merge from main

--HG-- branch : fuzz
2025-03-10 05:50:15 +00:00 · 2018-02-26 22:44:48 +08:00 · 2018-02-26 22:44:48 +08:00 · 5df73215f8
commit 5df73215f8
parent 573838a027 3996e93a20
39 changed files with 389 additions and 848 deletions
--- a/.gitignore
+++ b/.gitignore
@ -19,3 +19,4 @@ Makefile
 config.h
 config.h.in
 configure
 default_options_guard.h
--- a/73
+++ b/73
@ -1,3 +1,76 @@
 Upcoming...
 - IMPORTANT:
  Custom configuration is now specified in local_options.h rather than options.h
  Available options and defaults can be seen in default_options.h
  To migrate your configuration, compare your customised options.h against the
  upstream options.h from your relevant version. Any customised options should
  be put in localoptions.h
 - "configure --enable-static" should now be used instead of "make STATIC=1"
 - Add group14-256 and group16 key exchange options
 - Set hardened build flags by default if supported by the compiler.
  -Wl,-pie
  -Wl,-z,now -Wl,-z,relro
  -fstack-protector-strong
  -D_FORTIFY_SOURCE=2
  # spectre v2 mitigation
  -mfunction-return=thunk
  -mindirect-branch=thunk
  These can be disabled with configure --disable-harden if needed
  Spectre patch from Loganaden Velvindron
 - Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant
 - Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket.
  See dbclient manpage for a socat example. Patch from Harald Becker
 - Add "-c forced_command" option. Patch from Jeremy Kerr
 - Support server-chosen TCP forwarding ports, patch from houseofkodai
 - Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port]
  Patch from houseofkodai
 - Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1
 - Minimum RSA key length has been increased to 1024 bits
 - Set PAM_RHOST which is needed by modules such as pam_abl
 - Improvements to DSS public key validation, found by OSS-Fuzz. 
 - Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz
 - Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz
 - Numerous code cleanups and small issues fixed by Francois Perrad
 - Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl
  platforms. Reported by Oliver Schneider and Andrew Bainbridge
 - Fix some platform portability problems, from Ben Gardner
 - Add EXEEXT filename suffix for building dropbearmulti, from William Foster
 - Support --enable-<option> properly for configure, from Stefan Hauser
 - configure have_openpty result can be cached, from Eric Bénard
 - handle platforms that return close() < -1 on failure, from Marco Wenzel
 - Build and configuration cleanups from Michael Witten
 - Fix libtomcrypt/libtommath linking order, from Andre McCurdy
 - Fix old Linux platforms that have SYS_clock_gettime but not CLOCK_MONOTONIC
 - Update curve25519-donna implementation to current version
 2017.75 - 18 May 2017
 - Security: Fix double-free in server TCP listener cleanup
--- a/2
+++ b/2
@ -1,7 +1,7 @@
 Basic Dropbear build instructions:
 - Edit localoptions.h to set which features you want. Available options
-  are described in default_options.h.in, these will be overridden by
+  are described in default_options.h, these will be overridden by
  anything set in localoptions.h
 - If using a Mercurial or Git checkout, "autoconf; autoheader"
--- a/Makefile.in
+++ b/Makefile.in
@ -20,12 +20,13 @@ LIBTOM_LIBS=@LIBTOM_LIBS@
 ifeq (@BUNDLED_LIBTOM@, 1)
 LIBTOM_DEPS=$(STATIC_LTC) $(STATIC_LTM) 
 CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/
-LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM) 
+LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM)
 endif
 OPTION_HEADERS = default_options_guard.h sysoptions.h
 ifneq ($(wildcard localoptions.h),)
 CFLAGS+=-DLOCALOPTIONS_H_EXISTS
-LOCALOPTIONS_H=localoptions.h
+OPTION_HEADERS += localoptions.h
 endif
 COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
@ -103,7 +104,6 @@ ifneq (,$(strip $(foreach prog, $(PROGRAMS), $(findstring ZdbclientZ, Z$(prog)Z)
 	CFLAGS+= -DDROPBEAR_CLIENT
 endif
 # these are exported so that libtomcrypt's makefile will use them
 export CC
 export CFLAGS
@ -126,9 +126,16 @@ endif
 all: $(TARGETS)
-# a bit lazy, but safer
+# for simplicity assume all source depends on all headers
-HEADERS=$(wildcard $(srcdir)/*.h *.h)
+HEADERS=$(wildcard $(srcdir)/*.h *.h) $(OPTION_HEADERS)
-*.o: $(HEADERS)
+%.o : %.c $(HEADERS)
 	$(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@
 default_options_guard.h: default_options.h
 	@echo Creating $@
 	@printf "/*\n > > > Do not edit this file (default_options_guard.h) < < <\nGenerated from "$^"\nLocal customisation goes in localoptions.h\n*/\n\n" > $@.tmp
 	@$(srcdir)/ifndef_wrapper.sh < $^ >> $@.tmp
 	@mv $@.tmp $@
 strip: $(TARGETS)
 	$(STRIP) $(addsuffix $(EXEEXT), $(TARGETS))
@ -202,10 +209,10 @@ link%:
 	-rm -f $*$(EXEEXT)
 	-ln -s dropbearmulti$(EXEEXT) $*$(EXEEXT)
-$(STATIC_LTC): 
+$(STATIC_LTC): $(OPTION_HEADERS)
 	$(MAKE) -C libtomcrypt
-$(STATIC_LTM):
+$(STATIC_LTM): $(OPTION_HEADERS)
 	$(MAKE) -C libtommath
 .PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean
@ -229,18 +236,11 @@ thisclean:
 distclean: clean tidy
 	-rm -f config.h
 	-rm -f Makefile
 	-rm -f default_options_guard.h
 tidy:
 	-rm -f *~ *.gcov */*~
 # default_options.h is stored in version control, could not find a workaround
 # for parallel "make -j" and dependency rules.
 default_options.h: default_options.h.in 
 	@echo Creating $@
 	@echo "/*\n > > > Do not edit this file (default_options.h) < < <\nGenerated from "$^"\nLocal customisation goes in localoptions.h\n*/\n\n" > $@.tmp
 	@$(srcdir)/ifndef_wrapper.sh < $^ >> $@.tmp
 	@mv $@.tmp $@
 ## Fuzzing targets
 # list of fuzz targets
--- a/27
+++ b/27
@ -1,27 +0,0 @@
 Current:
 Things which might need doing:
 - default private dbclient keys
 - Make options.h generated from configure perhaps?
