merge from main

--HG-- branch : fuzz
author: Matt Johnston <matt@ucc.asn.au> 2020-10-15 19:55:15 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2020-10-15 19:55:15 +0800
commit: 0e3e8db5bfca0c579be55e7580a46c593c1384be (patch)
tree: 2b1a718f633fb95c1f2d689a591cf9e8642697f3 /sysoptions.h
parent: 78e17f6ee9a944430da3e517ee1fe384fd6b275b (diff)
parent: 17873e8c922eded2cec86184673a6d110df6403f (diff)
1 files changed, 45 insertions, 8 deletions
diff --git a/sysoptions.h b/sysoptions.h
index 1666a1e..23ba268 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -4,7 +4,7 @@
  *******************************************************************/
 
 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "2018.76"
+#define DROPBEAR_VERSION "2020.80"
 #endif
 
 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
@@ -86,11 +86,17 @@
 /* Required for pubkey auth */
 #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) || (DROPBEAR_CLIENT))
 
+#define DROPBEAR_MAX_PASSWORD_LEN 100
+
 #define SHA1_HASH_SIZE 20
 #define MD5_HASH_SIZE 16
 #define MAX_HASH_SIZE 64 /* sha512 */
 
+#if DROPBEAR_CHACHA20POLY1305
+#define MAX_KEY_LEN 64 /* 2 x 256 bits for chacha20 */
+#else
 #define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
+#endif
 #define MAX_IV_LEN 20 /* must be same as max blocksize,  */
 
 #if DROPBEAR_SHA2_512_HMAC
@@ -137,19 +143,32 @@ If you test it please contact the Dropbear author */
  * signing operations slightly slower. */
 #define DROPBEAR_RSA_BLINDING 1
 
+#ifndef DROPBEAR_RSA_SHA1
+#define DROPBEAR_RSA_SHA1 DROPBEAR_RSA
+#endif
+#ifndef DROPBEAR_RSA_SHA256
+#define DROPBEAR_RSA_SHA256 DROPBEAR_RSA
+#endif
+
 /* hashes which will be linked and registered */
-#define DROPBEAR_SHA256 ((DROPBEAR_SHA2_256_HMAC) || (DROPBEAR_ECC_256)  \
- 			|| (DROPBEAR_CURVE25519) || (DROPBEAR_DH_GROUP14_SHA256))
+#define DROPBEAR_SHA256 ((DROPBEAR_SHA2_256_HMAC) || (DROPBEAR_ECC_256) \
+ 			|| (DROPBEAR_CURVE25519) || (DROPBEAR_DH_GROUP14_SHA256) \
+			|| (DROPBEAR_RSA_SHA256))
 #define DROPBEAR_SHA384 (DROPBEAR_ECC_384)
 /* LTC SHA384 depends on SHA512 */
 #define DROPBEAR_SHA512 ((DROPBEAR_SHA2_512_HMAC) || (DROPBEAR_ECC_521) \
-			|| (DROPBEAR_SHA384) || (DROPBEAR_DH_GROUP16))
+			|| (DROPBEAR_SHA384) || (DROPBEAR_DH_GROUP16) \
+			|| (DROPBEAR_ED25519))
 #define DROPBEAR_MD5 (DROPBEAR_MD5_HMAC)
 
 #define DROPBEAR_DH_GROUP14 ((DROPBEAR_DH_GROUP14_SHA256) || (DROPBEAR_DH_GROUP14_SHA1))
 
 #define DROPBEAR_NORMAL_DH ((DROPBEAR_DH_GROUP1) || (DROPBEAR_DH_GROUP14) || (DROPBEAR_DH_GROUP16))
 
+/* Dropbear only uses server-sig-algs, only needed if we have rsa-sha256 pubkey auth */
+#define DROPBEAR_EXT_INFO ((DROPBEAR_RSA_SHA256) \
+		&& ((DROPBEAR_CLI_PUBKEY_AUTH) || (DROPBEAR_SVR_PUBKEY_AUTH)))
+
 /* roughly 2x 521 bits */
 #define MAX_ECC_SIZE 140
 
@@ -184,7 +203,7 @@ If you test it please contact the Dropbear author */
 /* For a 4096 bit DSS key, empirically determined */
 #define MAX_PRIVKEY_SIZE 1700
 
-#define MAX_HOSTKEYS 3
+#define MAX_HOSTKEYS 4
 
 /* The maximum size of the bignum portion of the kexhash buffer */
 /* Sect. 8 of the transport rfc 4253, K_S + e + f + K */
@@ -204,6 +223,8 @@ If you test it please contact the Dropbear author */
 
 #define DROPBEAR_TWOFISH ((DROPBEAR_TWOFISH256) || (DROPBEAR_TWOFISH128))
 
+#define DROPBEAR_AEAD_MODE ((DROPBEAR_CHACHA20POLY1305) || (DROPBEAR_ENABLE_GCM_MODE))
+
 #define DROPBEAR_CLI_ANYTCPFWD ((DROPBEAR_CLI_REMOTETCPFWD) || (DROPBEAR_CLI_LOCALTCPFWD))
 
 #define DROPBEAR_TCP_ACCEPT ((DROPBEAR_CLI_LOCALTCPFWD) || (DROPBEAR_SVR_REMOTETCPFWD))
@@ -225,7 +246,7 @@ If you test it please contact the Dropbear author */
 #define DROPBEAR_ZLIB_MEM_LEVEL 8
 
 #if (DROPBEAR_SVR_PASSWORD_AUTH) && (DROPBEAR_SVR_PAM_AUTH)
-#error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
+#error "You can't turn on PASSWORD and PAM auth both at once. Fix it in localoptions.h"
 #endif
 
 /* PAM requires ./configure --enable-pam */
@@ -241,13 +262,16 @@ If you test it please contact the Dropbear author */
 	#error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended."
 #endif
 
+#if (DROPBEAR_PLUGIN && !DROPBEAR_SVR_PUBKEY_AUTH)
+	#error "You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins"
+#endif
 
 #if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \
-      || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128)
+      || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128 || DROPBEAR_CHACHA20POLY1305)
 	#error "At least one encryption algorithm must be enabled. AES128 is recommended."
 #endif
 
-#if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA)
+#if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA || DROPBEAR_ED25519)
 	#error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended."
 #endif
 
@@ -316,4 +340,17 @@ If you test it please contact the Dropbear author */
 #define DROPBEAR_CLIENT_TCP_FAST_OPEN 0
 #endif
 
+#define DROPBEAR_TRACKING_MALLOC (DROPBEAR_FUZZ)
+
+/* Used to work around Memory Sanitizer false positives */
+#if defined(__has_feature)
+#  if __has_feature(memory_sanitizer)
+#    define DROPBEAR_MSAN 1
+#  endif
+#endif
+#ifndef DROPBEAR_MSAN 
+#define DROPBEAR_MSAN 0
+#endif
+
+
 /* no include guard for this file */
author	Matt Johnston <matt@ucc.asn.au>	2020-10-15 19:55:15 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2020-10-15 19:55:15 +0800
commit	0e3e8db5bfca0c579be55e7580a46c593c1384be (patch)
tree	2b1a718f633fb95c1f2d689a591cf9e8642697f3 /sysoptions.h
parent	78e17f6ee9a944430da3e517ee1fe384fd6b275b (diff)
parent	17873e8c922eded2cec86184673a6d110df6403f (diff)