELS
#define DROPBEAR_LISTEN_BACKLOG MAX_UNAUTH_CLIENTS
#else
#define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS
#endif
-#endif
-
-#ifndef DROPBEAR_NONE_CIPHER
-#define DROPBEAR_NONE_CIPHER 0
-#endif
-
-/* free memory before exiting */
-#define DROPBEAR_CLEANUP 1
-
-/* Use this string since some implementations might special-case it */
-#define DROPBEAR_KEEPALIVE_STRING "keepal...@openssh.com"
-
-/* Linux will attempt TCP fast open, falling back if not supported by the
kernel.
- * Currently server is enabled but client is disabled by default until there
- * is further compatibility testing */
-#ifdef __linux__
-#define DROPBEAR_SERVER_TCP_FAST_OPEN 1
-#define DROPBEAR_CLIENT_TCP_FAST_OPEN 0
-#else
-#define DROPBEAR_SERVER_TCP_FAST_OPEN 0
-#define DROPBEAR_CLIENT_TCP_FAST_OPEN 0
-#endif
/* no include guard for this file */
diff --git a/default_options.h.in b/default_options.h.in
index 2ba3d87..3d21440 100644
--- a/default_options.h.in
+++ b/default_options.h.in
@@ -401,4 +401,122 @@
// else.
#define DEFAULT_PATH "/usr/bin:/bin"
+///////////////////////////
+//// DANGEROUS OPTIONS ////
+///////////////////////////
+//
+// The following options are experimental or
+// should probably be left unchanged.
+
+// Close connections to clients which haven't authorised after AUTH_TIMEOUT
+#define AUTH_TIMEOUT 300 /* we choose 5 minutes */
+
+// Spec recommends after one hour or 1 GiB of data. One hour
+// is a bit too verbose, so we try 8 hours.
+#define KEX_REKEY_TIMEOUT (3600 * 8)
+
+// 2^30 == 1 GiB; this value must be < INT_MAX
+#define KEX_REKEY_DATA (1<<30)
+
+// A client should try to send an initial key exchange packet guessing
+// the algorithm that will match; this saves a round trip when connecting,
+// and it has little overhead when the guess is "wrong".
+#define DROPBEAR_KEX_FIRST_FOLLOWS 1
+
+// Use a protocol extension to allow "first follows" to succeed more
+// frequently. This is currently Dropbear-specific, but will gracefully
+// fallback when connecting to other implementations.
+#define DROPBEAR_KEXGUESS2 1
+
+// Minimum key size for RSA.
+#define MIN_RSA_KEYLEN 1024
+
+// This is 25*80 chars; any more is foolish.
+#define MAX_BANNER_SIZE 2000
+// How many lines the client will display.
+#define MAX_BANNER_LINES 20
+
+// Max length of a command
+#define MAX_CMD_LEN 9000
+// Max length of TERM name
+#define MAX_TERM_LEN 200
+// Max hostname length for TCP forwarding
+#define MAX_HOST_LEN 254
+
+// Max length of a protocol name; this isn't explicitly specified for all
+// protocols (just for algos), but this value seems reasonable.
+#define MAX_NAME_LEN 64
+#define MAX_PROPOSED_ALGO 20
+
+// Max number of ports which can be specified;
+// IPv4 and IPv6 don't count twice.
+#define DROPBEAR_MAX_PORTS 10
+// Each port might have at least a v4 and a v6 address */
+#define MAX_LISTEN_ADDR (DROPBEAR_MAX_PORTS*3)
+
+#define _PATH_TTY "/dev/tty"
+#define _PATH_CP "/bin/cp"
+
+// RSA can be vulnerable to timing attacks which use the time required for
+// signing to guess the private key. Blinding avoids this attack, though
+// makes signing operations slightly slower.
+#define DROPBEAR_RSA_BLINDING 1
+
+#define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100)))
+
+// For channel code.
+//
+// 500MB is sufficient to stop overflow.
+#define TRANS_MAX_WINDOW 500000000
+// Overflow prevention.
+#define TRANS_MAX_WIN_INCR 500000000
+
+// We send a "window extend" every RECV_WINDOWEXTEND bytes.
+#define RECV_WINDOWEXTEND (opts.recv_window / 3)
+
+//1 MiB should be enough.
+#define MAX_RECV_WINDOW (1024*1024)
+
+// This provides a simple memory restriction; it entails each TCP/X11
+// connection, so it can't be *too* small.
+#define MAX_CHANNELS 1000
+
+// Sun SSH needs at least 2400 for algos; MAX_CMD_LEN is usually longer.
+#define MAX_STRING_LEN (MAX(MAX_CMD_LEN, 2400))
+
+#define MAX_HOSTKEYS 3
+
+#define DROPBEAR_MAX_CLI_PASS 1024
+// The number of prompts we'll accept for keyb-interactive auth.
+#define DROPBEAR_MAX_CLI_INTERACT_PROMPTS 80
+
+// Changing this is inadvisable; it appears to have problems
+// with flushing compressed data.
+#define DROPBEAR_ZLIB_MEM_LEVEL 8
+
+// A hack for to run dropbear with the "none" cipher.
+// DO NOT ENABLE IT IF YOU DON'T KNOW THE CONSEQUENCES!
+// Here is your noose. Use it wisely.
+#define DROPBEAR_NONE_CIPHER 0
+
+// Free memory before exiting.
+//
+// This is useful for embedded systems and for checking memory leaks
+// with valgrind.
+#define DROPBEAR_CLEANUP 0
+
+// Use this string since some implementations might special-case it.
+#define DROPBEAR_KEEPALIVE_STRING "keepal...@openssh.com"
+
+// Linux will attempt TCP fast open, falling back if not supported by the
kernel.
+// Currently server is enabled but client is disabled by default until there
+// is further compatibility testing.
+#ifdef __linux__
+#define DROPBEAR_SERVER_TCP_FAST_OPEN 1
+#define DROPBEAR_CLIENT_TCP_FAST_OPEN 0
+#else
+#define DROPBEAR_SERVER_TCP_FAST_OPEN 0
+#define DROPBEAR_CLIENT_TCP_FAST_OPEN 0
+#endif
+
#endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */
--
2.10.0
