From c8d852caf646d060babd4be9d074caee51c5aead Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sat, 17 Feb 2018 12:16:18 +0800
Subject: [PATCH 01/26] loginrec close fd on error path

---
 loginrec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/loginrec.c b/loginrec.c
index 7254cf1..af10d95 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -1330,7 +1330,8 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode)
 
 		if ( lseek(*fd, offset, SEEK_SET) != offset ) {
 			dropbear_log(LOG_WARNING, "lastlog_openseek: %s->lseek(): %s",
-			 lastlog_file, strerror(errno));
+				lastlog_file, strerror(errno));
+			m_close(*fd);
 			return 0;
 		}
 	}

From b080f5a047f113fc5190133df8d8518cc9d8f73b Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Tue, 20 Feb 2018 19:29:55 +0800
Subject: [PATCH 02/26] rename default_options.h.in in docs too

---
 CHANGES | 2 +-
 INSTALL | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 1f002ac..2b66e44 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,7 +2,7 @@ Upcoming...
 
 - IMPORTANT:
   Custom configuration is now specified in local_options.h rather than options.h
-  Available options and defaults can be seen in default_options.h.in
+  Available options and defaults can be seen in default_options.h
 
   To migrate your configuration, compare your customised options.h against the
   upstream options.h from your relevant version. Any customised options should
diff --git a/INSTALL b/INSTALL
index bb24c20..ce0637f 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,7 +1,7 @@
 Basic Dropbear build instructions:
 
 - Edit localoptions.h to set which features you want. Available options
-  are described in default_options.h.in, these will be overridden by
+  are described in default_options.h, these will be overridden by
   anything set in localoptions.h
 
 - If using a Mercurial or Git checkout, "autoconf; autoheader"

From 5fd677af765c0b4a623e6ba86c7207b7c6d9b47f Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Tue, 20 Feb 2018 19:30:34 +0800
Subject: [PATCH 03/26] 12 years is too old for a TODO list

---
 TODO | 27 ---------------------------
 1 file changed, 27 deletions(-)
 delete mode 100644 TODO

diff --git a/TODO b/TODO
deleted file mode 100644
index 9d688b3..0000000
--- a/TODO
+++ /dev/null
@@ -1,27 +0,0 @@
-Current:
-
-Things which might need doing:
-
-- default private dbclient keys
-
-- Make options.h generated from configure perhaps?
-
-- handle /etc/environment in AIX
-
-- check that there aren't timing issues with valid/invalid user authentication
-  feedback.
-
-- Binding to different interfaces
-
-- CTR mode
-- SSH_MSG_IGNORE sending to improve CBC security
-- DH Group Exchange possibly, or just add group14 (whatever it's called today)
-
-- fix scp.c for IRIX
-
-- Be able to use OpenSSH keys for the client? or at least have some form of 
-  encrypted keys.
-
-- Client agent forwarding
-
-- Handle restrictions in ~/.ssh/authorized_keys ?

From 67111efdad6c3fe499aaf39e7f0f0d97f9e3ac21 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sat, 17 Feb 2018 19:41:44 +0800
Subject: [PATCH 04/26] limit rsa->e size to 64 bits

---
 rsa.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/rsa.c b/rsa.c
index 7222b8d..67b90f7 100644
--- a/rsa.c
+++ b/rsa.c
@@ -68,6 +68,12 @@ int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) {
 		goto out;
 	}
 
+	/* 64 bit is limit used by openssl, so we won't block any keys in the wild */
+	if (mp_count_bits(key->e) > 64) {
+		dropbear_log(LOG_WARNING, "RSA key bad e");
+		goto out;
+	}
+
 	TRACE(("leave buf_get_rsa_pub_key: success"))
 	ret = DROPBEAR_SUCCESS;
 out:

From c2f2f2b8170465103ed582cfe317ea91824c2107 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sun, 18 Feb 2018 00:29:17 +0800
Subject: [PATCH 05/26] rename some options and move some to sysoptions.h

---
 cli-auth.c           |   4 +-
 default_options.h    |  99 ++++++++++++++++---------------------
 default_options.h.in | 113 +++++++++----------------------------------
 sysoptions.h         |  39 ++++++++++++++-
 4 files changed, 106 insertions(+), 149 deletions(-)

diff --git a/cli-auth.c b/cli-auth.c
index bcc7281..2e509e5 100644
--- a/cli-auth.c
+++ b/cli-auth.c
@@ -60,7 +60,7 @@ void cli_auth_getmethods() {
 	*/
 	if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) {
 		ses.authstate.authtypes = AUTH_TYPE_PUBKEY;
-#if DROPBEAR_USE_DROPBEAR_PASSWORD
+#if DROPBEAR_USE_PASSWORD_ENV
 		if (getenv(DROPBEAR_PASSWORD_ENV)) {
 			ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT;
 		}
@@ -337,7 +337,7 @@ char* getpass_or_cancel(const char* prompt)
 {
 	char* password = NULL;
 	
-#if DROPBEAR_USE_DROPBEAR_PASSWORD
+#if DROPBEAR_USE_PASSWORD_ENV
 	/* Password provided in an environment var */
 	password = getenv(DROPBEAR_PASSWORD_ENV);
 	if (password)
diff --git a/default_options.h b/default_options.h
index cc82605..5239c36 100644
--- a/default_options.h
+++ b/default_options.h
@@ -57,10 +57,11 @@ IMPORTANT: Many options will require "make clean" after changes */
 #define INETD_MODE 1
 #endif
 
-/* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
- * perhaps 20% slower for pubkey operations (it is probably worth experimenting
- * if you want to use this) */
-/*#define NO_FAST_EXPTMOD*/
+/* Include verbose debug output, enabled with -v at runtime. 
+ * This will add a reasonable amount to your executable size. */
+#ifndef DEBUG_TRACE
+#define DEBUG_TRACE 0
+#endif
 
 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
 several kB in binary size however will make the symmetrical ciphers and hashes
@@ -101,7 +102,6 @@ much traffic. */
 #define DROPBEAR_CLI_AGENTFWD 1
 #endif
 
-
 /* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to
  * allow multihop dbclient connections */
 
@@ -118,14 +118,15 @@ much traffic. */
 #endif
 
 /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
-#ifndef ENABLE_USER_ALGO_LIST
-#define ENABLE_USER_ALGO_LIST 1
+#ifndef DROPBEAR_USER_ALGO_LIST
+#define DROPBEAR_USER_ALGO_LIST 1
 #endif
 
 /* Encryption - at least one required.
- * Protocol RFC requires 3DES and recommends AES128 for interoperability.
- * Including multiple keysize variants the same cipher 
- * (eg AES256 as well as AES128) will result in a minimal size increase.*/
+ * AES128 should be enabled, some very old implementations might only
+ * support 3DES.
+ * Including both AES keysize variants (128 and 256) will result in 
+ * a minimal size increase */
 #ifndef DROPBEAR_AES128
 #define DROPBEAR_AES128 1
 #endif
@@ -135,14 +136,16 @@ much traffic. */
 #ifndef DROPBEAR_AES256
 #define DROPBEAR_AES256 1
 #endif
-/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
-/*#define DROPBEAR_BLOWFISH*/
 #ifndef DROPBEAR_TWOFISH256
 #define DROPBEAR_TWOFISH256 1
 #endif
 #ifndef DROPBEAR_TWOFISH128
 #define DROPBEAR_TWOFISH128 1
 #endif
+/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
+#ifndef DROPBEAR_BLOWFISH
+#define DROPBEAR_BLOWFISH 0
+#endif
 
 /* Enable CBC mode for ciphers. This has security issues though
  * is the most compatible with older SSH implementations */
@@ -150,7 +153,7 @@ much traffic. */
 #define DROPBEAR_ENABLE_CBC_MODE 1
 #endif
 
-/* Enable "Counter Mode" for ciphers. This is more secure than normal
+/* Enable "Counter Mode" for ciphers. This is more secure than
  * CBC mode against certain attacks. It is recommended for security
  * and forwards compatibility */
 #ifndef DROPBEAR_ENABLE_CTR_MODE
@@ -175,7 +178,7 @@ If you test it please contact the Dropbear author */
 #ifndef DROPBEAR_SHA2_256_HMAC
 #define DROPBEAR_SHA2_256_HMAC 1
 #endif
-/* Default is to include it is sha512 is being compiled in for ECDSA */
+/* Default is to include it if sha512 is being compiled in for ECDSA */
 #ifndef DROPBEAR_SHA2_512_HMAC
 #define DROPBEAR_SHA2_512_HMAC (DROPBEAR_ECDSA)
 #endif
@@ -284,6 +287,9 @@ If you test it please contact the Dropbear author */
 
 /* Authentication Types - at least one required.
    RFC Draft requires pubkey auth, and recommends password */
+#ifndef DROPBEAR_SVR_PASSWORD_AUTH
+#define DROPBEAR_SVR_PASSWORD_AUTH 1
+#endif
 
 /* Note: PAM auth is quite simple and only works for PAM modules which just do
  * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
@@ -291,21 +297,11 @@ If you test it please contact the Dropbear author */
  * but there's an interface via a PAM module. It won't work for more complex
  * PAM challenge/response.
  * You can't enable both PASSWORD and PAM. */
-
-/* This requires crypt() */
-#ifdef HAVE_CRYPT
-#ifndef DROPBEAR_SVR_PASSWORD_AUTH
-#define DROPBEAR_SVR_PASSWORD_AUTH 1
-#endif
-#else
-#ifndef DROPBEAR_SVR_PASSWORD_AUTH
-#define DROPBEAR_SVR_PASSWORD_AUTH 0
-#endif
-#endif
-/* PAM requires ./configure --enable-pam */
 #ifndef DROPBEAR_SVR_PAM_AUTH
 #define DROPBEAR_SVR_PAM_AUTH 0
 #endif
+
+/* ~/.ssh/authorized_keys authentication */
 #ifndef DROPBEAR_SVR_PUBKEY_AUTH
 #define DROPBEAR_SVR_PUBKEY_AUTH 1
 #endif
@@ -316,15 +312,10 @@ If you test it please contact the Dropbear author */
 #define DROPBEAR_SVR_PUBKEY_OPTIONS 1
 #endif
 
-/* This requires getpass. */
-#ifdef HAVE_GETPASS
+/* Client authentication options */
 #ifndef DROPBEAR_CLI_PASSWORD_AUTH
 #define DROPBEAR_CLI_PASSWORD_AUTH 1
 #endif
-#ifndef DROPBEAR_CLI_INTERACT_AUTH
-#define DROPBEAR_CLI_INTERACT_AUTH 1
-#endif
-#endif
 #ifndef DROPBEAR_CLI_PUBKEY_AUTH
 #define DROPBEAR_CLI_PUBKEY_AUTH 1
 #endif
@@ -335,14 +326,10 @@ Homedir is prepended unless path begins with / */
 #define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear"
 #endif
 
-/* This variable can be used to set a password for client
- * authentication on the commandline. Beware of platforms
- * that don't protect environment variables of processes etc. Also
- * note that it will be provided for all "hidden" client-interactive
- * style prompts - if you want something more sophisticated, use 
- * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
-#ifndef DROPBEAR_PASSWORD_ENV
-#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
+/* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD
+ * environment variable. */
+#ifndef DROPBEAR_USE_PASSWORD_ENV
+#define DROPBEAR_USE_PASSWORD_ENV 1
 #endif
 
 /* Define this (as well as DROPBEAR_CLI_PASSWORD_AUTH) to allow the use of
@@ -355,24 +342,18 @@ Homedir is prepended unless path begins with / */
 #endif
 
 /* Save a network roundtrip by sendng a real auth request immediately after
- * sending a query for the available methods.  It is at the expense of < 100
- * bytes of extra network traffic. This is not yet enabled by default since it
- * could cause problems with non-compliant servers */
-#ifndef DROPBEAR_CLI_IMMEDIATE_AUTH
-#define DROPBEAR_CLI_IMMEDIATE_AUTH 0
+ * sending a query for the available methods. This is not yet enabled by default 
+ since it could cause problems with non-compliant servers */ 
+ #define DROPBEAR_CLI_IMMEDIATE_AUTH 0
+
+/* Set this to use PRNGD or EGD instead of /dev/urandom */
+#ifndef DROPBEAR_USE_PRNGD
+#define DROPBEAR_USE_PRNGD 0
 #endif
-
-/* Source for randomness. This must be able to provide hundreds of bytes per SSH
- * connection without blocking. In addition /dev/random is used for seeding
- * rsa/dss key generation */
-#ifndef DROPBEAR_URANDOM_DEV
-#define DROPBEAR_URANDOM_DEV "/dev/urandom"
+#ifndef DROPBEAR_PRNGD_SOCKET
+#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
 #endif
 
-/* Set this to use PRNGD or EGD instead of /dev/urandom or /dev/random */
-/*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
-
-
 /* Specify the number of clients we will allow to be connected but
  * not yet authenticated. After this limit, connections are rejected */
 /* The first setting is per-IP, to avoid denial of service */
@@ -404,9 +385,13 @@ Homedir is prepended unless path begins with / */
 #define XAUTH_COMMAND "/usr/bin/xauth -q"
 #endif
 
+
 /* if you want to enable running an sftp server (such as the one included with
- * OpenSSH), set the path below. If the path isn't defined, sftp will not
- * be enabled */
+ * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. 
+ * The sftp-server program is not provided by Dropbear itself */
+#ifndef DROPBEAR_SFTPSERVER
+#define DROPBEAR_SFTPSERVER 1
+#endif
 #ifndef SFTPSERVER_PATH
 #define SFTPSERVER_PATH "/usr/libexec/sftp-server"
 #endif
diff --git a/default_options.h.in b/default_options.h.in
index 3e7052f..201044d 100644
--- a/default_options.h.in
+++ b/default_options.h.in
@@ -36,9 +36,9 @@ IMPORTANT: Many options will require "make clean" after changes */
 #define NON_INETD_MODE 1
 #define INETD_MODE 1
 
-#if !(NON_INETD_MODE || INETD_MODE)
-	#error "NON_INETD_MODE or INETD_MODE (or both) must be enabled."
-#endif
+/* Include verbose debug output, enabled with -v at runtime. 
+ * This will add a reasonable amount to your executable size. */
+#define DEBUG_TRACE 0
 
 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
 several kB in binary size however will make the symmetrical ciphers and hashes
@@ -63,7 +63,6 @@ much traffic. */
 #define DROPBEAR_SVR_AGENTFWD 1
 #define DROPBEAR_CLI_AGENTFWD 1
 
-
 /* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to
  * allow multihop dbclient connections */
 
@@ -79,9 +78,10 @@ much traffic. */
 #define DROPBEAR_USER_ALGO_LIST 1
 
 /* Encryption - at least one required.
- * Protocol RFC requires 3DES and recommends AES128 for interoperability.
- * Including multiple keysize variants the same cipher 
- * (eg AES256 as well as AES128) will result in a minimal size increase.*/
+ * AES128 should be enabled, some very old implementations might only
+ * support 3DES.
+ * Including both AES keysize variants (128 and 256) will result in 
+ * a minimal size increase */
 #define DROPBEAR_AES128 1
 #define DROPBEAR_3DES 1
 #define DROPBEAR_AES256 1
@@ -90,16 +90,11 @@ much traffic. */
 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
 #define DROPBEAR_BLOWFISH 0
 