 - handle /etc/environment in AIX
 - check that there aren't timing issues with valid/invalid user authentication
  feedback.
 - Binding to different interfaces
 - CTR mode
 - SSH_MSG_IGNORE sending to improve CBC security
 - DH Group Exchange possibly, or just add group14 (whatever it's called today)
 - fix scp.c for IRIX
 - Be able to use OpenSSH keys for the client? or at least have some form of 
  encrypted keys.
 - Client agent forwarding
 - Handle restrictions in ~/.ssh/authorized_keys ?
--- a/auth.h
+++ b/auth.h
@ -105,12 +105,14 @@ struct AuthState {
 	unsigned char authtypes; /* Flags indicating which auth types are still 
 								valid */
 	unsigned int failcount; /* Number of (failed) authentication attempts.*/
-	unsigned authdone : 1; /* 0 if we haven't authed, 1 if we have. Applies for
+	unsigned int authdone; /* 0 if we haven't authed, 1 if we have. Applies for
 							  client and server (though has differing 
 							  meanings). */
-	unsigned perm_warn : 1; /* Server only, set if bad permissions on 
+	unsigned int perm_warn; /* Server only, set if bad permissions on 
 							   ~/.ssh/authorized_keys have already been
 							   logged. */
 	unsigned int checkusername_failed;  /* Server only, set if checkusername
 	                                has already failed */
 	/* These are only used for the server */
 	uid_t pw_uid;
--- a/cli-auth.c
+++ b/cli-auth.c
@ -60,7 +60,7 @@ void cli_auth_getmethods() {
 	*/
 	if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) {
 		ses.authstate.authtypes = AUTH_TYPE_PUBKEY;
-#if DROPBEAR_USE_DROPBEAR_PASSWORD
+#if DROPBEAR_USE_PASSWORD_ENV
 		if (getenv(DROPBEAR_PASSWORD_ENV)) {
 			ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT;
 		}
@ -337,7 +337,7 @@ char* getpass_or_cancel(const char* prompt)
 {
 	char* password = NULL;
-#if DROPBEAR_USE_DROPBEAR_PASSWORD
+#if DROPBEAR_USE_PASSWORD_ENV
 	/* Password provided in an environment var */
 	password = getenv(DROPBEAR_PASSWORD_ENV);
 	if (password)
--- a/cli-main.c
+++ b/cli-main.c
@ -158,6 +158,21 @@ static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out) {
 	size_t ex_cmdlen;
 	int ret;
 	/* File descriptor "-j &3" */
 	if (*cli_opts.proxycmd == '&') {
 		char *p = cli_opts.proxycmd + 1;
 		int sock = strtoul(p, &p, 10);
 		/* must be a single number, and not stdin/stdout/stderr */
 		if (sock > 2 && sock < 1024 && *p == '\0') {
 			*sock_in = sock;
 			*sock_out = sock;
 			return;
 		}
 	}
 	/* Normal proxycommand */
 	/* So that spawn_command knows which shell to run */
 	fill_passwd(cli_opts.own_user);
 	ex_cmdlen = strlen(cli_opts.proxycmd) + 6; /* "exec " + command + '\0' */
--- a/cli-session.c
+++ b/cli-session.c
@ -181,7 +181,7 @@ static void cli_session_init(pid_t proxy_cmd_pid) {
 }
-static void send_msg_service_request(char* servicename) {
+static void send_msg_service_request(const char* servicename) {
 	TRACE(("enter send_msg_service_request: servicename='%s'", servicename))
--- a/cli-tcpfwd.c
+++ b/cli-tcpfwd.c
@ -23,7 +23,6 @@
 * SOFTWARE. */
 #include "includes.h"
 #include "options.h"
 #include "dbutil.h"
 #include "tcpfwd.h"
 #include "channel.h"
--- a/common-algo.c
+++ b/common-algo.c
@ -276,6 +276,7 @@ static const struct dropbear_kex kex_curve25519 = {DROPBEAR_KEX_CURVE25519, NULL
 algo_type sshkex[] = {
 #if DROPBEAR_CURVE25519
 	{"curve25519-sha256", 0, &kex_curve25519, 1, NULL},
 	{"curve25519-sha256@libssh.org", 0, &kex_curve25519, 1, NULL},
 #endif
 #if DROPBEAR_ECDH
@ -289,12 +290,12 @@ algo_type sshkex[] = {
 	{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
 #endif
 #endif
 #if DROPBEAR_DH_GROUP14_SHA1
 	{"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
 #endif
 #if DROPBEAR_DH_GROUP14_SHA256
 	{"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
 #endif
 #if DROPBEAR_DH_GROUP14_SHA1
 	{"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
 #endif
 #if DROPBEAR_DH_GROUP1
 	{"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
 #endif
--- a/common-session.c
+++ b/common-session.c
@ -140,7 +140,7 @@ void common_session_init(int sock_in, int sock_out) {
 	TRACE(("leave session_init"))
 }
-void session_loop(void(*loophandler)()) {
+void session_loop(void(*loophandler)(void)) {
 	fd_set readfd, writefd;
 	struct timeval timeout;
--- a/dbclient.1
+++ b/dbclient.1
@ -111,11 +111,22 @@ if 0 disables keepalives. If no response is received for 3 consecutive keepalive
 .B \-I \fIidle_timeout
 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
 .TP
 .\" TODO: how to avoid a line break between these two -J arguments?