-#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \
-      || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128)
-	#error "At least one encryption algorithm must be enabled; 3DES and AES128 are recommended."
-#endif
-
 /* Enable CBC mode for ciphers. This has security issues though
  * is the most compatible with older SSH implementations */
 #define DROPBEAR_ENABLE_CBC_MODE 1
 
-/* Enable "Counter Mode" for ciphers. This is more secure than normal
+/* Enable "Counter Mode" for ciphers. This is more secure than
  * CBC mode against certain attacks. It is recommended for security
  * and forwards compatibility */
 #define DROPBEAR_ENABLE_CTR_MODE 1
@@ -114,7 +109,7 @@ If you test it please contact the Dropbear author */
 #define DROPBEAR_SHA1_HMAC 1
 #define DROPBEAR_SHA1_96_HMAC 1
 #define DROPBEAR_SHA2_256_HMAC 1
-/* Default is to include it is sha512 is being compiled in for ECDSA */
+/* Default is to include it if sha512 is being compiled in for ECDSA */
 #define DROPBEAR_SHA2_512_HMAC (DROPBEAR_ECDSA)
 
 /* XXX needed for fingerprints */
@@ -133,10 +128,6 @@ If you test it please contact the Dropbear author */
  * on x86-64 */
 #define DROPBEAR_ECDSA 1
 
-#if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA)
-	#error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended."
-#endif
-
 /* RSA must be >=1024 */
 #define DROPBEAR_DEFAULT_RSA_SIZE 2048
 /* DSS is always 1024 */
@@ -193,6 +184,7 @@ If you test it please contact the Dropbear author */
 
 /* Authentication Types - at least one required.
    RFC Draft requires pubkey auth, and recommends password */
+#define DROPBEAR_SVR_PASSWORD_AUTH 1
 
 /* Note: PAM auth is quite simple and only works for PAM modules which just do
  * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
@@ -200,69 +192,26 @@ If you test it please contact the Dropbear author */
  * but there's an interface via a PAM module. It won't work for more complex
  * PAM challenge/response.
  * You can't enable both PASSWORD and PAM. */
+#define DROPBEAR_SVR_PAM_AUTH 0
 
-/* PAM requires ./configure --enable-pam */
-#if defined(HAVE_LIBPAM) && !DROPBEAR_SVR_PASSWORD_AUTH
-	#define DROPBEAR_SVR_PAM_AUTH 1
-#else
-	#define DROPBEAR_SVR_PAM_AUTH 0
-#endif
-
-/* This requires crypt() */
-#if defined(HAVE_CRYPT) && !DROPBEAR_SVR_PAM_AUTH
-	#define DROPBEAR_SVR_PASSWORD_AUTH 1
-#else
-	#define DROPBEAR_SVR_PASSWORD_AUTH 0
-#endif
-
+/* ~/.ssh/authorized_keys authentication */
 #define DROPBEAR_SVR_PUBKEY_AUTH 1
 
-#if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH)
-	#error "At least one server authentication type must be enabled; PUBKEY and PASSWORD are recommended."
-#endif
-
-#if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT
-	#error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
-#endif
-
-#if DROPBEAR_SVR_PAM_AUTH
-	#if DISABLE_PAM
-		#error "DROPBEAR_SVR_PAM_AUTH requires 'configure --enable-pam' to succeed."
-	#endif
-	#if DROPBEAR_SVR_PASSWORD_AUTH
-		#error "DROPBEAR_SVR_PASSWORD_AUTH cannot be enabled at the same time as DROPBEAR_SVR_PAM_AUTH."
-	#endif
-#endif
-
 /* Whether to take public key options in 
  * authorized_keys file into account */
 #define DROPBEAR_SVR_PUBKEY_OPTIONS 1
 
-/* This requires getpass. */
-#ifdef HAVE_GETPASS
-	#define DROPBEAR_CLI_PASSWORD_AUTH 1
-	#define DROPBEAR_CLI_INTERACT_AUTH 1
-#else
-	#define DROPBEAR_CLI_PASSWORD_AUTH 0
-	#define DROPBEAR_CLI_INTERACT_AUTH 0
-#endif
+/* Client authentication options */
+#define DROPBEAR_CLI_PASSWORD_AUTH 1
 #define DROPBEAR_CLI_PUBKEY_AUTH 1
 
-#if !(DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_PUBKEY_AUTH)
-	#error "At least one client authentication type must be enabled; PUBKEY and PASSWORD are recommended."
-#endif
-
 /* A default argument for dbclient -i <privatekey>. 
 Homedir is prepended unless path begins with / */
 #define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear"
 
-/* This variable can be used to set a password for client
- * authentication on the commandline. Beware of platforms
- * that don't protect environment variables of processes etc. Also
- * note that it will be provided for all "hidden" client-interactive
- * style prompts - if you want something more sophisticated, use 
- * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
-#define DROPBEAR_USE_DROPBEAR_PASSWORD 1
+/* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD
+ * environment variable. */
+#define DROPBEAR_USE_PASSWORD_ENV 1
 
 /* Define this (as well as DROPBEAR_CLI_PASSWORD_AUTH) to allow the use of
  * a helper program for the ssh client. The helper program should be
@@ -271,22 +220,12 @@ Homedir is prepended unless path begins with / */
  * return the password on standard output */
 #define DROPBEAR_CLI_ASKPASS_HELPER 0
 
-#if DROPBEAR_CLI_ASKPASS_HELPER
-	#define DROPBEAR_CLI_PASSWORD_AUTH 1
-#endif
-
 /* Save a network roundtrip by sendng a real auth request immediately after
- * sending a query for the available methods.  It is at the expense of < 100
- * bytes of extra network traffic. This is not yet enabled by default since it
- * could cause problems with non-compliant servers */
-#define DROPBEAR_CLI_IMMEDIATE_AUTH 0
+ * sending a query for the available methods. This is not yet enabled by default 
+ since it could cause problems with non-compliant servers */ 
+ #define DROPBEAR_CLI_IMMEDIATE_AUTH 0
 
-/* Source for randomness. This must be able to provide hundreds of bytes per SSH
- * connection without blocking. In addition /dev/random is used for seeding
- * rsa/dss key generation */
-#define DROPBEAR_URANDOM_DEV "/dev/urandom"
-
-/* Set this to use PRNGD or EGD instead of /dev/urandom or /dev/random */
+/* Set this to use PRNGD or EGD instead of /dev/urandom */
 #define DROPBEAR_USE_PRNGD 0
 #define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
 
@@ -311,11 +250,11 @@ Homedir is prepended unless path begins with / */
  * "-q" for quiet */
 #define XAUTH_COMMAND "/usr/bin/xauth -q"
 
-#define DROPBEAR_SFTPSERVER 1
 
 /* if you want to enable running an sftp server (such as the one included with
- * OpenSSH), set the path below. If the path isn't defined, sftp will not
- * be enabled */
+ * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. 
+ * The sftp-server program is not provided by Dropbear itself */
+#define DROPBEAR_SFTPSERVER 1
 #define SFTPSERVER_PATH "/usr/libexec/sftp-server"
 
 /* This is used by the scp binary when used as a client binary. If you're
@@ -358,8 +297,4 @@ be overridden at runtime with -I. 0 disables idle timeouts */
 /* The default path. This will often get replaced by the shell */
 #define DEFAULT_PATH "/usr/bin:/bin"
 
-/* Include verbose debug output, enabled with -v at runtime. 
- * This will add a reasonable amount to your executable size. */
-#define DEBUG_TRACE 0
-
 #endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */
diff --git a/sysoptions.h b/sysoptions.h
index bf88cf3..b081ffc 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -23,7 +23,11 @@
 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */
 #endif
 
- #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS))
+#define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS))
+
+#if !(NON_INETD_MODE || INETD_MODE)
+	#error "NON_INETD_MODE or INETD_MODE (or both) must be enabled."
+#endif
 
 /* A client should try and send an initial key exchange packet guessing
  * the algorithm that will match - saves a round trip connecting, has little
@@ -205,6 +209,39 @@
 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
 #endif
 
+/* PAM requires ./configure --enable-pam */
+#if !defined(HAVE_LIBPAM) && DROPBEAR_SVR_PAM_AUTH
+#error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?"
+#endif
+
+#if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT
+	#error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
+#endif
+
+#if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH)
+	#error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended."
+#endif
+
+
+#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \
+      || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128)
+	#error "At least one encryption algorithm must be enabled. AES128 is recommended."
+#endif
+
+#if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA)
+	#error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended."
+#endif
+
+/* Source for randomness. This must be able to provide hundreds of bytes per SSH
+ * connection without blocking. */
+#ifndef DROPBEAR_URANDOM_DEV
+#define DROPBEAR_URANDOM_DEV "/dev/urandom"
+#endif
+
+/* client keyboard interactive authentication is often used for password auth.
+ rfc4256 */
+#define DROPBEAR_CLI_INTERACT_AUTH (DROPBEAR_CLI_PASSWORD_AUTH)
+
 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
  * code, if we're just compiling as client or server */
 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT)

From 802dace05e8bce06bf4c7df9faadba779d60bb82 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sun, 18 Feb 2018 11:22:13 +0800
Subject: [PATCH 06/26] include config.h for options.h. don't need to include
 options.h when includes.h brings it in

---
 cli-tcpfwd.c | 1 -
 dbhelpers.h  | 2 +-
 ecc.c        | 1 -
 ecc.h        | 1 -
 ecdsa.c      | 1 -
 includes.h   | 1 -
 list.c       | 2 +-
 ltc_prng.c   | 1 -
 ltc_prng.h   | 1 -
 options.h    | 3 +++
 session.h    | 1 -
 11 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/cli-tcpfwd.c b/cli-tcpfwd.c
index 1a1850d..662a407 100644
--- a/cli-tcpfwd.c
+++ b/cli-tcpfwd.c
@@ -23,7 +23,6 @@
  * SOFTWARE. */
 
 #include "includes.h"
-#include "options.h"
 #include "dbutil.h"
 #include "tcpfwd.h"
 #include "channel.h"
diff --git a/dbhelpers.h b/dbhelpers.h
index d47707e..551bcb4 100644
--- a/dbhelpers.h
+++ b/dbhelpers.h
@@ -3,7 +3,7 @@
 
 /* This header defines some things that are also used by libtomcrypt/math. 
    We avoid including normal include.h since that can result in conflicting 
-   definitinos - only include config.h */
+   definitions - only include config.h */
 #include "config.h"
 
 #ifdef __GNUC__
diff --git a/ecc.c b/ecc.c
index f949dd1..c4881d9 100644
--- a/ecc.c
+++ b/ecc.c
@@ -1,5 +1,4 @@
 #include "includes.h"
-#include "options.h"
 #include "ecc.h"
 #include "dbutil.h"
 #include "bignum.h"
diff --git a/ecc.h b/ecc.h
index bb3bb75..f4508f8 100644
--- a/ecc.h
+++ b/ecc.h
@@ -2,7 +2,6 @@
 #define DROPBEAR_DROPBEAR_ECC_H
 
 #include "includes.h"
-#include "options.h"
 
 #include "buffer.h"
 
diff --git a/ecdsa.c b/ecdsa.c
index d7615e0..56e5355 100644
--- a/ecdsa.c
+++ b/ecdsa.c
@@ -1,4 +1,3 @@
-#include "options.h"
 #include "includes.h"
 #include "dbutil.h"
 #include "crypto_desc.h"
diff --git a/includes.h b/includes.h
index 766f58f..dd47107 100644
--- a/includes.h
+++ b/includes.h
@@ -26,7 +26,6 @@
 #define DROPBEAR_INCLUDES_H_
 
 
-#include "config.h"
 #include "options.h"
 #include "debug.h"
 
diff --git a/list.c b/list.c
index 1730711..eeba7c3 100644
--- a/list.c
+++ b/list.c
@@ -1,4 +1,4 @@
-#include "options.h"
+#include "includes.h"
 #include "dbutil.h"
 #include "list.h"
 
diff --git a/ltc_prng.c b/ltc_prng.c
index 1188ac8..4f2e9e1 100644
--- a/ltc_prng.c
+++ b/ltc_prng.c
@@ -11,7 +11,6 @@
  *
  * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
  */
-#include "options.h"
 #include "includes.h"
 #include "dbrandom.h"
 #include "ltc_prng.h"
diff --git a/ltc_prng.h b/ltc_prng.h
index 5e00759..6bc8273 100644
--- a/ltc_prng.h
+++ b/ltc_prng.h
@@ -1,7 +1,6 @@
 #ifndef DROPBEAR_LTC_PRNG_H_DROPBEAR
 #define DROPBEAR_LTC_PRNG_H_DROPBEAR
 
-#include "options.h"
 #include "includes.h"
 
 #if DROPBEAR_LTC_PRNG
diff --git a/options.h b/options.h
index c1782d2..2fe67c3 100644
--- a/options.h
+++ b/options.h
@@ -8,6 +8,9 @@ Local compile-time configuration should be defined in localoptions.h
 See default_options.h.in for a description of the available options.
 */
 
+/* Some configuration options or checks depend on system config */
+#include "config.h"
+
 #ifdef LOCALOPTIONS_H_EXISTS
 #include "localoptions.h"
 #endif
diff --git a/session.h b/session.h
index 01db2ca..ced8ff4 100644
--- a/session.h
+++ b/session.h
@@ -26,7 +26,6 @@
 #define DROPBEAR_SESSION_H_
 
 #include "includes.h"
-#include "options.h"
 #include "buffer.h"
 #include "signkey.h"
 #include "kex.h"

From 1656db9e58e7e8188e4ca27ae4892b14949c56a5 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sun, 18 Feb 2018 15:12:15 +0800
Subject: [PATCH 07/26] Add dbclient '-J &fd' option for a file descriptor

Based on patch by Harald Becker
---
 cli-main.c | 15 +++++++++++++++
 dbclient.1 | 11 +++++++++++
 2 files changed, 26 insertions(+)

diff --git a/cli-main.c b/cli-main.c
index 09ff496..713cb09 100644
--- a/cli-main.c
+++ b/cli-main.c
@@ -158,6 +158,21 @@ static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out) {
 	size_t ex_cmdlen;
 	int ret;
 
+	/* File descriptor "-j &3" */
+	if (*cli_opts.proxycmd == '&') {
+		char *p = cli_opts.proxycmd + 1;
+		int sock = strtoul(p, &p, 10);
+		/* must be a single number, and not stdin/stdout/stderr */
+		if (sock > 2 && sock < 1024 && *p == '\0') {
+			*sock_in = sock;
+			*sock_out = sock;
+			return;
+		}
+	}
+
+	/* Normal proxycommand */
+
+	/* So that spawn_command knows which shell to run */
 	fill_passwd(cli_opts.own_user);
 
 	ex_cmdlen = strlen(cli_opts.proxycmd) + 6; /* "exec " + command + '\0' */
diff --git a/dbclient.1 b/dbclient.1
index 8607254..1516e7c 100644
--- a/dbclient.1
+++ b/dbclient.1
@@ -111,11 +111,22 @@ if 0 disables keepalives. If no response is received for 3 consecutive keepalive
 .B \-I \fIidle_timeout
 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
 .TP
+
+.\" TODO: how to avoid a line break between these two -J arguments?
 .B \-J \fIproxy_command
+.TP
+.B \-J \fI&fd
+.br
 Use the standard input/output of the program \fIproxy_command\fR rather than using
 a normal TCP connection. A hostname should be still be provided, as this is used for
 comparing saved hostkeys. This command will be executed as "exec proxy_command ..." with the
 default shell.
+
+The second form &fd will make dbclient use the numeric file descriptor as a socket. This
+can be used for more complex tunnelling scenarios. Example usage with socat is
+
+socat EXEC:'dbclient -J &38 ev',fdin=38,fdout=38 TCP4:host.example.com:22
+
 .TP
 .B \-B \fIendhost:endport
 "Netcat-alike" mode, where Dropbear will connect to the given host, then create a

From 34ee32607598cdcaaf40dcaa99dd58c8eae672e3 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sun, 18 Feb 2018 22:27:51 +0800
Subject: [PATCH 08/26] clean up some default options

- move hmac-sha2-512, hmac-md5, twofish_ctr to sysoptions.h, off by default
- try and improve text for KEX methods
---
 default_options.h.in | 52 ++++++++++++++++++--------------------------
 sysoptions.h         | 17 +++++++++++++++
 2 files changed, 38 insertions(+), 31 deletions(-)

diff --git a/default_options.h.in b/default_options.h.in
index 201044d..1dfe709 100644
--- a/default_options.h.in
+++ b/default_options.h.in
@@ -9,9 +9,9 @@ Local customisation should be added to localoptions.h which is
 used if it exists. Options defined there will override any options in this
 file.
 
-Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS
+Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS
 
-IMPORTANT: Many options will require "make clean" after changes */
+IMPORTANT: Some options will require "make clean" after changes */
 
 #define DROPBEAR_DEFPORT "22"
 
@@ -41,9 +41,9 @@ IMPORTANT: Many options will require "make clean" after changes */
 #define DEBUG_TRACE 0
 
 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
-several kB in binary size however will make the symmetrical ciphers and hashes
-slower, perhaps by 50%. Recommended for small systems that aren't doing
-much traffic. */
+ * several kB in binary size however will make the symmetrical ciphers and hashes
+ * slower, perhaps by 50%. Recommended for small systems that aren't doing
+ * much traffic. */
 #define DROPBEAR_SMALL_CODE 1
 
 /* Enable X11 Forwarding - server only */
@@ -52,7 +52,6 @@ much traffic. */
 /* Enable TCP Fowarding */
 /* 'Local' is "-L" style (client listening port forwarded via server)
  * 'Remote' is "-R" style (server listening port forwarded via client) */
-
 #define DROPBEAR_CLI_LOCALTCPFWD 1
 #define DROPBEAR_CLI_REMOTETCPFWD 1
 
@@ -85,8 +84,8 @@ much traffic. */
 #define DROPBEAR_AES128 1
 #define DROPBEAR_3DES 1
 #define DROPBEAR_AES256 1
-#define DROPBEAR_TWOFISH256 1
-#define DROPBEAR_TWOFISH128 1
+#define DROPBEAR_TWOFISH256 0
+#define DROPBEAR_TWOFISH128 0
 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
 #define DROPBEAR_BLOWFISH 0
 
@@ -99,21 +98,11 @@ much traffic. */
  * and forwards compatibility */
 #define DROPBEAR_ENABLE_CTR_MODE 1
 
-/* Twofish counter mode is disabled by default because it 
-has not been tested for interoperability with other SSH implementations.
-If you test it please contact the Dropbear author */
-#define DROPBEAR_TWOFISH_CTR 0
-
 /* Message integrity. sha2-256 is recommended as a default, 
    sha1 for compatibility */
 #define DROPBEAR_SHA1_HMAC 1
 #define DROPBEAR_SHA1_96_HMAC 1
 #define DROPBEAR_SHA2_256_HMAC 1
-/* Default is to include it if sha512 is being compiled in for ECDSA */
-#define DROPBEAR_SHA2_512_HMAC (DROPBEAR_ECDSA)
-
-/* XXX needed for fingerprints */
-#define DROPBEAR_MD5_HMAC 0
 
 /* Hostkey/public key algorithms - at least one required, these are used
  * for hostkey as well as for verifying signatures with pubkey auth.
@@ -139,30 +128,33 @@ If you test it please contact the Dropbear author */
    with badly seeded /dev/urandom when systems first boot. */
 #define DROPBEAR_DELAY_HOSTKEY 1
 
-/* Enable Curve25519 for key exchange. This is another elliptic
- * curve method with good security properties. Increases binary size
- * by ~8kB on x86-64 */
-#define DROPBEAR_CURVE25519 1
-
-/* Enable elliptic curve Diffie Hellman key exchange, see note about
- * ECDSA above */
-#define DROPBEAR_ECDH 1
 
 /* Key exchange algorithm.
+
  * group14_sha1 - 2048 bit, sha1
  * group14_sha256 - 2048 bit, sha2-256
  * group16 - 4096 bit, sha2-512
  * group1 - 1024 bit, sha1
+ * curve25519 - elliptic curve DH
+ * ecdh - NIST elliptic curve DH (256, 384, 521)
  *
- * group14 is supported by most implementations.
- * group16 provides a greater strength level but is slower and increases binary size
  * group1 is too small for security though is necessary if you need 
      compatibility with some implementations such as Dropbear versions < 0.53
+ * group14 is supported by most implementations.
+ * group16 provides a greater strength level but is slower and increases binary size
+ * curve25519 and ecdh algorithms are faster than non-elliptic curve methods
+ * curve25519 increases binary size by ~8kB on x86-64
+ * including either ECDH or ECDSA increases binary size by ~30kB on x86-64
+
+ * Small systems should generally include either curve25519 or ecdh for performance.
+ * curve25519 is less widely supported but is faster
  */ 
 #define DROPBEAR_DH_GROUP1 1
 #define DROPBEAR_DH_GROUP14_SHA1 1
 #define DROPBEAR_DH_GROUP14_SHA256 1
 #define DROPBEAR_DH_GROUP16 0
+#define DROPBEAR_CURVE25519 1
+#define DROPBEAR_ECDH 1
 
 /* Control the memory/performance/compression tradeoff for zlib.
  * Set windowBits=8 for least memory usage, see your system's
@@ -178,8 +170,6 @@ If you test it please contact the Dropbear author */
 
 /* Whether to print the message of the day (MOTD). */
 #define DO_MOTD 0
-
-/* The MOTD file path */
 #define MOTD_FILENAME "/etc/motd"
 
 /* Authentication Types - at least one required.
@@ -223,7 +213,7 @@ Homedir is prepended unless path begins with / */
 /* Save a network roundtrip by sendng a real auth request immediately after
  * sending a query for the available methods. This is not yet enabled by default 
  since it could cause problems with non-compliant servers */ 
- #define DROPBEAR_CLI_IMMEDIATE_AUTH 0
+#define DROPBEAR_CLI_IMMEDIATE_AUTH 0
 
 /* Set this to use PRNGD or EGD instead of /dev/urandom */
 #define DROPBEAR_USE_PRNGD 0
diff --git a/sysoptions.h b/sysoptions.h
index b081ffc..ba4b4ca 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -99,6 +99,23 @@
 #define MAX_MAC_LEN 20
 #endif
 
+/* sha2-512 is not necessary unless unforseen problems arise with sha2-256 */
+#ifndef DROPBEAR_SHA2_512_HMAC
+#define DROPBEAR_SHA2_512_HMAC 0
+#endif
+
+/* might be needed for compatibility with very old implementations */
+#ifndef DROPBEAR_MD5_HMAC
+#define DROPBEAR_MD5_HMAC 0
+#endif
+
+/* Twofish counter mode is disabled by default because it 
+has not been tested for interoperability with other SSH implementations.
+If you test it please contact the Dropbear author */
+#ifndef DROPBEAR_TWOFISH_CTR
+#define DROPBEAR_TWOFISH_CTR 0
+#endif
+
 
 #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA))
 

From f2d86ae7d369feb17d022fc21ad695b5dcbb8381 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sun, 18 Feb 2018 22:47:51 +0800
Subject: [PATCH 09/26] group14-sha256 should be higher than group14-sha1

---
 common-algo.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/common-algo.c b/common-algo.c
index e61fcaa..5bfe831 100644
--- a/common-algo.c
+++ b/common-algo.c
@@ -289,12 +289,12 @@ algo_type sshkex[] = {
 	{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
 #endif
 #endif
-#if DROPBEAR_DH_GROUP14_SHA1
-	{"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
-#endif
 #if DROPBEAR_DH_GROUP14_SHA256
 	{"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
 #endif
+#if DROPBEAR_DH_GROUP14_SHA1
+	{"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
+#endif
 #if DROPBEAR_DH_GROUP1
 	{"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
 #endif

From 8fdaf0268df14c25048d96e7fa89f53b080524d9 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sun, 18 Feb 2018 23:48:24 +0800
Subject: [PATCH 10/26] missed regenerating

---
 default_options.h | 68 +++++++++++++++++++----------------------------
 1 file changed, 27 insertions(+), 41 deletions(-)

diff --git a/default_options.h b/default_options.h
index 5239c36..5369a80 100644
--- a/default_options.h
+++ b/default_options.h
@@ -16,9 +16,9 @@ Local customisation should be added to localoptions.h which is
 used if it exists. Options defined there will override any options in this
 file.
 
-Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS
+Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS
 
-IMPORTANT: Many options will require "make clean" after changes */
+IMPORTANT: Some options will require "make clean" after changes */
 
 #ifndef DROPBEAR_DEFPORT
 #define DROPBEAR_DEFPORT "22"
@@ -64,9 +64,9 @@ IMPORTANT: Many options will require "make clean" after changes */
 #endif
 
 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
-several kB in binary size however will make the symmetrical ciphers and hashes
-slower, perhaps by 50%. Recommended for small systems that aren't doing
-much traffic. */
+ * several kB in binary size however will make the symmetrical ciphers and hashes
+ * slower, perhaps by 50%. Recommended for small systems that aren't doing
+ * much traffic. */
 #ifndef DROPBEAR_SMALL_CODE
 #define DROPBEAR_SMALL_CODE 1
 #endif
@@ -79,7 +79,6 @@ much traffic. */
 /* Enable TCP Fowarding */
 /* 'Local' is "-L" style (client listening port forwarded via server)
  * 'Remote' is "-R" style (server listening port forwarded via client) */
-
 #ifndef DROPBEAR_CLI_LOCALTCPFWD
 #define DROPBEAR_CLI_LOCALTCPFWD 1
 #endif
@@ -137,10 +136,10 @@ much traffic. */
 #define DROPBEAR_AES256 1
 #endif
 #ifndef DROPBEAR_TWOFISH256
-#define DROPBEAR_TWOFISH256 1
+#define DROPBEAR_TWOFISH256 0
 #endif
 #ifndef DROPBEAR_TWOFISH128
-#define DROPBEAR_TWOFISH128 1
+#define DROPBEAR_TWOFISH128 0
 #endif
 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
 #ifndef DROPBEAR_BLOWFISH
@@ -160,13 +159,6 @@ much traffic. */
 #define DROPBEAR_ENABLE_CTR_MODE 1
 #endif
 
-/* Twofish counter mode is disabled by default because it 
-has not been tested for interoperability with other SSH implementations.
-If you test it please contact the Dropbear author */
-#ifndef DROPBEAR_TWOFISH_CTR
-#define DROPBEAR_TWOFISH_CTR 0
-#endif
-
 /* Message integrity. sha2-256 is recommended as a default, 
    sha1 for compatibility */
 #ifndef DROPBEAR_SHA1_HMAC
@@ -178,15 +170,6 @@ If you test it please contact the Dropbear author */
 #ifndef DROPBEAR_SHA2_256_HMAC
 #define DROPBEAR_SHA2_256_HMAC 1
 #endif
-/* Default is to include it if sha512 is being compiled in for ECDSA */
-#ifndef DROPBEAR_SHA2_512_HMAC
-#define DROPBEAR_SHA2_512_HMAC (DROPBEAR_ECDSA)
-#endif
-
-/* XXX needed for fingerprints */
-#ifndef DROPBEAR_MD5_HMAC
-#define DROPBEAR_MD5_HMAC 0
-#endif
 
 /* Hostkey/public key algorithms - at least one required, these are used
  * for hostkey as well as for verifying signatures with pubkey auth.
@@ -222,29 +205,26 @@ If you test it please contact the Dropbear author */
 #define DROPBEAR_DELAY_HOSTKEY 1
 #endif
 
-/* Enable Curve25519 for key exchange. This is another elliptic
- * curve method with good security properties. Increases binary size
- * by ~8kB on x86-64 */
-#ifndef DROPBEAR_CURVE25519
-#define DROPBEAR_CURVE25519 1
-#endif
-
-/* Enable elliptic curve Diffie Hellman key exchange, see note about
- * ECDSA above */
-#ifndef DROPBEAR_ECDH
-#define DROPBEAR_ECDH 1
-#endif
 
 /* Key exchange algorithm.
+
  * group14_sha1 - 2048 bit, sha1
  * group14_sha256 - 2048 bit, sha2-256
  * group16 - 4096 bit, sha2-512
  * group1 - 1024 bit, sha1
+ * curve25519 - elliptic curve DH
+ * ecdh - NIST elliptic curve DH (256, 384, 521)
  *
- * group14 is supported by most implementations.
- * group16 provides a greater strength level but is slower and increases binary size
  * group1 is too small for security though is necessary if you need 
      compatibility with some implementations such as Dropbear versions < 0.53
+ * group14 is supported by most implementations.
+ * group16 provides a greater strength level but is slower and increases binary size
+ * curve25519 and ecdh algorithms are faster than non-elliptic curve methods
+ * curve25519 increases binary size by ~8kB on x86-64
+ * including either ECDH or ECDSA increases binary size by ~30kB on x86-64
+
+ * Small systems should generally include either curve25519 or ecdh for performance.
+ * curve25519 is less widely supported but is faster
  */ 
 #ifndef DROPBEAR_DH_GROUP1
 #define DROPBEAR_DH_GROUP1 1
@@ -258,6 +238,12 @@ If you test it please contact the Dropbear author */
 #ifndef DROPBEAR_DH_GROUP16
 #define DROPBEAR_DH_GROUP16 0
 #endif
+#ifndef DROPBEAR_CURVE25519
+#define DROPBEAR_CURVE25519 1
+#endif
+#ifndef DROPBEAR_ECDH
+#define DROPBEAR_ECDH 1
+#endif
 
 /* Control the memory/performance/compression tradeoff for zlib.
  * Set windowBits=8 for least memory usage, see your system's
@@ -279,8 +265,6 @@ If you test it please contact the Dropbear author */
 #ifndef DO_MOTD
 #define DO_MOTD 0
 #endif
-
-/* The MOTD file path */
 #ifndef MOTD_FILENAME
 #define MOTD_FILENAME "/etc/motd"
 #endif
@@ -344,7 +328,9 @@ Homedir is prepended unless path begins with / */
 /* Save a network roundtrip by sendng a real auth request immediately after
  * sending a query for the available methods. This is not yet enabled by default 
  since it could cause problems with non-compliant servers */ 
- #define DROPBEAR_CLI_IMMEDIATE_AUTH 0
+#ifndef DROPBEAR_CLI_IMMEDIATE_AUTH
+#define DROPBEAR_CLI_IMMEDIATE_AUTH 0
+#endif
 