 .B \-J \fIproxy_command
 .TP
 .B \-J \fI&fd
 .br
 Use the standard input/output of the program \fIproxy_command\fR rather than using
 a normal TCP connection. A hostname should be still be provided, as this is used for
 comparing saved hostkeys. This command will be executed as "exec proxy_command ..." with the
 default shell.
 The second form &fd will make dbclient use the numeric file descriptor as a socket. This
 can be used for more complex tunnelling scenarios. Example usage with socat is
 socat EXEC:'dbclient -J &38 ev',fdin=38,fdout=38 TCP4:host.example.com:22
 .TP
 .B \-B \fIendhost:endport
 "Netcat-alike" mode, where Dropbear will connect to the given host, then create a
--- a/dbhelpers.h
+++ b/dbhelpers.h
@ -3,7 +3,7 @@
 /* This header defines some things that are also used by libtomcrypt/math. 
   We avoid including normal include.h since that can result in conflicting 
-   definitinos - only include config.h */
+   definitions - only include config.h */
 #include "config.h"
 #ifdef __GNUC__
--- a/default_options.h
+++ b/default_options.h
@ -1,44 +1,27 @@
 /*
 > > > Do not edit this file (default_options.h) < < <
 Generated from ../default_options.h.in
 Local customisation goes in localoptions.h
 */
 #ifndef DROPBEAR_DEFAULT_OPTIONS_H_
 #define DROPBEAR_DEFAULT_OPTIONS_H_
 /*
                     > > > Read This < < <
-default_options.h.in  documents compile-time options, and provides default values.
+default_options.h  documents compile-time options, and provides default values.
 Local customisation should be added to localoptions.h which is
 used if it exists. Options defined there will override any options in this
 file.
-Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS
+Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS
-IMPORTANT: Many options will require "make clean" after changes */
+IMPORTANT: Some options will require "make clean" after changes */
 #ifndef DROPBEAR_DEFPORT
 #define DROPBEAR_DEFPORT "22"
 #endif
 /* Listen on all interfaces */
 #ifndef DROPBEAR_DEFADDRESS
 #define DROPBEAR_DEFADDRESS ""
 #endif
 /* Default hostkey paths - these can be specified on the command line */
 #ifndef DSS_PRIV_FILENAME
 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
 #endif
 #ifndef RSA_PRIV_FILENAME
 #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
 #endif
 #ifndef ECDSA_PRIV_FILENAME
 #define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
 #endif
 /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
 * on chosen ports and keeps accepting connections. This is the default.
@ -50,140 +33,76 @@ IMPORTANT: Many options will require "make clean" after changes */
 *
 * Both of these flags can be defined at once, don't compile without at least
 * one of them. */
 #ifndef NON_INETD_MODE
 #define NON_INETD_MODE 1
 #endif
 #ifndef INETD_MODE
 #define INETD_MODE 1
 #endif
-/* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
+/* Include verbose debug output, enabled with -v at runtime. 
- * perhaps 20% slower for pubkey operations (it is probably worth experimenting
+ * This will add a reasonable amount to your executable size. */
- * if you want to use this) */
+#define DEBUG_TRACE 0
 /*#define NO_FAST_EXPTMOD*/
 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
-several kB in binary size however will make the symmetrical ciphers and hashes
+ * several kB in binary size however will make the symmetrical ciphers and hashes
-slower, perhaps by 50%. Recommended for small systems that aren't doing
+ * slower, perhaps by 50%. Recommended for small systems that aren't doing
-much traffic. */
+ * much traffic. */
 #ifndef DROPBEAR_SMALL_CODE
 #define DROPBEAR_SMALL_CODE 1
 #endif
 /* Enable X11 Forwarding - server only */
 #ifndef DROPBEAR_X11FWD
 #define DROPBEAR_X11FWD 1
 #endif
 /* Enable TCP Fowarding */
 /* 'Local' is "-L" style (client listening port forwarded via server)
 * 'Remote' is "-R" style (server listening port forwarded via client) */
 #ifndef DROPBEAR_CLI_LOCALTCPFWD
 #define DROPBEAR_CLI_LOCALTCPFWD 1
 #endif
 #ifndef DROPBEAR_CLI_REMOTETCPFWD
 #define DROPBEAR_CLI_REMOTETCPFWD 1
 #endif
 #ifndef DROPBEAR_SVR_LOCALTCPFWD
 #define DROPBEAR_SVR_LOCALTCPFWD 1
 #endif
 #ifndef DROPBEAR_SVR_REMOTETCPFWD
 #define DROPBEAR_SVR_REMOTETCPFWD 1
 #endif
 /* Enable Authentication Agent Forwarding */
 #ifndef DROPBEAR_SVR_AGENTFWD
 #define DROPBEAR_SVR_AGENTFWD 1
 #endif
 #ifndef DROPBEAR_CLI_AGENTFWD
 #define DROPBEAR_CLI_AGENTFWD 1
 #endif
 /* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to
 * allow multihop dbclient connections */
 /* Allow using -J <proxycommand> to run the connection through a 
   pipe to a program, rather the normal TCP connection */
 #ifndef DROPBEAR_CLI_PROXYCMD
 #define DROPBEAR_CLI_PROXYCMD 1
 #endif
 /* Enable "Netcat mode" option. This will forward standard input/output
 * to a remote TCP-forwarded connection */
 #ifndef DROPBEAR_CLI_NETCAT
 #define DROPBEAR_CLI_NETCAT 1
 #endif
 /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
-#ifndef ENABLE_USER_ALGO_LIST
+#define DROPBEAR_USER_ALGO_LIST 1
 #define ENABLE_USER_ALGO_LIST 1
 #endif
 /* Encryption - at least one required.