 /* Set this to use PRNGD or EGD instead of /dev/urandom */
 #ifndef DROPBEAR_USE_PRNGD

From 316c923188bd5d1f835cf3a5e22ee39e89b8e8d5 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Sun, 18 Feb 2018 23:48:32 +0800
Subject: [PATCH 11/26] draft CHANGES

---
 CHANGES | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)

diff --git a/CHANGES b/CHANGES
index 4230b57..1f002ac 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,76 @@
+Upcoming...
+
+- IMPORTANT:
+  Custom configuration is now specified in local_options.h rather than options.h
+  Available options and defaults can be seen in default_options.h.in
+
+  To migrate your configuration, compare your customised options.h against the
+  upstream options.h from your relevant version. Any customised options should
+  be put in localoptions.h
+
+- "configure --enable-static" should now be used instead of "make STATIC=1"
+
+- Add group14-256 and group16 key exchange options
+
+- Set hardened build flags by default if supported by the compiler.
+  -Wl,-pie
+  -Wl,-z,now -Wl,-z,relro
+  -fstack-protector-strong
+  -D_FORTIFY_SOURCE=2
+  # spectre v2 mitigation
+  -mfunction-return=thunk
+  -mindirect-branch=thunk
+
+  These can be disabled with configure --disable-harden if needed
+  Spectre patch from Loganaden Velvindron
+
+- Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant
+
+- Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket.
+  See dbclient manpage for a socat example. Patch from Harald Becker
+
+- Add "-c forced_command" option. Patch from Jeremy Kerr
+
+- Support server-chosen TCP forwarding ports, patch from houseofkodai
+
+- Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port]
+  Patch from houseofkodai
+
+- Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1
+
+- Minimum RSA key length has been increased to 1024 bits
+
+- Set PAM_RHOST which is needed by modules such as pam_abl
+
+- Improvements to DSS public key validation, found by OSS-Fuzz. 
+
+- Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz
+
+- Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz
+
+- Numerous code cleanups and small issues fixed by Francois Perrad
+
+- Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl
+  platforms. Reported by Oliver Schneider and Andrew Bainbridge
+
+- Fix some platform portability problems, from Ben Gardner
+
+- Add EXEEXT filename suffix for building dropbearmulti, from William Foster
+
+- Support --enable-<option> properly for configure, from Stefan Hauser
+
+- configure have_openpty result can be cached, from Eric Bénard
+
+- handle platforms that return close() < -1 on failure, from Marco Wenzel
+
+- Build and configuration cleanups from Michael Witten
+
+- Fix libtomcrypt/libtommath linking order, from Andre McCurdy
+
+- Fix old Linux platforms that have SYS_clock_gettime but not CLOCK_MONOTONIC
+
+- Update curve25519-donna implementation to current version
+
 2017.75 - 18 May 2017
 
 - Security: Fix double-free in server TCP listener cleanup

From 3f3f3992315ae73670127ce2a3c2216c4313604d Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Mon, 19 Feb 2018 22:16:50 +0800
Subject: [PATCH 12/26] - Fix dependencies and remove old default_options.h
 from version control - Rename default_options.h.in -> default_options.h, and 
  default_options.h -> default_options_guard.h - Fix newlines in
 default_options.h

---
 Makefile.in          |  30 ++---
 default_options.h    | 155 +----------------------
 default_options.h.in | 290 -------------------------------------------
 ifndef_wrapper.sh    |   2 +-
 options.h            |   3 +-
 5 files changed, 19 insertions(+), 461 deletions(-)
 delete mode 100644 default_options.h.in

diff --git a/Makefile.in b/Makefile.in
index 8c9fbfe..1d5f7ed 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -23,9 +23,10 @@ CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/
 LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM)
 endif
 
+OPTION_HEADERS = default_options_guard.h sysoptions.h
 ifneq ($(wildcard localoptions.h),)
 CFLAGS+=-DLOCALOPTIONS_H_EXISTS
-LOCALOPTIONS_H=localoptions.h
+OPTION_HEADERS += localoptions.h
 endif
 
 COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
@@ -98,7 +99,6 @@ ifneq (,$(strip $(foreach prog, $(PROGRAMS), $(findstring ZdbclientZ, Z$(prog)Z)
 	CFLAGS+= -DDROPBEAR_CLIENT
 endif
 
-
 # these are exported so that libtomcrypt's makefile will use them
 export CC
 export CFLAGS
@@ -121,9 +121,16 @@ endif
 
 all: $(TARGETS)
 
-# a bit lazy, but safer
-HEADERS=$(wildcard $(srcdir)/*.h *.h)
-*.o: $(HEADERS)
+# for simplicity assume all source depends on all headers
+HEADERS=$(wildcard $(srcdir)/*.h *.h) $(OPTION_HEADERS)
+%.o : %.c $(HEADERS)
+	$(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@
+
+default_options_guard.h: default_options.h
+	@echo Creating $@
+	@printf "/*\n > > > Do not edit this file (default_options_guard.h) < < <\nGenerated from "$^"\nLocal customisation goes in localoptions.h\n*/\n\n" > $@.tmp
+	@$(srcdir)/ifndef_wrapper.sh < $^ >> $@.tmp
+	@mv $@.tmp $@
 
 strip: $(TARGETS)
 	$(STRIP) $(addsuffix $(EXEEXT), $(TARGETS))
@@ -197,10 +204,10 @@ link%:
 	-rm -f $*$(EXEEXT)
 	-ln -s dropbearmulti$(EXEEXT) $*$(EXEEXT)
 
-$(STATIC_LTC): 
+$(STATIC_LTC): $(OPTION_HEADERS)
 	$(MAKE) -C libtomcrypt
 
-$(STATIC_LTM):
+$(STATIC_LTM): $(OPTION_HEADERS)
 	$(MAKE) -C libtommath
 
 .PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean
@@ -224,14 +231,7 @@ thisclean:
 distclean: clean tidy
 	-rm -f config.h
 	-rm -f Makefile
+	-rm -f default_options_guard.h
 
 tidy:
 	-rm -f *~ *.gcov */*~
-
-# default_options.h is stored in version control, could not find a workaround
-# for parallel "make -j" and dependency rules.
-default_options.h: default_options.h.in 
-	@echo Creating $@
-	@echo "/*\n > > > Do not edit this file (default_options.h) < < <\nGenerated from "$^"\nLocal customisation goes in localoptions.h\n*/\n\n" > $@.tmp
-	@$(srcdir)/ifndef_wrapper.sh < $^ >> $@.tmp
-	@mv $@.tmp $@
diff --git a/default_options.h b/default_options.h
index 5369a80..70836bc 100644
--- a/default_options.h
+++ b/default_options.h
@@ -1,16 +1,9 @@
-/*
- > > > Do not edit this file (default_options.h) < < <
-Generated from ../default_options.h.in
-Local customisation goes in localoptions.h
-*/
-
-
 #ifndef DROPBEAR_DEFAULT_OPTIONS_H_
 #define DROPBEAR_DEFAULT_OPTIONS_H_
 /*
                      > > > Read This < < <
 
-default_options.h.in  documents compile-time options, and provides default values.
+default_options.h  documents compile-time options, and provides default values.
 
 Local customisation should be added to localoptions.h which is
 used if it exists. Options defined there will override any options in this
@@ -20,25 +13,15 @@ Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS
 
 IMPORTANT: Some options will require "make clean" after changes */
 
-#ifndef DROPBEAR_DEFPORT
 #define DROPBEAR_DEFPORT "22"
-#endif
 
 /* Listen on all interfaces */
-#ifndef DROPBEAR_DEFADDRESS
 #define DROPBEAR_DEFADDRESS ""
-#endif
 
 /* Default hostkey paths - these can be specified on the command line */
-#ifndef DSS_PRIV_FILENAME
 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
-#endif
-#ifndef RSA_PRIV_FILENAME
 #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
-#endif
-#ifndef ECDSA_PRIV_FILENAME
 #define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
-#endif
 
 /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
  * on chosen ports and keeps accepting connections. This is the default.
@@ -50,126 +33,76 @@ IMPORTANT: Some options will require "make clean" after changes */
  *
  * Both of these flags can be defined at once, don't compile without at least
  * one of them. */
-#ifndef NON_INETD_MODE
 #define NON_INETD_MODE 1
-#endif
-#ifndef INETD_MODE
 #define INETD_MODE 1
-#endif
 
 /* Include verbose debug output, enabled with -v at runtime. 
  * This will add a reasonable amount to your executable size. */
-#ifndef DEBUG_TRACE
 #define DEBUG_TRACE 0
-#endif
 
 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
  * several kB in binary size however will make the symmetrical ciphers and hashes
  * slower, perhaps by 50%. Recommended for small systems that aren't doing
  * much traffic. */
-#ifndef DROPBEAR_SMALL_CODE
 #define DROPBEAR_SMALL_CODE 1
-#endif
 
 /* Enable X11 Forwarding - server only */
-#ifndef DROPBEAR_X11FWD
 #define DROPBEAR_X11FWD 1
-#endif
 
 /* Enable TCP Fowarding */
 /* 'Local' is "-L" style (client listening port forwarded via server)
  * 'Remote' is "-R" style (server listening port forwarded via client) */
-#ifndef DROPBEAR_CLI_LOCALTCPFWD
 #define DROPBEAR_CLI_LOCALTCPFWD 1
-#endif
-#ifndef DROPBEAR_CLI_REMOTETCPFWD
 #define DROPBEAR_CLI_REMOTETCPFWD 1
-#endif
 
-#ifndef DROPBEAR_SVR_LOCALTCPFWD
 #define DROPBEAR_SVR_LOCALTCPFWD 1
-#endif
-#ifndef DROPBEAR_SVR_REMOTETCPFWD
 #define DROPBEAR_SVR_REMOTETCPFWD 1
-#endif
 
 /* Enable Authentication Agent Forwarding */
-#ifndef DROPBEAR_SVR_AGENTFWD
 #define DROPBEAR_SVR_AGENTFWD 1
-#endif
-#ifndef DROPBEAR_CLI_AGENTFWD
 #define DROPBEAR_CLI_AGENTFWD 1
-#endif
 
 /* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to
  * allow multihop dbclient connections */
 
 /* Allow using -J <proxycommand> to run the connection through a 
    pipe to a program, rather the normal TCP connection */
-#ifndef DROPBEAR_CLI_PROXYCMD
 #define DROPBEAR_CLI_PROXYCMD 1
-#endif
 
 /* Enable "Netcat mode" option. This will forward standard input/output
  * to a remote TCP-forwarded connection */
-#ifndef DROPBEAR_CLI_NETCAT
 #define DROPBEAR_CLI_NETCAT 1
-#endif
 
 /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
-#ifndef DROPBEAR_USER_ALGO_LIST
 #define DROPBEAR_USER_ALGO_LIST 1
-#endif
 
 /* Encryption - at least one required.
  * AES128 should be enabled, some very old implementations might only
  * support 3DES.
  * Including both AES keysize variants (128 and 256) will result in 
  * a minimal size increase */
-#ifndef DROPBEAR_AES128
 #define DROPBEAR_AES128 1
-#endif
-#ifndef DROPBEAR_3DES
 #define DROPBEAR_3DES 1
-#endif
-#ifndef DROPBEAR_AES256
 #define DROPBEAR_AES256 1
-#endif
-#ifndef DROPBEAR_TWOFISH256
 #define DROPBEAR_TWOFISH256 0
-#endif
-#ifndef DROPBEAR_TWOFISH128
 #define DROPBEAR_TWOFISH128 0
-#endif
 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
-#ifndef DROPBEAR_BLOWFISH
 #define DROPBEAR_BLOWFISH 0
-#endif
 
 /* Enable CBC mode for ciphers. This has security issues though
  * is the most compatible with older SSH implementations */
-#ifndef DROPBEAR_ENABLE_CBC_MODE
 #define DROPBEAR_ENABLE_CBC_MODE 1
-#endif
 
 /* Enable "Counter Mode" for ciphers. This is more secure than
  * CBC mode against certain attacks. It is recommended for security
  * and forwards compatibility */
-#ifndef DROPBEAR_ENABLE_CTR_MODE
 #define DROPBEAR_ENABLE_CTR_MODE 1
-#endif
 
 /* Message integrity. sha2-256 is recommended as a default, 
    sha1 for compatibility */
-#ifndef DROPBEAR_SHA1_HMAC
 #define DROPBEAR_SHA1_HMAC 1
-#endif
-#ifndef DROPBEAR_SHA1_96_HMAC
 #define DROPBEAR_SHA1_96_HMAC 1
-#endif
-#ifndef DROPBEAR_SHA2_256_HMAC
 #define DROPBEAR_SHA2_256_HMAC 1
-#endif
 
 /* Hostkey/public key algorithms - at least one required, these are used
  * for hostkey as well as for verifying signatures with pubkey auth.
@@ -177,23 +110,15 @@ IMPORTANT: Some options will require "make clean" after changes */
  * RSA is recommended
  * DSS may be necessary to connect to some systems though
    is not recommended for new keys */
-#ifndef DROPBEAR_RSA
 #define DROPBEAR_RSA 1
-#endif
-#ifndef DROPBEAR_DSS
 #define DROPBEAR_DSS 1
-#endif
 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
  * code (either ECDSA or ECDH) increases binary size - around 30kB
  * on x86-64 */
-#ifndef DROPBEAR_ECDSA
 #define DROPBEAR_ECDSA 1
-#endif
 
 /* RSA must be >=1024 */
-#ifndef DROPBEAR_DEFAULT_RSA_SIZE
 #define DROPBEAR_DEFAULT_RSA_SIZE 2048
-#endif
 /* DSS is always 1024 */
 /* ECDSA defaults to largest size configured, usually 521 */
 
@@ -201,9 +126,7 @@ IMPORTANT: Some options will require "make clean" after changes */
    connection using that key type occurs.
    This avoids the need to otherwise run "dropbearkey" and avoids some problems
    with badly seeded /dev/urandom when systems first boot. */
-#ifndef DROPBEAR_DELAY_HOSTKEY
 #define DROPBEAR_DELAY_HOSTKEY 1
-#endif
 
 
 /* Key exchange algorithm.
@@ -226,24 +149,12 @@ IMPORTANT: Some options will require "make clean" after changes */
  * Small systems should generally include either curve25519 or ecdh for performance.
  * curve25519 is less widely supported but is faster
  */ 
-#ifndef DROPBEAR_DH_GROUP1
 #define DROPBEAR_DH_GROUP1 1
-#endif
-#ifndef DROPBEAR_DH_GROUP14_SHA1
 #define DROPBEAR_DH_GROUP14_SHA1 1
-#endif
-#ifndef DROPBEAR_DH_GROUP14_SHA256
 #define DROPBEAR_DH_GROUP14_SHA256 1
-#endif
-#ifndef DROPBEAR_DH_GROUP16
 #define DROPBEAR_DH_GROUP16 0
-#endif
-#ifndef DROPBEAR_CURVE25519
 #define DROPBEAR_CURVE25519 1
-#endif
-#ifndef DROPBEAR_ECDH
 #define DROPBEAR_ECDH 1
-#endif
 
 /* Control the memory/performance/compression tradeoff for zlib.
  * Set windowBits=8 for least memory usage, see your system's
@@ -252,28 +163,18 @@ IMPORTANT: Some options will require "make clean" after changes */
  * windowBits=8 will use 129kB for compression.
  * Both modes will use ~35kB for decompression (using windowBits=15 for
  * interoperability) */
-#ifndef DROPBEAR_ZLIB_WINDOW_BITS
 #define DROPBEAR_ZLIB_WINDOW_BITS 15 
-#endif
 
 /* Whether to do reverse DNS lookups. */
-#ifndef DO_HOST_LOOKUP
 #define DO_HOST_LOOKUP 0
-#endif
 
 /* Whether to print the message of the day (MOTD). */
-#ifndef DO_MOTD
 #define DO_MOTD 0
-#endif
-#ifndef MOTD_FILENAME
 #define MOTD_FILENAME "/etc/motd"
-#endif
 
 /* Authentication Types - at least one required.
    RFC Draft requires pubkey auth, and recommends password */
-#ifndef DROPBEAR_SVR_PASSWORD_AUTH
 #define DROPBEAR_SVR_PASSWORD_AUTH 1
-#endif
 
 /* Note: PAM auth is quite simple and only works for PAM modules which just do
  * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
@@ -281,119 +182,79 @@ IMPORTANT: Some options will require "make clean" after changes */
  * but there's an interface via a PAM module. It won't work for more complex
  * PAM challenge/response.
  * You can't enable both PASSWORD and PAM. */
-#ifndef DROPBEAR_SVR_PAM_AUTH
 #define DROPBEAR_SVR_PAM_AUTH 0
-#endif
 
 /* ~/.ssh/authorized_keys authentication */
-#ifndef DROPBEAR_SVR_PUBKEY_AUTH
 #define DROPBEAR_SVR_PUBKEY_AUTH 1
-#endif
 
 /* Whether to take public key options in 
  * authorized_keys file into account */
-#ifndef DROPBEAR_SVR_PUBKEY_OPTIONS
 #define DROPBEAR_SVR_PUBKEY_OPTIONS 1
-#endif
 
 /* Client authentication options */
-#ifndef DROPBEAR_CLI_PASSWORD_AUTH
 #define DROPBEAR_CLI_PASSWORD_AUTH 1
-#endif
-#ifndef DROPBEAR_CLI_PUBKEY_AUTH
 #define DROPBEAR_CLI_PUBKEY_AUTH 1
-#endif
 
 /* A default argument for dbclient -i <privatekey>. 
 Homedir is prepended unless path begins with / */
-#ifndef DROPBEAR_DEFAULT_CLI_AUTHKEY
 #define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear"
-#endif
 
 /* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD
  * environment variable. */
-#ifndef DROPBEAR_USE_PASSWORD_ENV
 #define DROPBEAR_USE_PASSWORD_ENV 1
-#endif
 
 /* Define this (as well as DROPBEAR_CLI_PASSWORD_AUTH) to allow the use of
  * a helper program for the ssh client. The helper program should be
  * specified in the SSH_ASKPASS environment variable, and dbclient
  * should be run with DISPLAY set and no tty. The program should
  * return the password on standard output */
-#ifndef DROPBEAR_CLI_ASKPASS_HELPER
 #define DROPBEAR_CLI_ASKPASS_HELPER 0
-#endif
 
 /* Save a network roundtrip by sendng a real auth request immediately after
  * sending a query for the available methods. This is not yet enabled by default 
  since it could cause problems with non-compliant servers */ 
-#ifndef DROPBEAR_CLI_IMMEDIATE_AUTH
 #define DROPBEAR_CLI_IMMEDIATE_AUTH 0
-#endif
 
 /* Set this to use PRNGD or EGD instead of /dev/urandom */
-#ifndef DROPBEAR_USE_PRNGD
 #define DROPBEAR_USE_PRNGD 0
-#endif
-#ifndef DROPBEAR_PRNGD_SOCKET
 #define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
-#endif
 
 /* Specify the number of clients we will allow to be connected but
  * not yet authenticated. After this limit, connections are rejected */
 /* The first setting is per-IP, to avoid denial of service */
-#ifndef MAX_UNAUTH_PER_IP
 #define MAX_UNAUTH_PER_IP 5
-#endif
 
 /* And then a global limit to avoid chewing memory if connections 
  * come from many IPs */
-#ifndef MAX_UNAUTH_CLIENTS
 #define MAX_UNAUTH_CLIENTS 30
-#endif
 
 /* Default maximum number of failed authentication tries (server option) */
 /* -T server option overrides */
-#ifndef MAX_AUTH_TRIES
 #define MAX_AUTH_TRIES 10
-#endif
 
 /* The default file to store the daemon's process ID, for shutdown
    scripts etc. This can be overridden with the -P flag */
-#ifndef DROPBEAR_PIDFILE
 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
-#endif
 
 /* The command to invoke for xauth when using X11 forwarding.
  * "-q" for quiet */
-#ifndef XAUTH_COMMAND
 #define XAUTH_COMMAND "/usr/bin/xauth -q"
-#endif
 
 
 /* if you want to enable running an sftp server (such as the one included with
  * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. 
  * The sftp-server program is not provided by Dropbear itself */
-#ifndef DROPBEAR_SFTPSERVER
 #define DROPBEAR_SFTPSERVER 1
-#endif
-#ifndef SFTPSERVER_PATH
 #define SFTPSERVER_PATH "/usr/libexec/sftp-server"
-#endif
 
 /* This is used by the scp binary when used as a client binary. If you're
  * not using the Dropbear client, you'll need to change it */
-#ifndef DROPBEAR_PATH_SSH_PROGRAM
 #define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
-#endif
 
 /* Whether to log commands executed by a client. This only logs the 
  * (single) command sent to the server, not what a user did in a 
  * shell/sftp session etc. */
-#ifndef LOG_COMMANDS
 #define LOG_COMMANDS 0
-#endif
 
 /* Window size limits. These tend to be a trade-off between memory
    usage and network performance: */
@@ -402,42 +263,28 @@ Homedir is prepended unless path begins with / */
    significant difference to network performance. 24kB was empirically
    chosen for a 100mbit ethernet network. The value can be altered at
    runtime with the -W argument. */
-#ifndef DEFAULT_RECV_WINDOW
 #define DEFAULT_RECV_WINDOW 24576
-#endif
 /* Maximum size of a received SSH data packet - this _MUST_ be >= 32768
    in order to interoperate with other implementations */
-#ifndef RECV_MAX_PAYLOAD_LEN
 #define RECV_MAX_PAYLOAD_LEN 32768
-#endif
 /* Maximum size of a transmitted data packet - this can be any value,
    though increasing it may not make a significant difference. */
-#ifndef TRANS_MAX_PAYLOAD_LEN
 #define TRANS_MAX_PAYLOAD_LEN 16384
-#endif
 
 /* Ensure that data is transmitted every KEEPALIVE seconds. This can
 be overridden at runtime with -K. 0 disables keepalives */
-#ifndef DEFAULT_KEEPALIVE
 #define DEFAULT_KEEPALIVE 0
-#endif
 
 /* If this many KEEPALIVES are sent with no packets received from the
 other side, exit. Not run-time configurable - if you have a need
 for runtime configuration please mail the Dropbear list */
-#ifndef DEFAULT_KEEPALIVE_LIMIT
 #define DEFAULT_KEEPALIVE_LIMIT 3
-#endif
 
 /* Ensure that data is received within IDLE_TIMEOUT seconds. This can
 be overridden at runtime with -I. 0 disables idle timeouts */
-#ifndef DEFAULT_IDLE_TIMEOUT
 #define DEFAULT_IDLE_TIMEOUT 0
-#endif
 
 /* The default path. This will often get replaced by the shell */
-#ifndef DEFAULT_PATH
 #define DEFAULT_PATH "/usr/bin:/bin"
-#endif
 
 #endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */
diff --git a/default_options.h.in b/default_options.h.in
deleted file mode 100644
index 1dfe709..0000000
--- a/default_options.h.in
+++ /dev/null
@@ -1,290 +0,0 @@
-#ifndef DROPBEAR_DEFAULT_OPTIONS_H_
-#define DROPBEAR_DEFAULT_OPTIONS_H_
-/*
-                     > > > Read This < < <
-
-default_options.h.in  documents compile-time options, and provides default values.
-
-Local customisation should be added to localoptions.h which is
-used if it exists. Options defined there will override any options in this
-file.
-
-Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS
-
-IMPORTANT: Some options will require "make clean" after changes */
-
-#define DROPBEAR_DEFPORT "22"
-
-/* Listen on all interfaces */
-#define DROPBEAR_DEFADDRESS ""
-
-/* Default hostkey paths - these can be specified on the command line */
-#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
-#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
-#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
-
-/* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
- * on chosen ports and keeps accepting connections. This is the default.
- *
- * Set INETD_MODE if you want to be able to run Dropbear with inetd (or
- * similar), where it will use stdin/stdout for connections, and each process
- * lasts for a single connection. Dropbear should be invoked with the -i flag
- * for inetd, and can only accept IPv4 connections.
- *
- * Both of these flags can be defined at once, don't compile without at least
- * one of them. */
-#define NON_INETD_MODE 1
-#define INETD_MODE 1
-
-/* Include verbose debug output, enabled with -v at runtime. 
- * This will add a reasonable amount to your executable size. */
-#define DEBUG_TRACE 0
-
-/* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
- * several kB in binary size however will make the symmetrical ciphers and hashes
- * slower, perhaps by 50%. Recommended for small systems that aren't doing
- * much traffic. */
-#define DROPBEAR_SMALL_CODE 1
-
-/* Enable X11 Forwarding - server only */
-#define DROPBEAR_X11FWD 1
-
-/* Enable TCP Fowarding */
-/* 'Local' is "-L" style (client listening port forwarded via server)
- * 'Remote' is "-R" style (server listening port forwarded via client) */
-#define DROPBEAR_CLI_LOCALTCPFWD 1
-#define DROPBEAR_CLI_REMOTETCPFWD 1
-
-#define DROPBEAR_SVR_LOCALTCPFWD 1
-#define DROPBEAR_SVR_REMOTETCPFWD 1
-
-/* Enable Authentication Agent Forwarding */
-#define DROPBEAR_SVR_AGENTFWD 1
-#define DROPBEAR_CLI_AGENTFWD 1
-
-/* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to
- * allow multihop dbclient connections */
-
-/* Allow using -J <proxycommand> to run the connection through a 
-   pipe to a program, rather the normal TCP connection */
-#define DROPBEAR_CLI_PROXYCMD 1
-
-/* Enable "Netcat mode" option. This will forward standard input/output
- * to a remote TCP-forwarded connection */
-#define DROPBEAR_CLI_NETCAT 1
-
-/* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
-#define DROPBEAR_USER_ALGO_LIST 1
-
-/* Encryption - at least one required.
- * AES128 should be enabled, some very old implementations might only
- * support 3DES.
- * Including both AES keysize variants (128 and 256) will result in 
- * a minimal size increase */
-#define DROPBEAR_AES128 1
-#define DROPBEAR_3DES 1
-#define DROPBEAR_AES256 1
-#define DROPBEAR_TWOFISH256 0
-#define DROPBEAR_TWOFISH128 0
-/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
-#define DROPBEAR_BLOWFISH 0
-
-/* Enable CBC mode for ciphers. This has security issues though
- * is the most compatible with older SSH implementations */
-#define DROPBEAR_ENABLE_CBC_MODE 1
-
-/* Enable "Counter Mode" for ciphers. This is more secure than
- * CBC mode against certain attacks. It is recommended for security
- * and forwards compatibility */
-#define DROPBEAR_ENABLE_CTR_MODE 1
-
-/* Message integrity. sha2-256 is recommended as a default, 
-   sha1 for compatibility */
-#define DROPBEAR_SHA1_HMAC 1
-#define DROPBEAR_SHA1_96_HMAC 1
-#define DROPBEAR_SHA2_256_HMAC 1
-
-/* Hostkey/public key algorithms - at least one required, these are used
- * for hostkey as well as for verifying signatures with pubkey auth.
- * Removing either of these won't save very much space.
- * RSA is recommended
- * DSS may be necessary to connect to some systems though
-   is not recommended for new keys */
-#define DROPBEAR_RSA 1
-#define DROPBEAR_DSS 1
-/* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
- * code (either ECDSA or ECDH) increases binary size - around 30kB
- * on x86-64 */
-#define DROPBEAR_ECDSA 1
-
-/* RSA must be >=1024 */
-#define DROPBEAR_DEFAULT_RSA_SIZE 2048
-/* DSS is always 1024 */
-/* ECDSA defaults to largest size configured, usually 521 */
-
-/* Add runtime flag "-R" to generate hostkeys as-needed when the first 
-   connection using that key type occurs.
-   This avoids the need to otherwise run "dropbearkey" and avoids some problems
-   with badly seeded /dev/urandom when systems first boot. */
-#define DROPBEAR_DELAY_HOSTKEY 1
-
-
-/* Key exchange algorithm.
-
- * group14_sha1 - 2048 bit, sha1
- * group14_sha256 - 2048 bit, sha2-256
- * group16 - 4096 bit, sha2-512
- * group1 - 1024 bit, sha1
- * curve25519 - elliptic curve DH
- * ecdh - NIST elliptic curve DH (256, 384, 521)
- *
- * group1 is too small for security though is necessary if you need 
-     compatibility with some implementations such as Dropbear versions < 0.53
- * group14 is supported by most implementations.
- * group16 provides a greater strength level but is slower and increases binary size
- * curve25519 and ecdh algorithms are faster than non-elliptic curve methods
- * curve25519 increases binary size by ~8kB on x86-64
- * including either ECDH or ECDSA increases binary size by ~30kB on x86-64
-
- * Small systems should generally include either curve25519 or ecdh for performance.
- * curve25519 is less widely supported but is faster
- */ 
-#define DROPBEAR_DH_GROUP1 1
-#define DROPBEAR_DH_GROUP14_SHA1 1
-#define DROPBEAR_DH_GROUP14_SHA256 1
-#define DROPBEAR_DH_GROUP16 0
-#define DROPBEAR_CURVE25519 1
-#define DROPBEAR_ECDH 1
-
-/* Control the memory/performance/compression tradeoff for zlib.
- * Set windowBits=8 for least memory usage, see your system's
- * zlib.h for full details.
- * Default settings (windowBits=15) will use 256kB for compression
- * windowBits=8 will use 129kB for compression.
- * Both modes will use ~35kB for decompression (using windowBits=15 for
- * interoperability) */
-#define DROPBEAR_ZLIB_WINDOW_BITS 15 
-
-/* Whether to do reverse DNS lookups. */
-#define DO_HOST_LOOKUP 0
-
-/* Whether to print the message of the day (MOTD). */
-#define DO_MOTD 0
-#define MOTD_FILENAME "/etc/motd"
-
-/* Authentication Types - at least one required.
-   RFC Draft requires pubkey auth, and recommends password */
-#define DROPBEAR_SVR_PASSWORD_AUTH 1
-
-/* Note: PAM auth is quite simple and only works for PAM modules which just do
- * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
- * It's useful for systems like OS X where standard password crypts don't work
- * but there's an interface via a PAM module. It won't work for more complex
- * PAM challenge/response.
- * You can't enable both PASSWORD and PAM. */
-#define DROPBEAR_SVR_PAM_AUTH 0
-
-/* ~/.ssh/authorized_keys authentication */
-#define DROPBEAR_SVR_PUBKEY_AUTH 1
-
-/* Whether to take public key options in 
- * authorized_keys file into account */
-#define DROPBEAR_SVR_PUBKEY_OPTIONS 1
-
-/* Client authentication options */
-#define DROPBEAR_CLI_PASSWORD_AUTH 1
-#define DROPBEAR_CLI_PUBKEY_AUTH 1
-
-/* A default argument for dbclient -i <privatekey>. 
-Homedir is prepended unless path begins with / */
-#define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear"
-
-/* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD
- * environment variable. */
-#define DROPBEAR_USE_PASSWORD_ENV 1
-
-/* Define this (as well as DROPBEAR_CLI_PASSWORD_AUTH) to allow the use of
- * a helper program for the ssh client. The helper program should be
- * specified in the SSH_ASKPASS environment variable, and dbclient
- * should be run with DISPLAY set and no tty. The program should
- * return the password on standard output */
-#define DROPBEAR_CLI_ASKPASS_HELPER 0
-
-/* Save a network roundtrip by sendng a real auth request immediately after
- * sending a query for the available methods. This is not yet enabled by default 
- since it could cause problems with non-compliant servers */ 
-#define DROPBEAR_CLI_IMMEDIATE_AUTH 0
-
-/* Set this to use PRNGD or EGD instead of /dev/urandom */
-#define DROPBEAR_USE_PRNGD 0
-#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
-
-/* Specify the number of clients we will allow to be connected but
- * not yet authenticated. After this limit, connections are rejected */
-/* The first setting is per-IP, to avoid denial of service */
-#define MAX_UNAUTH_PER_IP 5
-
-/* And then a global limit to avoid chewing memory if connections 
- * come from many IPs */
-#define MAX_UNAUTH_CLIENTS 30
-
-/* Default maximum number of failed authentication tries (server option) */
-/* -T server option overrides */
-#define MAX_AUTH_TRIES 10
-
-/* The default file to store the daemon's process ID, for shutdown
-   scripts etc. This can be overridden with the -P flag */
-#define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
-
-/* The command to invoke for xauth when using X11 forwarding.
- * "-q" for quiet */
-#define XAUTH_COMMAND "/usr/bin/xauth -q"
-
-
-/* if you want to enable running an sftp server (such as the one included with
- * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. 
- * The sftp-server program is not provided by Dropbear itself */
-#define DROPBEAR_SFTPSERVER 1
-#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
-
-/* This is used by the scp binary when used as a client binary. If you're
- * not using the Dropbear client, you'll need to change it */
-#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
-
-/* Whether to log commands executed by a client. This only logs the 
- * (single) command sent to the server, not what a user did in a 
- * shell/sftp session etc. */
-#define LOG_COMMANDS 0
-
-/* Window size limits. These tend to be a trade-off between memory
-   usage and network performance: */
-/* Size of the network receive window. This amount of memory is allocated
-   as a per-channel receive buffer. Increasing this value can make a
-   significant difference to network performance. 24kB was empirically
-   chosen for a 100mbit ethernet network. The value can be altered at
-   runtime with the -W argument. */
-#define DEFAULT_RECV_WINDOW 24576
-/* Maximum size of a received SSH data packet - this _MUST_ be >= 32768
-   in order to interoperate with other implementations */
-#define RECV_MAX_PAYLOAD_LEN 32768
-/* Maximum size of a transmitted data packet - this can be any value,
-   though increasing it may not make a significant difference. */
-#define TRANS_MAX_PAYLOAD_LEN 16384
-
-/* Ensure that data is transmitted every KEEPALIVE seconds. This can
-be overridden at runtime with -K. 0 disables keepalives */
-#define DEFAULT_KEEPALIVE 0
-
-/* If this many KEEPALIVES are sent with no packets received from the
-other side, exit. Not run-time configurable - if you have a need
-for runtime configuration please mail the Dropbear list */
-#define DEFAULT_KEEPALIVE_LIMIT 3
-
-/* Ensure that data is received within IDLE_TIMEOUT seconds. This can
-be overridden at runtime with -I. 0 disables idle timeouts */
-#define DEFAULT_IDLE_TIMEOUT 0
-
-/* The default path. This will often get replaced by the shell */
-#define DEFAULT_PATH "/usr/bin:/bin"
-
-#endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */
diff --git a/ifndef_wrapper.sh b/ifndef_wrapper.sh
index a5c5ce6..e2545d4 100755
--- a/ifndef_wrapper.sh
+++ b/ifndef_wrapper.sh
@@ -2,6 +2,6 @@
 