- * Protocol RFC requires 3DES and recommends AES128 for interoperability.
+ * AES128 should be enabled, some very old implementations might only
- * Including multiple keysize variants the same cipher 
+ * support 3DES.
- * (eg AES256 as well as AES128) will result in a minimal size increase.*/
+ * Including both AES keysize variants (128 and 256) will result in 
-#ifndef DROPBEAR_AES128
+ * a minimal size increase */
 #define DROPBEAR_AES128 1
 #endif
 #ifndef DROPBEAR_3DES
 #define DROPBEAR_3DES 1
 #endif
 #ifndef DROPBEAR_AES256
 #define DROPBEAR_AES256 1
-#endif
+#define DROPBEAR_TWOFISH256 0
 #define DROPBEAR_TWOFISH128 0
 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
-/*#define DROPBEAR_BLOWFISH*/
+#define DROPBEAR_BLOWFISH 0
 #ifndef DROPBEAR_TWOFISH256
 #define DROPBEAR_TWOFISH256 1
 #endif
 #ifndef DROPBEAR_TWOFISH128
 #define DROPBEAR_TWOFISH128 1
 #endif
 /* Enable CBC mode for ciphers. This has security issues though
 * is the most compatible with older SSH implementations */
 #ifndef DROPBEAR_ENABLE_CBC_MODE
 #define DROPBEAR_ENABLE_CBC_MODE 1
 #endif
-/* Enable "Counter Mode" for ciphers. This is more secure than normal
+/* Enable "Counter Mode" for ciphers. This is more secure than
 * CBC mode against certain attacks. It is recommended for security
 * and forwards compatibility */
 #ifndef DROPBEAR_ENABLE_CTR_MODE
 #define DROPBEAR_ENABLE_CTR_MODE 1
 #endif
 /* Twofish counter mode is disabled by default because it 
 has not been tested for interoperability with other SSH implementations.
 If you test it please contact the Dropbear author */
 #ifndef DROPBEAR_TWOFISH_CTR
 #define DROPBEAR_TWOFISH_CTR 0
 #endif
 /* Message integrity. sha2-256 is recommended as a default, 
   sha1 for compatibility */
 #ifndef DROPBEAR_SHA1_HMAC
 #define DROPBEAR_SHA1_HMAC 1
 #endif
 #ifndef DROPBEAR_SHA1_96_HMAC
 #define DROPBEAR_SHA1_96_HMAC 1
 #endif
 #ifndef DROPBEAR_SHA2_256_HMAC
 #define DROPBEAR_SHA2_256_HMAC 1
 #endif
 /* Default is to include it is sha512 is being compiled in for ECDSA */
 #ifndef DROPBEAR_SHA2_512_HMAC
 #define DROPBEAR_SHA2_512_HMAC (DROPBEAR_ECDSA)
 #endif
 /* XXX needed for fingerprints */
 #ifndef DROPBEAR_MD5_HMAC
 #define DROPBEAR_MD5_HMAC 0
 #endif
 /* Hostkey/public key algorithms - at least one required, these are used
 * for hostkey as well as for verifying signatures with pubkey auth.
@ -191,23 +110,15 @@ If you test it please contact the Dropbear author */
 * RSA is recommended
 * DSS may be necessary to connect to some systems though
   is not recommended for new keys */
 #ifndef DROPBEAR_RSA
 #define DROPBEAR_RSA 1
 #endif
 #ifndef DROPBEAR_DSS
 #define DROPBEAR_DSS 1
 #endif
 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
 * code (either ECDSA or ECDH) increases binary size - around 30kB
 * on x86-64 */
 #ifndef DROPBEAR_ECDSA
 #define DROPBEAR_ECDSA 1
 #endif
 /* RSA must be >=1024 */
 #ifndef DROPBEAR_DEFAULT_RSA_SIZE
 #define DROPBEAR_DEFAULT_RSA_SIZE 2048
 #endif
 /* DSS is always 1024 */
 /* ECDSA defaults to largest size configured, usually 521 */
@ -215,46 +126,40 @@ If you test it please contact the Dropbear author */
   connection using that key type occurs.
   This avoids the need to otherwise run "dropbearkey" and avoids some problems
   with badly seeded /dev/urandom when systems first boot. */
 #ifndef DROPBEAR_DELAY_HOSTKEY
 #define DROPBEAR_DELAY_HOSTKEY 1
 #endif
 /* Enable Curve25519 for key exchange. This is another elliptic
 * curve method with good security properties. Increases binary size
 * by ~8kB on x86-64 */
 #ifndef DROPBEAR_CURVE25519
 #define DROPBEAR_CURVE25519 1
 #endif
 /* Enable elliptic curve Diffie Hellman key exchange, see note about
 * ECDSA above */
 #ifndef DROPBEAR_ECDH
 #define DROPBEAR_ECDH 1
 #endif
 /* Key exchange algorithm.
 * group14_sha1 - 2048 bit, sha1
 * group14_sha256 - 2048 bit, sha2-256
 * group16 - 4096 bit, sha2-512
 * group1 - 1024 bit, sha1
 * curve25519 - elliptic curve DH
 * ecdh - NIST elliptic curve DH (256, 384, 521)
 *
 * group14 is supported by most implementations.