 # Wrap all "#define X Y" with a #ifndef X...#endif"
 
-sed -E 's/^(#define ([^ ]+) .*)/#ifndef \2\
+sed -E 's/^( *#define ([^ ]+) .*)/#ifndef \2\
 \1\
 #endif/' 
diff --git a/options.h b/options.h
index 2fe67c3..7d6087c 100644
--- a/options.h
+++ b/options.h
@@ -15,7 +15,8 @@ See default_options.h.in for a description of the available options.
 #include "localoptions.h"
 #endif
 
-#include "default_options.h"
+/* default_options.h is processed to add #ifndef guards */
+#include "default_options_guard.h"
 
 /* Some other defines that mostly should be left alone are defined
  * in sysoptions.h */

From 4768351e896a825e6f84893c66bb05adb463c1ba Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Mon, 19 Feb 2018 23:04:46 +0800
Subject: [PATCH 13/26] Remove bad merged libtommmath "clean" rule and leftover
 makefile.include

---
 libtommath/Makefile.in         |  13 ----
 libtommath/makefile.include    | 105 ---------------------------------
 libtommath/makefile_include.mk |  17 +++---
 3 files changed, 9 insertions(+), 126 deletions(-)
 delete mode 100644 libtommath/makefile.include

diff --git a/libtommath/Makefile.in b/libtommath/Makefile.in
index e99f048..828e243 100644
--- a/libtommath/Makefile.in
+++ b/libtommath/Makefile.in
@@ -126,19 +126,6 @@ docdvi poster docs mandvi manual:
 pretty:
 	perl pretty.build
 
-#\zipup the project (take that!)
-no_oops: clean
-	cd .. ; cvs commit
-	echo Scanning for scratch/dirty files
-	find . -type f | grep -v CVS | xargs -n 1 bash mess.sh
-
-clean:
-	rm -f *.bat *.pdf *.o *.a *.obj *.lib *.exe *.dll etclib/*.o demo/demo.o test ltmtest mpitest mtest/mtest mtest/mtest.exe \
-        *.idx *.toc *.log *.aux *.dvi *.lof *.ind *.ilg *.ps *.log *.s mpi.c *.da *.dyn *.dpi tommath.tex `find . -type f | grep [~] | xargs` *.lo *.la
-	rm -rf .libs
-	-cd etc && MAKE=${MAKE} ${MAKE} clean
-	-cd pics && MAKE=${MAKE} ${MAKE} clean
-
 .PHONY: pre_gen
 pre_gen:
 	perl gen.pl
diff --git a/libtommath/makefile.include b/libtommath/makefile.include
deleted file mode 100644
index c862f0f..0000000
--- a/libtommath/makefile.include
+++ /dev/null
@@ -1,105 +0,0 @@
-#
-# Include makefile for libtommath
-#
-
-#version of library
-VERSION=1.0
-VERSION_SO=1:0
-
-# default make target
-default: ${LIBNAME}
-
-# Compiler and Linker Names
-ifndef PREFIX
-  PREFIX=
-endif
-
-ifeq ($(CC),cc)
-  CC = $(PREFIX)gcc
-endif
-LD=$(PREFIX)ld
-AR=$(PREFIX)ar
-RANLIB=$(PREFIX)ranlib
-
-ifndef MAKE
-   MAKE=make
-endif
-
-CFLAGS += -I./ -Wall -Wsign-compare -Wextra -Wshadow
-
-ifndef NO_ADDTL_WARNINGS
-# additional warnings
-CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align
-CFLAGS += -Wstrict-prototypes -Wpointer-arith
-endif
-
-ifdef COMPILE_DEBUG
-#debug
-CFLAGS += -g3
-else
-
-ifdef COMPILE_SIZE
-#for size
-CFLAGS += -Os
-else
-
-ifndef IGNORE_SPEED
-#for speed
-CFLAGS += -O3 -funroll-loops
-
-#x86 optimizations [should be valid for any GCC install though]
-CFLAGS  += -fomit-frame-pointer
-endif
-
-endif # COMPILE_SIZE
-endif # COMPILE_DEBUG
-
-# adjust coverage set
-ifneq ($(filter $(shell arch), i386 i686 x86_64 amd64 ia64),)
-   COVERAGE = test_standalone timing
-   COVERAGE_APP = ./test && ./ltmtest
-else
-   COVERAGE = test_standalone
-   COVERAGE_APP = ./test
-endif
-
-HEADERS_PUB=tommath.h tommath_class.h tommath_superclass.h
-HEADERS=tommath_private.h $(HEADERS_PUB)
-
-test_standalone: CFLAGS+=-DLTM_DEMO_TEST_VS_MTEST=0
-
-#LIBPATH-The directory for libtommath to be installed to.
-#INCPATH-The directory to install the header files for libtommath.
-#DATAPATH-The directory to install the pdf docs.
-LIBPATH?=/usr/lib
-INCPATH?=/usr/include
-DATAPATH?=/usr/share/doc/libtommath/pdf
-
-#make the code coverage of the library
-#
-coverage: CFLAGS += -fprofile-arcs -ftest-coverage -DTIMING_NO_LOGS
-coverage: LFLAGS += -lgcov
-coverage: LDFLAGS += -lgcov
-
-coverage: $(COVERAGE)
-	$(COVERAGE_APP)
-
-lcov: coverage
-	rm -f coverage.info
-	lcov --capture --no-external --no-recursion $(LCOV_ARGS) --output-file coverage.info -q
-	genhtml coverage.info --output-directory coverage -q
-
-# target that removes all coverage output
-cleancov-clean:
-	rm -f `find . -type f -name "*.info" | xargs`
-	rm -rf coverage/
-
-# cleans everything - coverage output and standard 'clean'
-cleancov: cleancov-clean clean
-
-clean:
-	rm -f *.gcda *.gcno *.bat *.o *.a *.obj *.lib *.exe *.dll etclib/*.o demo/demo.o test ltmtest mpitest mtest/mtest mtest/mtest.exe \
-        *.idx *.toc *.log *.aux *.dvi *.lof *.ind *.ilg *.ps *.log *.s mpi.c *.da *.dyn *.dpi tommath.tex `find . -type f | grep [~] | xargs` *.lo *.la
-	rm -rf .libs/
-	cd etc ; MAKE=${MAKE} ${MAKE} clean
-	cd pics ; MAKE=${MAKE} ${MAKE} clean
diff --git a/libtommath/makefile_include.mk b/libtommath/makefile_include.mk
index 3a599e8..580a478 100644
--- a/libtommath/makefile_include.mk
+++ b/libtommath/makefile_include.mk
@@ -17,12 +17,13 @@ ifndef CROSS_COMPILE
   CROSS_COMPILE=
 endif
 
-ifeq ($(CC),cc)
-  CC = $(CROSS_COMPILE)gcc
-endif
-LD=$(CROSS_COMPILE)ld
-AR=$(CROSS_COMPILE)ar
-RANLIB=$(CROSS_COMPILE)ranlib
+# Dropbear passes these down
+#ifeq ($(CC),cc)
+#  CC = $(CROSS_COMPILE)gcc
+#endif
+#LD=$(CROSS_COMPILE)ld
+#AR=$(CROSS_COMPILE)ar
+#RANLIB=$(CROSS_COMPILE)ranlib
 
 ifndef MAKE
    MAKE=make
@@ -113,5 +114,5 @@ clean:
 	rm -f *.gcda *.gcno *.gcov *.bat *.o *.a *.obj *.lib *.exe *.dll etclib/*.o demo/demo.o test ltmtest mpitest mtest/mtest mtest/mtest.exe \
         *.idx *.toc *.log *.aux *.dvi *.lof *.ind *.ilg *.ps *.log *.s mpi.c *.da *.dyn *.dpi tommath.tex `find . -type f | grep [~] | xargs` *.lo *.la
 	rm -rf .libs/
-	${MAKE} -C etc/ clean MAKE=${MAKE}
-	${MAKE} -C doc/ clean MAKE=${MAKE}
+	#${MAKE} -C etc/ clean MAKE=${MAKE}
+	#${MAKE} -C doc/ clean MAKE=${MAKE}

From d17dedfa4f864b2b4d1a7fcb5fcda411ea8fa65b Mon Sep 17 00:00:00 2001
From: stellarpower <stellarpower@googlemail.com>
Date: Tue, 20 Feb 2018 02:11:55 +0000
Subject: [PATCH 14/26] Added the -G option to allow logins only for users that
 are members of a certain group. This allows finer control of an instance on
 who can and cannot login over a certain instance (e.g. password and not key).
 Needs double-checking and ensuring it meets platform requirements.