 * group16 provides a greater strength level but is slower and increases binary size
 * group1 is too small for security though is necessary if you need 
     compatibility with some implementations such as Dropbear versions < 0.53
 * group14 is supported by most implementations.
 * group16 provides a greater strength level but is slower and increases binary size
 * curve25519 and ecdh algorithms are faster than non-elliptic curve methods
 * curve25519 increases binary size by ~8kB on x86-64
 * including either ECDH or ECDSA increases binary size by ~30kB on x86-64
 * Small systems should generally include either curve25519 or ecdh for performance.
 * curve25519 is less widely supported but is faster
 */ 
 #ifndef DROPBEAR_DH_GROUP1
 #define DROPBEAR_DH_GROUP1 1
 #endif
 #ifndef DROPBEAR_DH_GROUP14_SHA1
 #define DROPBEAR_DH_GROUP14_SHA1 1
 #endif
 #ifndef DROPBEAR_DH_GROUP14_SHA256
 #define DROPBEAR_DH_GROUP14_SHA256 1
 #endif
 #ifndef DROPBEAR_DH_GROUP16
 #define DROPBEAR_DH_GROUP16 0
-#endif
+#define DROPBEAR_CURVE25519 1
 #define DROPBEAR_ECDH 1
 #define DROPBEAR_DH_GROUP1 1
 /* When group1 is enabled it will only be allowed by Dropbear client
 not as a server, due to concerns over its strength. Set to 0 to allow
 group1 in Dropbear server too */
 #define DROPBEAR_DH_GROUP1_CLIENTONLY 1
 /* Control the memory/performance/compression tradeoff for zlib.
 * Set windowBits=8 for least memory usage, see your system's
@ -263,27 +168,18 @@ If you test it please contact the Dropbear author */
 * windowBits=8 will use 129kB for compression.
 * Both modes will use ~35kB for decompression (using windowBits=15 for
 * interoperability) */
 #ifndef DROPBEAR_ZLIB_WINDOW_BITS
 #define DROPBEAR_ZLIB_WINDOW_BITS 15 
 #endif
 /* Whether to do reverse DNS lookups. */
 #ifndef DO_HOST_LOOKUP
 #define DO_HOST_LOOKUP 0
 #endif
 /* Whether to print the message of the day (MOTD). */
 #ifndef DO_MOTD
 #define DO_MOTD 0
 #endif
 /* The MOTD file path */
 #ifndef MOTD_FILENAME
 #define MOTD_FILENAME "/etc/motd"
 #endif
 /* Authentication Types - at least one required.
   RFC Draft requires pubkey auth, and recommends password */
 #define DROPBEAR_SVR_PASSWORD_AUTH 1
 /* Note: PAM auth is quite simple and only works for PAM modules which just do
 * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
@ -291,138 +187,79 @@ If you test it please contact the Dropbear author */
 * but there's an interface via a PAM module. It won't work for more complex
 * PAM challenge/response.
 * You can't enable both PASSWORD and PAM. */
 /* This requires crypt() */
 #ifdef HAVE_CRYPT
 #ifndef DROPBEAR_SVR_PASSWORD_AUTH
 #define DROPBEAR_SVR_PASSWORD_AUTH 1
 #endif
 #else
 #ifndef DROPBEAR_SVR_PASSWORD_AUTH
 #define DROPBEAR_SVR_PASSWORD_AUTH 0
 #endif
 #endif
 /* PAM requires ./configure --enable-pam */
 #ifndef DROPBEAR_SVR_PAM_AUTH
 #define DROPBEAR_SVR_PAM_AUTH 0
-#endif
+
-#ifndef DROPBEAR_SVR_PUBKEY_AUTH
+/* ~/.ssh/authorized_keys authentication */
 #define DROPBEAR_SVR_PUBKEY_AUTH 1
 #endif
 /* Whether to take public key options in 
 * authorized_keys file into account */
 #ifndef DROPBEAR_SVR_PUBKEY_OPTIONS
 #define DROPBEAR_SVR_PUBKEY_OPTIONS 1
 #endif
-/* This requires getpass. */
+/* Client authentication options */
 #ifdef HAVE_GETPASS
 #ifndef DROPBEAR_CLI_PASSWORD_AUTH
 #define DROPBEAR_CLI_PASSWORD_AUTH 1
 #endif
 #ifndef DROPBEAR_CLI_INTERACT_AUTH
 #define DROPBEAR_CLI_INTERACT_AUTH 1
 #endif
 #endif
 #ifndef DROPBEAR_CLI_PUBKEY_AUTH
 #define DROPBEAR_CLI_PUBKEY_AUTH 1
 #endif
 /* A default argument for dbclient -i <privatekey>. 
 Homedir is prepended unless path begins with / */
 #ifndef DROPBEAR_DEFAULT_CLI_AUTHKEY
 #define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear"
 #endif
-/* This variable can be used to set a password for client
+/* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD
- * authentication on the commandline. Beware of platforms
+ * environment variable. */
- * that don't protect environment variables of processes etc. Also
+#define DROPBEAR_USE_PASSWORD_ENV 1
 * note that it will be provided for all "hidden" client-interactive
 * style prompts - if you want something more sophisticated, use 
 * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
 #ifndef DROPBEAR_PASSWORD_ENV
 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
 #endif
 /* Define this (as well as DROPBEAR_CLI_PASSWORD_AUTH) to allow the use of
 * a helper program for the ssh client. The helper program should be
 * specified in the SSH_ASKPASS environment variable, and dbclient
 * should be run with DISPLAY set and no tty. The program should
 * return the password on standard output */
 #ifndef DROPBEAR_CLI_ASKPASS_HELPER
 #define DROPBEAR_CLI_ASKPASS_HELPER 0
 #endif
 /* Save a network roundtrip by sendng a real auth request immediately after
- * sending a query for the available methods.  It is at the expense of < 100
+ * sending a query for the available methods. This is not yet enabled by default 
- * bytes of extra network traffic. This is not yet enabled by default since it
+ since it could cause problems with non-compliant servers */ 
 * could cause problems with non-compliant servers */
 #ifndef DROPBEAR_CLI_IMMEDIATE_AUTH
 #define DROPBEAR_CLI_IMMEDIATE_AUTH 0
 #endif
 /* Source for randomness. This must be able to provide hundreds of bytes per SSH
 * connection without blocking. In addition /dev/random is used for seeding
 * rsa/dss key generation */
 #ifndef DROPBEAR_URANDOM_DEV
 #define DROPBEAR_URANDOM_DEV "/dev/urandom"
 #endif
 /* Set this to use PRNGD or EGD instead of /dev/urandom or /dev/random */
 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
 /* Set this to use PRNGD or EGD instead of /dev/urandom */
 #define DROPBEAR_USE_PRNGD 0
 #define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
 /* Specify the number of clients we will allow to be connected but
 * not yet authenticated. After this limit, connections are rejected */
 /* The first setting is per-IP, to avoid denial of service */
 #ifndef MAX_UNAUTH_PER_IP
 #define MAX_UNAUTH_PER_IP 5
 #endif
 /* And then a global limit to avoid chewing memory if connections 
 * come from many IPs */
 #ifndef MAX_UNAUTH_CLIENTS
 #define MAX_UNAUTH_CLIENTS 30
 #endif
 /* Default maximum number of failed authentication tries (server option) */
 /* -T server option overrides */
 #ifndef MAX_AUTH_TRIES
 #define MAX_AUTH_TRIES 10
 #endif
 /* The default file to store the daemon's process ID, for shutdown
   scripts etc. This can be overridden with the -P flag */
 #ifndef DROPBEAR_PIDFILE
 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
 #endif
 /* The command to invoke for xauth when using X11 forwarding.
 * "-q" for quiet */
 #ifndef XAUTH_COMMAND
 #define XAUTH_COMMAND "/usr/bin/xauth -q"
-#endif
+
 /* if you want to enable running an sftp server (such as the one included with
- * OpenSSH), set the path below. If the path isn't defined, sftp will not
+ * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. 
- * be enabled */
+ * The sftp-server program is not provided by Dropbear itself */
-#ifndef SFTPSERVER_PATH
+#define DROPBEAR_SFTPSERVER 1
 #define SFTPSERVER_PATH "/usr/libexec/sftp-server"
 #endif
 /* This is used by the scp binary when used as a client binary. If you're
 * not using the Dropbear client, you'll need to change it */
 #ifndef DROPBEAR_PATH_SSH_PROGRAM
 #define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
 #endif
 /* Whether to log commands executed by a client. This only logs the 
 * (single) command sent to the server, not what a user did in a 
 * shell/sftp session etc. */
 #ifndef LOG_COMMANDS
 #define LOG_COMMANDS 0
 #endif
 /* Window size limits. These tend to be a trade-off between memory
   usage and network performance: */
@ -431,42 +268,28 @@ Homedir is prepended unless path begins with / */
   significant difference to network performance. 24kB was empirically
   chosen for a 100mbit ethernet network. The value can be altered at
   runtime with the -W argument. */
 #ifndef DEFAULT_RECV_WINDOW
 #define DEFAULT_RECV_WINDOW 24576
 #endif
 /* Maximum size of a received SSH data packet - this _MUST_ be >= 32768
   in order to interoperate with other implementations */
 #ifndef RECV_MAX_PAYLOAD_LEN
 #define RECV_MAX_PAYLOAD_LEN 32768
 #endif
 /* Maximum size of a transmitted data packet - this can be any value,
   though increasing it may not make a significant difference. */
 #ifndef TRANS_MAX_PAYLOAD_LEN
 #define TRANS_MAX_PAYLOAD_LEN 16384
 #endif
 /* Ensure that data is transmitted every KEEPALIVE seconds. This can
 be overridden at runtime with -K. 0 disables keepalives */
 #ifndef DEFAULT_KEEPALIVE
 #define DEFAULT_KEEPALIVE 0
 #endif
 /* If this many KEEPALIVES are sent with no packets received from the
 other side, exit. Not run-time configurable - if you have a need
 for runtime configuration please mail the Dropbear list */
 #ifndef DEFAULT_KEEPALIVE_LIMIT
 #define DEFAULT_KEEPALIVE_LIMIT 3
 #endif
 /* Ensure that data is received within IDLE_TIMEOUT seconds. This can
 be overridden at runtime with -I. 0 disables idle timeouts */
 #ifndef DEFAULT_IDLE_TIMEOUT
 #define DEFAULT_IDLE_TIMEOUT 0
 #endif
 /* The default path. This will often get replaced by the shell */
 #ifndef DEFAULT_PATH
 #define DEFAULT_PATH "/usr/bin:/bin"
 #endif
 #endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */
--- a/default_options.h.in
+++ b/default_options.h.in
@ -1,365 +0,0 @@
 #ifndef DROPBEAR_DEFAULT_OPTIONS_H_
 #define DROPBEAR_DEFAULT_OPTIONS_H_
 /*
                     > > > Read This < < <
 default_options.h.in  documents compile-time options, and provides default values.
 Local customisation should be added to localoptions.h which is
 used if it exists. Options defined there will override any options in this
 file.
 Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS
 IMPORTANT: Many options will require "make clean" after changes */
 #define DROPBEAR_DEFPORT "22"
 /* Listen on all interfaces */
 #define DROPBEAR_DEFADDRESS ""
 /* Default hostkey paths - these can be specified on the command line */
 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
 #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
 #define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
 /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
 * on chosen ports and keeps accepting connections. This is the default.