---
 runopts.h     |  2 ++
 svr-auth.c    | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 svr-runopts.c | 22 ++++++++++++++++++++++
 3 files changed, 70 insertions(+)

diff --git a/runopts.h b/runopts.h
index 5118769..a3f46d2 100644
--- a/runopts.h
+++ b/runopts.h
@@ -92,6 +92,8 @@ typedef struct svr_runopts {
 #endif
 
 	int norootlogin;
+        char *grouploginname;
+        gid_t *grouploginid;
 
 	int noauthpass;
 	int norootpass;
diff --git a/svr-auth.c b/svr-auth.c
index 523f91b..9c818d9 100644
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -25,6 +25,8 @@
 /* This file (auth.c) handles authentication requests, passing it to the
  * particular type (auth-passwd, auth-pubkey). */
 
+#include <limits.h>
+
 #include "includes.h"
 #include "dbutil.h"
 #include "session.h"
@@ -232,6 +234,10 @@ static int checkusername(char *username, unsigned int userlen) {
 	char* listshell = NULL;
 	char* usershell = NULL;
 	uid_t uid;
+        int ngroups = 32, ret;
+        gid_t *grouplist;
+
+
 	TRACE(("enter checkusername"))
 	if (userlen > MAX_USERNAME_LEN) {
 		return DROPBEAR_FAILURE;
@@ -278,6 +284,46 @@ static int checkusername(char *username, unsigned int userlen) {
 		return DROPBEAR_FAILURE;
 	}
 
+        /* check for login restricted to certain group if desired */
+        if (svr_opts.grouploginid) {
+
+            for ( ; (ngroups <= NGROUPS_MAX) && (ngroups <= INT_MAX / 8); ngroups *= 2){
+
+                    grouplist = malloc(sizeof(gid_t) * ngroups);
+
+                    ret = getgrouplist(ses.authstate.pw_name, ses.authstate.pw_gid, grouplist, &ngroups);
+
+                    if (ret != -1){
+                        break;
+                    }
+
+                    free(grouplist);
+                    ngroups *= 2;
+            }
+
+            if ((ngroups > NGROUPS_MAX / 8) || (ngroups > INT_MAX / 8)){
+
+                    TRACE(("Cannot walk group structure for current user, too many groups"))
+                    dropbear_log(LOG_ERR, "Cannot walk group structure for current user, too many groups");
+                    return DROPBEAR_FAILURE;
+            }
+
+            ngroups = 0;
+            for (int i = 0; i < ret; i++){
+                    if (grouplist[i] == *svr_opts.grouploginid){
+                    ngroups = 1; //Just used as a flag to indicate success;
+                    break;
+                }
+
+            }
+
+            if (!ngroups){
+                    TRACE(("leave checkusername: user not in permitted group"))
+                    dropbear_log(LOG_WARNING, "logins are restricted to the group %s but user %s is not a member", svr_opts.grouploginname, ses.authstate.pw_name);
+                    return DROPBEAR_FAILURE;
+            }
+        }
+
 	TRACE(("shell is %s", ses.authstate.pw_shell))
 
 	/* check that the shell is set */
diff --git a/svr-runopts.c b/svr-runopts.c
index 3d97023..68b2673 100644
--- a/svr-runopts.c
+++ b/svr-runopts.c
@@ -30,6 +30,8 @@
 #include "algo.h"
 #include "ecdsa.h"
 
+#include <grp.h>
+
 svr_runopts svr_opts; /* GLOBAL */
 
 static void printhelp(const char * progname);
@@ -68,6 +70,7 @@ static void printhelp(const char * progname) {
 					"-m		Don't display the motd on login\n"
 #endif
 					"-w		Disallow root logins\n"
+                                        "-G		Restrict logins to members of specified group\n"
 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
 					"-s		Disable password logins\n"
 					"-g		Disable password logins for root\n"
@@ -132,6 +135,8 @@ void svr_getopts(int argc, char ** argv) {
 	svr_opts.forced_command = NULL;
 	svr_opts.forkbg = 1;
 	svr_opts.norootlogin = 0;
+        svr_opts.grouploginname = NULL;
+        svr_opts.grouploginid = NULL;
 	svr_opts.noauthpass = 0;
 	svr_opts.norootpass = 0;
 	svr_opts.allowblankpass = 0;
@@ -230,6 +235,11 @@ void svr_getopts(int argc, char ** argv) {
 				case 'w':
 					svr_opts.norootlogin = 1;
 					break;
+
+                                case 'G':
+                                        next = &svr_opts.grouploginname;
+                                        break;
+
 				case 'W':
 					next = &recv_window_arg;
 					break;
@@ -331,6 +341,18 @@ void svr_getopts(int argc, char ** argv) {
 		}
 		buf_setpos(svr_opts.banner, 0);
 	}
+
+        if (svr_opts.grouploginname) {
+                struct group *restrictedgroup = getgrnam(svr_opts.grouploginname);
+
+                if (restrictedgroup){
+                    svr_opts.grouploginid = malloc(sizeof(gid_t));
+                    *svr_opts.grouploginid = restrictedgroup->gr_gid;
+                } else {
+                    dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.grouploginname);
+                }
+
+        }
 	
 	if (recv_window_arg) {
 		opts.recv_window = atol(recv_window_arg);

From 4058574cfa98adc3109ce80f0fd15d0c693216f1 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Tue, 20 Feb 2018 19:35:26 +0800
Subject: [PATCH 15/26] add curve25519-sha256 without @libssh.org

---
 common-algo.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/common-algo.c b/common-algo.c
index 5bfe831..2f896ab 100644
--- a/common-algo.c
+++ b/common-algo.c
@@ -276,6 +276,7 @@ static const struct dropbear_kex kex_curve25519 = {DROPBEAR_KEX_CURVE25519, NULL
 
 algo_type sshkex[] = {
 #if DROPBEAR_CURVE25519
+	{"curve25519-sha256", 0, &kex_curve25519, 1, NULL},
 	{"curve25519-sha256@libssh.org", 0, &kex_curve25519, 1, NULL},
 #endif
 #if DROPBEAR_ECDH

From 7efe873d73362eef8920007e502fcefa504740b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Perrad?= <francois.perrad@gadz.org>
Date: Tue, 20 Feb 2018 16:13:42 +0100
Subject: [PATCH 16/26] use a full prototype (#56)

---
 common-session.c | 2 +-
 session.h        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/common-session.c b/common-session.c
index 5cc3a86..a3a2f17 100644
--- a/common-session.c
+++ b/common-session.c
@@ -136,7 +136,7 @@ void common_session_init(int sock_in, int sock_out) {
 	TRACE(("leave session_init"))
 }
 
-void session_loop(void(*loophandler)()) {
+void session_loop(void(*loophandler)(void)) {
 
 	fd_set readfd, writefd;
 	struct timeval timeout;
diff --git a/session.h b/session.h
index ced8ff4..0f77055 100644
--- a/session.h
+++ b/session.h
@@ -40,7 +40,7 @@
 #include "netio.h"
 
 void common_session_init(int sock_in, int sock_out);
-void session_loop(void(*loophandler)()) ATTRIB_NORETURN;
+void session_loop(void(*loophandler)(void)) ATTRIB_NORETURN;
 void session_cleanup(void);
 void send_session_identification(void);
 void send_msg_ignore(void);

From 4c95d595c00818f61905a9d607e3fd675ba85458 Mon Sep 17 00:00:00 2001
From: CamVan Nguyen <ctnguyen@us.ibm.com>
Date: Thu, 22 Feb 2018 21:55:15 +0800
Subject: [PATCH 17/26] Only load dropbear default host keys if a key is not
 specified

---
 svr-runopts.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/svr-runopts.c b/svr-runopts.c
index 3d97023..182366f 100644
--- a/svr-runopts.c
+++ b/svr-runopts.c
@@ -510,17 +510,20 @@ void load_all_hostkeys() {
 		m_free(hostkey_file);
 	}
 
+	/* Only load default host keys if a host key is not specified by the user */
+	if (svr_opts.num_hostkey_files == 0) {
 #if DROPBEAR_RSA
-	loadhostkey(RSA_PRIV_FILENAME, 0);
+		loadhostkey(RSA_PRIV_FILENAME, 0);
 #endif
 
 #if DROPBEAR_DSS
-	loadhostkey(DSS_PRIV_FILENAME, 0);
+		loadhostkey(DSS_PRIV_FILENAME, 0);
 #endif
 
 #if DROPBEAR_ECDSA
-	loadhostkey(ECDSA_PRIV_FILENAME, 0);
+		loadhostkey(ECDSA_PRIV_FILENAME, 0);
 #endif
+   }
 
 #if DROPBEAR_DELAY_HOSTKEY
 	if (svr_opts.delay_hostkey) {

From 2707f054a545788ded23f7886d61ff173a699ddb Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Thu, 22 Feb 2018 21:57:47 +0800
Subject: [PATCH 18/26] clarify that -r skips default hostkeys

---
 dropbear.8 | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/dropbear.8 b/dropbear.8
index f887083..71c955a 100644
--- a/dropbear.8
+++ b/dropbear.8
@@ -148,8 +148,10 @@ Host Key Files
 Host key files are read at startup from a standard location, by default
 /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key, and 
 /etc/dropbear/dropbear_ecdsa_host_key
-or specified on the commandline with -r. These are of the form generated
-by dropbearkey. The -R option can be used to automatically generate keys
+
+If the -r command line option is specified the default files are not loaded.
+Host key files are of the form generated by dropbearkey. 
+The -R option can be used to automatically generate keys
 in the default location - keys will be generated after startup when the first
 connection is established. This had the benefit that the system /dev/urandom
 random number source has a better chance of being securely seeded.

From 36ccfd21e71ecbf7c5441194b8d38bfe1ffe61a6 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Mon, 26 Feb 2018 21:17:13 +0800
Subject: [PATCH 19/26] Fix restricted group code for BSDs, move to separate
 function

---
 runopts.h     |  4 +--
 svr-auth.c    | 86 ++++++++++++++++++++++++++-------------------------
 svr-runopts.c | 31 +++++++++----------
 sysoptions.h  |  2 ++
 4 files changed, 62 insertions(+), 61 deletions(-)

diff --git a/runopts.h b/runopts.h
index a3f46d2..67d5c48 100644
--- a/runopts.h
+++ b/runopts.h
@@ -92,8 +92,8 @@ typedef struct svr_runopts {
 #endif
 
 	int norootlogin;
-        char *grouploginname;
-        gid_t *grouploginid;
+	char *restrict_group;
+	gid_t restrict_group_gid;
 
 	int noauthpass;
 	int norootpass;
diff --git a/svr-auth.c b/svr-auth.c
index 9c818d9..90334e0 100644
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -226,6 +226,40 @@ out:
 	m_free(methodname);
 }
 
+/* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
+static int check_group_membership(gid_t check_gid, const char* username, gid_t user_gid) {
+	int ngroups, i, ret;
+	gid_t *grouplist = NULL;
+	int match = DROPBEAR_FAILURE;
+
+	for (ngroups = 32; ngroups <= DROPBEAR_NGROUP_MAX; ngroups *= 2) {
+		grouplist = m_malloc(sizeof(gid_t) * ngroups);
+
+		/* BSD returns ret==0 on success. Linux returns ret==ngroups on success */
+		ret = getgrouplist(username, user_gid, grouplist, &ngroups);
+		if (ret >= 0) {
+			break;
+		}
+		m_free(grouplist);
+		grouplist = NULL;
+	}
+
+	if (!grouplist) {
+		dropbear_log(LOG_ERR, "Too many groups for user '%s'", username);
+		return DROPBEAR_FAILURE;
+	}
+
+	for (i = 0; i < ngroups; i++) {
+		if (grouplist[i] == check_gid) {
+			match = DROPBEAR_SUCCESS;
+			break;
+		}
+	}
+	m_free(grouplist);
+
+	return match;
+}
+
 
 /* Check that the username exists and isn't disallowed (root), and has a valid shell.
  * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
@@ -234,9 +268,6 @@ static int checkusername(char *username, unsigned int userlen) {
 	char* listshell = NULL;
 	char* usershell = NULL;
 	uid_t uid;
-        int ngroups = 32, ret;
-        gid_t *grouplist;
-
 
 	TRACE(("enter checkusername"))
 	if (userlen > MAX_USERNAME_LEN) {
@@ -284,45 +315,16 @@ static int checkusername(char *username, unsigned int userlen) {
 		return DROPBEAR_FAILURE;
 	}
 
-        /* check for login restricted to certain group if desired */
-        if (svr_opts.grouploginid) {
-
-            for ( ; (ngroups <= NGROUPS_MAX) && (ngroups <= INT_MAX / 8); ngroups *= 2){
-
-                    grouplist = malloc(sizeof(gid_t) * ngroups);
-
-                    ret = getgrouplist(ses.authstate.pw_name, ses.authstate.pw_gid, grouplist, &ngroups);
-
-                    if (ret != -1){
-                        break;
-                    }
-
-                    free(grouplist);
-                    ngroups *= 2;
-            }
-
-            if ((ngroups > NGROUPS_MAX / 8) || (ngroups > INT_MAX / 8)){
-
-                    TRACE(("Cannot walk group structure for current user, too many groups"))
-                    dropbear_log(LOG_ERR, "Cannot walk group structure for current user, too many groups");
-                    return DROPBEAR_FAILURE;
-            }
-
-            ngroups = 0;
-            for (int i = 0; i < ret; i++){
-                    if (grouplist[i] == *svr_opts.grouploginid){
-                    ngroups = 1; //Just used as a flag to indicate success;
-                    break;
-                }
-
-            }
-
-            if (!ngroups){
-                    TRACE(("leave checkusername: user not in permitted group"))
-                    dropbear_log(LOG_WARNING, "logins are restricted to the group %s but user %s is not a member", svr_opts.grouploginname, ses.authstate.pw_name);
-                    return DROPBEAR_FAILURE;
-            }
-        }
+	/* check for login restricted to certain group if desired */
+	if (svr_opts.restrict_group) {
+		if (check_group_membership(svr_opts.restrict_group_gid,
+				ses.authstate.pw_name, ses.authstate.pw_gid) == DROPBEAR_FAILURE) {
+			dropbear_log(LOG_WARNING,
+				"Logins are restricted to the group %s but user '%s' is not a member",
+				svr_opts.restrict_group, ses.authstate.pw_name);
+			return DROPBEAR_FAILURE;
+		}
+	}
 
 	TRACE(("shell is %s", ses.authstate.pw_shell))
 
diff --git a/svr-runopts.c b/svr-runopts.c
index 78764a1..1b057cf 100644
--- a/svr-runopts.c
+++ b/svr-runopts.c
@@ -70,7 +70,7 @@ static void printhelp(const char * progname) {
 					"-m		Don't display the motd on login\n"
 #endif
 					"-w		Disallow root logins\n"
-                                        "-G		Restrict logins to members of specified group\n"
+					"-G		Restrict logins to members of specified group\n"
 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
 					"-s		Disable password logins\n"
 					"-g		Disable password logins for root\n"
@@ -135,8 +135,8 @@ void svr_getopts(int argc, char ** argv) {
 	svr_opts.forced_command = NULL;
 	svr_opts.forkbg = 1;
 	svr_opts.norootlogin = 0;
-        svr_opts.grouploginname = NULL;
-        svr_opts.grouploginid = NULL;
+	svr_opts.restrict_group = NULL;
+	svr_opts.restrict_group_gid = 0;
 	svr_opts.noauthpass = 0;
 	svr_opts.norootpass = 0;
 	svr_opts.allowblankpass = 0;
@@ -235,11 +235,9 @@ void svr_getopts(int argc, char ** argv) {
 				case 'w':
 					svr_opts.norootlogin = 1;
 					break;
-
-                                case 'G':
-                                        next = &svr_opts.grouploginname;
-                                        break;
-
+				case 'G':
+					next = &svr_opts.restrict_group;
+					break;
 				case 'W':
 					next = &recv_window_arg;
 					break;
@@ -342,17 +340,16 @@ void svr_getopts(int argc, char ** argv) {
 		buf_setpos(svr_opts.banner, 0);
 	}
 
-        if (svr_opts.grouploginname) {
-                struct group *restrictedgroup = getgrnam(svr_opts.grouploginname);
+	if (svr_opts.restrict_group) {
+		struct group *restrictedgroup = getgrnam(svr_opts.restrict_group);
 
-                if (restrictedgroup){
-                    svr_opts.grouploginid = malloc(sizeof(gid_t));
-                    *svr_opts.grouploginid = restrictedgroup->gr_gid;
-                } else {
-                    dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.grouploginname);
-                }
+		if (restrictedgroup){
+			svr_opts.restrict_group_gid = restrictedgroup->gr_gid;
+		} else {
+			dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group);
+		}
 
-        }
+	}
 	
 	if (recv_window_arg) {
 		opts.recv_window = atol(recv_window_arg);
diff --git a/sysoptions.h b/sysoptions.h
index ba4b4ca..3eba13b 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -81,6 +81,8 @@
  
 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
 
+#define DROPBEAR_NGROUP_MAX 1024
+
 /* Required for pubkey auth */
 #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) || (DROPBEAR_CLIENT))
 

From 2e836bb553d72d2546de80b7f4da35355efe5baf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Perrad?= <francois.perrad@gadz.org>
Date: Mon, 26 Feb 2018 14:31:15 +0100
Subject: [PATCH 20/26] more linting (#58)