 *
 * Set INETD_MODE if you want to be able to run Dropbear with inetd (or
 * similar), where it will use stdin/stdout for connections, and each process
 * lasts for a single connection. Dropbear should be invoked with the -i flag
 * for inetd, and can only accept IPv4 connections.
 *
 * Both of these flags can be defined at once, don't compile without at least
 * one of them. */
 #define NON_INETD_MODE 1
 #define INETD_MODE 1
 #if !(NON_INETD_MODE || INETD_MODE)
 	#error "NON_INETD_MODE or INETD_MODE (or both) must be enabled."
 #endif
 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
 several kB in binary size however will make the symmetrical ciphers and hashes
 slower, perhaps by 50%. Recommended for small systems that aren't doing
 much traffic. */
 #define DROPBEAR_SMALL_CODE 1
 /* Enable X11 Forwarding - server only */
 #define DROPBEAR_X11FWD 1
 /* Enable TCP Fowarding */
 /* 'Local' is "-L" style (client listening port forwarded via server)
 * 'Remote' is "-R" style (server listening port forwarded via client) */
 #define DROPBEAR_CLI_LOCALTCPFWD 1
 #define DROPBEAR_CLI_REMOTETCPFWD 1
 #define DROPBEAR_SVR_LOCALTCPFWD 1
 #define DROPBEAR_SVR_REMOTETCPFWD 1
 /* Enable Authentication Agent Forwarding */
 #define DROPBEAR_SVR_AGENTFWD 1
 #define DROPBEAR_CLI_AGENTFWD 1
 /* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to
 * allow multihop dbclient connections */
 /* Allow using -J <proxycommand> to run the connection through a 
   pipe to a program, rather the normal TCP connection */
 #define DROPBEAR_CLI_PROXYCMD 1
 /* Enable "Netcat mode" option. This will forward standard input/output
 * to a remote TCP-forwarded connection */
 #define DROPBEAR_CLI_NETCAT 1
 /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
 #define DROPBEAR_USER_ALGO_LIST 1
 /* Encryption - at least one required.
 * Protocol RFC requires 3DES and recommends AES128 for interoperability.
 * Including multiple keysize variants the same cipher 
 * (eg AES256 as well as AES128) will result in a minimal size increase.*/
 #define DROPBEAR_AES128 1
 #define DROPBEAR_3DES 1
 #define DROPBEAR_AES256 1
 #define DROPBEAR_TWOFISH256 1
 #define DROPBEAR_TWOFISH128 1
 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
 #define DROPBEAR_BLOWFISH 0
 #if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \
      || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128)
 	#error "At least one encryption algorithm must be enabled; 3DES and AES128 are recommended."
 #endif
 /* Enable CBC mode for ciphers. This has security issues though
 * is the most compatible with older SSH implementations */
 #define DROPBEAR_ENABLE_CBC_MODE 1
 /* Enable "Counter Mode" for ciphers. This is more secure than normal
 * CBC mode against certain attacks. It is recommended for security
 * and forwards compatibility */
 #define DROPBEAR_ENABLE_CTR_MODE 1
 /* Twofish counter mode is disabled by default because it 
 has not been tested for interoperability with other SSH implementations.
 If you test it please contact the Dropbear author */
 #define DROPBEAR_TWOFISH_CTR 0
 /* Message integrity. sha2-256 is recommended as a default, 
   sha1 for compatibility */
 #define DROPBEAR_SHA1_HMAC 1
 #define DROPBEAR_SHA1_96_HMAC 1
 #define DROPBEAR_SHA2_256_HMAC 1
 /* Default is to include it is sha512 is being compiled in for ECDSA */
 #define DROPBEAR_SHA2_512_HMAC (DROPBEAR_ECDSA)
 /* XXX needed for fingerprints */
 #define DROPBEAR_MD5_HMAC 0
 /* Hostkey/public key algorithms - at least one required, these are used
 * for hostkey as well as for verifying signatures with pubkey auth.
 * Removing either of these won't save very much space.
 * RSA is recommended
 * DSS may be necessary to connect to some systems though
   is not recommended for new keys */
 #define DROPBEAR_RSA 1
 #define DROPBEAR_DSS 1
 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
 * code (either ECDSA or ECDH) increases binary size - around 30kB
 * on x86-64 */
 #define DROPBEAR_ECDSA 1
 #if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA)
 	#error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended."
 #endif
 /* RSA must be >=1024 */
 #define DROPBEAR_DEFAULT_RSA_SIZE 2048
 /* DSS is always 1024 */
 /* ECDSA defaults to largest size configured, usually 521 */
 /* Add runtime flag "-R" to generate hostkeys as-needed when the first 
   connection using that key type occurs.
   This avoids the need to otherwise run "dropbearkey" and avoids some problems
   with badly seeded /dev/urandom when systems first boot. */
 #define DROPBEAR_DELAY_HOSTKEY 1
 /* Enable Curve25519 for key exchange. This is another elliptic
 * curve method with good security properties. Increases binary size
 * by ~8kB on x86-64 */
 #define DROPBEAR_CURVE25519 1
 /* Enable elliptic curve Diffie Hellman key exchange, see note about
 * ECDSA above */
 #define DROPBEAR_ECDH 1
 /* Key exchange algorithm.
 * group14_sha1 - 2048 bit, sha1
 * group14_sha256 - 2048 bit, sha2-256
 * group16 - 4096 bit, sha2-512
 * group1 - 1024 bit, sha1
 *
 * group14 is supported by most implementations.