* const parameter

* fix indentation
---
 cli-session.c | 2 +-
 svr-auth.c    | 4 ++--
 svr-runopts.c | 2 +-
 svr-service.c | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/cli-session.c b/cli-session.c
index c28ed57..e0d3a75 100644
--- a/cli-session.c
+++ b/cli-session.c
@@ -181,7 +181,7 @@ static void cli_session_init(pid_t proxy_cmd_pid) {
 
 }
 
-static void send_msg_service_request(char* servicename) {
+static void send_msg_service_request(const char* servicename) {
 
 	TRACE(("enter send_msg_service_request: servicename='%s'", servicename))
 
diff --git a/svr-auth.c b/svr-auth.c
index 90334e0..59d027e 100644
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -38,7 +38,7 @@
 #include "dbrandom.h"
 
 static void authclear(void);
-static int checkusername(char *username, unsigned int userlen);
+static int checkusername(const char *username, unsigned int userlen);
 
 /* initialise the first time for a session, resetting all parameters */
 void svr_authinitialise() {
@@ -263,7 +263,7 @@ static int check_group_membership(gid_t check_gid, const char* username, gid_t u
 
 /* Check that the username exists and isn't disallowed (root), and has a valid shell.
  * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
-static int checkusername(char *username, unsigned int userlen) {
+static int checkusername(const char *username, unsigned int userlen) {
 
 	char* listshell = NULL;
 	char* usershell = NULL;
diff --git a/svr-runopts.c b/svr-runopts.c
index 1b057cf..99d63bb 100644
--- a/svr-runopts.c
+++ b/svr-runopts.c
@@ -542,7 +542,7 @@ void load_all_hostkeys() {
 #if DROPBEAR_ECDSA
 		loadhostkey(ECDSA_PRIV_FILENAME, 0);
 #endif
-   }
+	}
 
 #if DROPBEAR_DELAY_HOSTKEY
 	if (svr_opts.delay_hostkey) {
diff --git a/svr-service.c b/svr-service.c
index 1f72ea5..0aa487c 100644
--- a/svr-service.c
+++ b/svr-service.c
@@ -30,7 +30,7 @@
 #include "ssh.h"
 #include "auth.h"
 
-static void send_msg_service_accept(char *name, int len);
+static void send_msg_service_accept(const char *name, int len);
 
 /* processes a SSH_MSG_SERVICE_REQUEST, returning 0 if finished,
  * 1 if not */
@@ -73,7 +73,7 @@ void recv_msg_service_request() {
 
 }
 
-static void send_msg_service_accept(char *name, int len) {
+static void send_msg_service_accept(const char *name, int len) {
 
 	TRACE(("accepting service %s", name))
 

From 74353696153fd00005b97316822f9895e7f7750f Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Mon, 26 Feb 2018 22:07:18 +0800
Subject: [PATCH 21/26] - Don't try to handle changed usernames - Avoid logging
 repeated failed username messages

---
 auth.h     |  6 +++--
 svr-auth.c | 68 ++++++++++++++++++++++--------------------------------
 2 files changed, 31 insertions(+), 43 deletions(-)

diff --git a/auth.h b/auth.h
index 2c70b1d..da498f5 100644
--- a/auth.h
+++ b/auth.h
@@ -105,12 +105,14 @@ struct AuthState {
 	unsigned char authtypes; /* Flags indicating which auth types are still 
 								valid */
 	unsigned int failcount; /* Number of (failed) authentication attempts.*/
-	unsigned authdone : 1; /* 0 if we haven't authed, 1 if we have. Applies for
+	unsigned int authdone; /* 0 if we haven't authed, 1 if we have. Applies for
 							  client and server (though has differing 
 							  meanings). */
-	unsigned perm_warn : 1; /* Server only, set if bad permissions on 
+	unsigned int perm_warn; /* Server only, set if bad permissions on 
 							   ~/.ssh/authorized_keys have already been
 							   logged. */
+	unsigned int checkusername_failed;  /* Server only, set if checkusername
+	                                has already failed */
 
 	/* These are only used for the server */
 	uid_t pw_uid;
diff --git a/svr-auth.c b/svr-auth.c
index 59d027e..c9a75c0 100644
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -37,26 +37,10 @@
 #include "runopts.h"
 #include "dbrandom.h"
 
-static void authclear(void);
 static int checkusername(const char *username, unsigned int userlen);
 
 /* initialise the first time for a session, resetting all parameters */
 void svr_authinitialise() {
-
-	ses.authstate.failcount = 0;
-	ses.authstate.pw_name = NULL;
-	ses.authstate.pw_dir = NULL;
-	ses.authstate.pw_shell = NULL;
-	ses.authstate.pw_passwd = NULL;
-	authclear();
-	
-}
-
-/* Reset the auth state, but don't reset the failcount. This is for if the
- * user decides to try with a different username etc, and is also invoked
- * on initialisation */
-static void authclear() {
-	
 	memset(&ses.authstate, 0, sizeof(ses.authstate));
 #if DROPBEAR_SVR_PUBKEY_AUTH
 	ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
@@ -66,19 +50,6 @@ static void authclear() {
 		ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
 	}
 #endif
-	if (ses.authstate.pw_name) {
-		m_free(ses.authstate.pw_name);
-	}
-	if (ses.authstate.pw_shell) {
-		m_free(ses.authstate.pw_shell);
-	}
-	if (ses.authstate.pw_dir) {
-		m_free(ses.authstate.pw_dir);
-	}
-	if (ses.authstate.pw_passwd) {
-		m_free(ses.authstate.pw_passwd);
-	}
-	
 }
 
 /* Send a banner message if specified to the client. The client might
@@ -274,18 +245,28 @@ static int checkusername(const char *username, unsigned int userlen) {
 		return DROPBEAR_FAILURE;
 	}
 
-	/* new user or username has changed */
-	if (ses.authstate.username == NULL ||
-		strcmp(username, ses.authstate.username) != 0) {
-			/* the username needs resetting */
-			if (ses.authstate.username != NULL) {
-				dropbear_log(LOG_WARNING, "Client trying multiple usernames from %s",
-							svr_ses.addrstring);
-				m_free(ses.authstate.username);
-			}
-			authclear();
-			fill_passwd(username);
-			ses.authstate.username = m_strdup(username);
+	if (strlen(username) != userlen) {
+		dropbear_exit("Attempted username with a null byte from %s",
+			svr_ses.addrstring);
+	}
+
+	if (ses.authstate.username == NULL) {
+		/* first request */
+		fill_passwd(username);
+		ses.authstate.username = m_strdup(username);
+	} else {
+		/* check username hasn't changed */
+		if (strcmp(username, ses.authstate.username) != 0) {
+			dropbear_exit("Client trying multiple usernames from %s",
+				svr_ses.addrstring);
+		}
+	}
+
+	/* avoids cluttering logs with repeated failure messages from
+	consecutive authentication requests in a sesssion */
+	if (ses.authstate.checkusername_failed) {
+		TRACE(("checkusername: returning cached failure"))
+		return DROPBEAR_FAILURE;
 	}
 
 	/* check that user exists */
@@ -294,6 +275,7 @@ static int checkusername(const char *username, unsigned int userlen) {
 		dropbear_log(LOG_WARNING,
 				"Login attempt for nonexistent user from %s",
 				svr_ses.addrstring);
+		ses.authstate.checkusername_failed = 1;
 		return DROPBEAR_FAILURE;
 	}
 
@@ -305,6 +287,7 @@ static int checkusername(const char *username, unsigned int userlen) {
 				"Login attempt with wrong user %s from %s",
 				ses.authstate.pw_name,
 				svr_ses.addrstring);
+		ses.authstate.checkusername_failed = 1;
 		return DROPBEAR_FAILURE;
 	}
 
@@ -312,6 +295,7 @@ static int checkusername(const char *username, unsigned int userlen) {
 	if (svr_opts.norootlogin && ses.authstate.pw_uid == 0) {
 		TRACE(("leave checkusername: root login disabled"))
 		dropbear_log(LOG_WARNING, "root login rejected");
+		ses.authstate.checkusername_failed = 1;
 		return DROPBEAR_FAILURE;
 	}
 
@@ -322,6 +306,7 @@ static int checkusername(const char *username, unsigned int userlen) {
 			dropbear_log(LOG_WARNING,
 				"Logins are restricted to the group %s but user '%s' is not a member",
 				svr_opts.restrict_group, ses.authstate.pw_name);
+			ses.authstate.checkusername_failed = 1;
 			return DROPBEAR_FAILURE;
 		}
 	}
@@ -349,6 +334,7 @@ static int checkusername(const char *username, unsigned int userlen) {
 	/* no matching shell */
 	endusershell();
 	TRACE(("no matching shell"))
+	ses.authstate.checkusername_failed = 1;
 	dropbear_log(LOG_WARNING, "User '%s' has invalid shell, rejected",
 				ses.authstate.pw_name);
 	return DROPBEAR_FAILURE;

From ebc915baaedfdf667e729d95370adcc5361fe04c Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Mon, 26 Feb 2018 22:08:53 +0800
Subject: [PATCH 22/26] ignore default_options_guard.h

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index b81c1ea..ea58cd8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,4 @@ Makefile
 config.h
 config.h.in
 configure
+default_options_guard.h

From 0fc20c70af11512b219bb17d3aefd9be436cd83e Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Mon, 26 Feb 2018 22:12:39 +0800
Subject: [PATCH 23/26] don't log server listen ports

---
 svr-tcpfwd.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/svr-tcpfwd.c b/svr-tcpfwd.c
index 1fb94a7..83f233d 100644
--- a/svr-tcpfwd.c
+++ b/svr-tcpfwd.c
@@ -94,7 +94,7 @@ void recv_msg_global_request_remotetcp() {
 			buf_putbyte(ses.writepayload, SSH_MSG_REQUEST_SUCCESS);
 			buf_putint(ses.writepayload, allocated_listen_port);
 			encrypt_packet();
-			wantreply = 0; //so out does not do so
+			wantreply = 0; /* avoid out: below sending another reply */
 		}
 	} else if (strcmp("cancel-tcpip-forward", reqname) == 0) {
 		ret = svr_cancelremotetcp();
@@ -212,9 +212,6 @@ static int svr_remotetcpreq(int *allocated_listen_port) {
 	if (DROPBEAR_SUCCESS == ret) {
 		tcpinfo->listenport = get_sock_port(ses.listeners[0]->socks[0]);
 		*allocated_listen_port = tcpinfo->listenport;
-		dropbear_log(LOG_INFO, "tcpip-forward %s:%d '%s'", 
-			((NULL == tcpinfo->listenaddr)?"localhost":tcpinfo->listenaddr), 
-			tcpinfo->listenport, ses.authstate.pw_name);
 	}
 
 out:

From 4aa72b96c1a26ddc05fc22f56c50c9145d36020c Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Mon, 26 Feb 2018 22:14:11 +0800
Subject: [PATCH 24/26] disable group1 in default config

---
 default_options.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/default_options.h b/default_options.h
index 70836bc..853aba6 100644
--- a/default_options.h
+++ b/default_options.h
@@ -149,7 +149,7 @@ IMPORTANT: Some options will require "make clean" after changes */
  * Small systems should generally include either curve25519 or ecdh for performance.
  * curve25519 is less widely supported but is faster
  */ 
-#define DROPBEAR_DH_GROUP1 1
+#define DROPBEAR_DH_GROUP1 0
 #define DROPBEAR_DH_GROUP14_SHA1 1
 #define DROPBEAR_DH_GROUP14_SHA256 1
 #define DROPBEAR_DH_GROUP16 0

From 246f24eda8bba15b04c7c7325af5092091c1751e Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Mon, 26 Feb 2018 22:19:01 +0800
Subject: [PATCH 25/26] Change default ecdsa size to 256

---
 ecdsa.h | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/ecdsa.h b/ecdsa.h
index 8d20474..bb3a18e 100644
--- a/ecdsa.h
+++ b/ecdsa.h
@@ -7,13 +7,14 @@
 
 #if DROPBEAR_ECDSA
 
-/* Prefer the larger size - it's fast anyway */
-#if DROPBEAR_ECC_521
-#define ECDSA_DEFAULT_SIZE 521
+/* prefer 256 or 384 since those are SHOULD for
+   draft-ietf-curdle-ssh-kex-sha2.txt */
+#if DROPBEAR_ECC_256
+#define ECDSA_DEFAULT_SIZE 256
 #elif DROPBEAR_ECC_384
 #define ECDSA_DEFAULT_SIZE 384
-#elif DROPBEAR_ECC_256
-#define ECDSA_DEFAULT_SIZE 256
+#elif DROPBEAR_ECC_521
+#define ECDSA_DEFAULT_SIZE 521
 #else
 #define ECDSA_DEFAULT_SIZE 0
 #endif

From 3996e93a2045b68cbec6d645e7a166358dac95f7 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Mon, 26 Feb 2018 22:42:53 +0800
Subject: [PATCH 26/26] make group1 client-only

---
 default_options.h |  7 ++++++-
 svr-session.c     | 13 +++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/default_options.h b/default_options.h
index 853aba6..3b75eb8 100644
--- a/default_options.h
+++ b/default_options.h
@@ -149,12 +149,17 @@ IMPORTANT: Some options will require "make clean" after changes */
  * Small systems should generally include either curve25519 or ecdh for performance.
  * curve25519 is less widely supported but is faster
  */ 
-#define DROPBEAR_DH_GROUP1 0
 #define DROPBEAR_DH_GROUP14_SHA1 1
 #define DROPBEAR_DH_GROUP14_SHA256 1
 #define DROPBEAR_DH_GROUP16 0
 #define DROPBEAR_CURVE25519 1
 #define DROPBEAR_ECDH 1
+#define DROPBEAR_DH_GROUP1 1
+
+/* When group1 is enabled it will only be allowed by Dropbear client
+not as a server, due to concerns over its strength. Set to 0 to allow
+group1 in Dropbear server too */
+#define DROPBEAR_DH_GROUP1_CLIENTONLY 1
 
 /* Control the memory/performance/compression tradeoff for zlib.
  * Set windowBits=8 for least memory usage, see your system's
diff --git a/svr-session.c b/svr-session.c
index 3ff7953..ae9cb24 100644
--- a/svr-session.c
+++ b/svr-session.c
@@ -42,6 +42,7 @@
 #include "crypto_desc.h"
 
 static void svr_remoteclosed(void);
+static void svr_algos_initialise(void);
 
 struct serversession svr_ses; /* GLOBAL */
 
@@ -102,6 +103,7 @@ void svr_session(int sock, int childpipe) {
 	svr_authinitialise();
 	chaninitialise(svr_chantypes);
 	svr_chansessinitialise();
+	svr_algos_initialise();
 
 	/* for logging the remote address */
 	get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0);
@@ -243,3 +245,14 @@ static void svr_remoteclosed() {
 
 }
 
+static void svr_algos_initialise(void) {
+#if DROPBEAR_DH_GROUP1 && DROPBEAR_DH_GROUP1_CLIENTONLY
+	algo_type *algo;
+	for (algo = sshkex; algo->name; algo++) {
+		if (strcmp(algo->name, "diffie-hellman-group1-sha1") == 0) {
+			algo->usable = 0;
+		}
+	}
+#endif
+}
+