 * group16 provides a greater strength level but is slower and increases binary size
 * group1 is too small for security though is necessary if you need 
     compatibility with some implementations such as Dropbear versions < 0.53
 */ 
 #define DROPBEAR_DH_GROUP1 1
 #define DROPBEAR_DH_GROUP14_SHA1 1
 #define DROPBEAR_DH_GROUP14_SHA256 1
 #define DROPBEAR_DH_GROUP16 0
 /* Control the memory/performance/compression tradeoff for zlib.
 * Set windowBits=8 for least memory usage, see your system's
 * zlib.h for full details.
 * Default settings (windowBits=15) will use 256kB for compression
 * windowBits=8 will use 129kB for compression.
 * Both modes will use ~35kB for decompression (using windowBits=15 for
 * interoperability) */
 #define DROPBEAR_ZLIB_WINDOW_BITS 15 
 /* Whether to do reverse DNS lookups. */
 #define DO_HOST_LOOKUP 0
 /* Whether to print the message of the day (MOTD). */
 #define DO_MOTD 0
 /* The MOTD file path */
 #define MOTD_FILENAME "/etc/motd"
 /* Authentication Types - at least one required.
   RFC Draft requires pubkey auth, and recommends password */
 /* Note: PAM auth is quite simple and only works for PAM modules which just do
 * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
 * It's useful for systems like OS X where standard password crypts don't work
 * but there's an interface via a PAM module. It won't work for more complex
 * PAM challenge/response.
 * You can't enable both PASSWORD and PAM. */
 /* PAM requires ./configure --enable-pam */
 #if defined(HAVE_LIBPAM) && !DROPBEAR_SVR_PASSWORD_AUTH
 	#define DROPBEAR_SVR_PAM_AUTH 1
 #else
 	#define DROPBEAR_SVR_PAM_AUTH 0
 #endif
 /* This requires crypt() */
 #if defined(HAVE_CRYPT) && !DROPBEAR_SVR_PAM_AUTH
 	#define DROPBEAR_SVR_PASSWORD_AUTH 1
 #else
 	#define DROPBEAR_SVR_PASSWORD_AUTH 0
 #endif
 #define DROPBEAR_SVR_PUBKEY_AUTH 1
 #if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH)
 	#error "At least one server authentication type must be enabled; PUBKEY and PASSWORD are recommended."
 #endif
 #if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT
 	#error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
 #endif
 #if DROPBEAR_SVR_PAM_AUTH
 	#if DISABLE_PAM
 		#error "DROPBEAR_SVR_PAM_AUTH requires 'configure --enable-pam' to succeed."
 	#endif
 	#if DROPBEAR_SVR_PASSWORD_AUTH
 		#error "DROPBEAR_SVR_PASSWORD_AUTH cannot be enabled at the same time as DROPBEAR_SVR_PAM_AUTH."
 	#endif
 #endif
 /* Whether to take public key options in 
 * authorized_keys file into account */
 #define DROPBEAR_SVR_PUBKEY_OPTIONS 1
 /* This requires getpass. */
 #ifdef HAVE_GETPASS
 	#define DROPBEAR_CLI_PASSWORD_AUTH 1
 	#define DROPBEAR_CLI_INTERACT_AUTH 1
 #else
 	#define DROPBEAR_CLI_PASSWORD_AUTH 0
 	#define DROPBEAR_CLI_INTERACT_AUTH 0
 #endif
 #define DROPBEAR_CLI_PUBKEY_AUTH 1
 #if !(DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_PUBKEY_AUTH)
 	#error "At least one client authentication type must be enabled; PUBKEY and PASSWORD are recommended."
 #endif
 /* A default argument for dbclient -i <privatekey>. 
 Homedir is prepended unless path begins with / */
 #define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear"
 /* This variable can be used to set a password for client
 * authentication on the commandline. Beware of platforms
 * that don't protect environment variables of processes etc. Also
 * note that it will be provided for all "hidden" client-interactive
 * style prompts - if you want something more sophisticated, use 
 * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
 #define DROPBEAR_USE_DROPBEAR_PASSWORD 1
 /* Define this (as well as DROPBEAR_CLI_PASSWORD_AUTH) to allow the use of
 * a helper program for the ssh client. The helper program should be
 * specified in the SSH_ASKPASS environment variable, and dbclient
 * should be run with DISPLAY set and no tty. The program should
 * return the password on standard output */
 #define DROPBEAR_CLI_ASKPASS_HELPER 0
 #if DROPBEAR_CLI_ASKPASS_HELPER
 	#define DROPBEAR_CLI_PASSWORD_AUTH 1
 #endif
 /* Save a network roundtrip by sendng a real auth request immediately after
 * sending a query for the available methods.  It is at the expense of < 100
 * bytes of extra network traffic. This is not yet enabled by default since it
 * could cause problems with non-compliant servers */
 #define DROPBEAR_CLI_IMMEDIATE_AUTH 0
 /* Source for randomness. This must be able to provide hundreds of bytes per SSH
 * connection without blocking. In addition /dev/random is used for seeding
 * rsa/dss key generation */
 #define DROPBEAR_URANDOM_DEV "/dev/urandom"
 /* Set this to use PRNGD or EGD instead of /dev/urandom or /dev/random */
 #define DROPBEAR_USE_PRNGD 0
 #define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
 /* Specify the number of clients we will allow to be connected but
 * not yet authenticated. After this limit, connections are rejected */
 /* The first setting is per-IP, to avoid denial of service */
 #define MAX_UNAUTH_PER_IP 5
 /* And then a global limit to avoid chewing memory if connections 
 * come from many IPs */
 #define MAX_UNAUTH_CLIENTS 30
 /* Default maximum number of failed authentication tries (server option) */
 /* -T server option overrides */
 #define MAX_AUTH_TRIES 10
 /* The default file to store the daemon's process ID, for shutdown
   scripts etc. This can be overridden with the -P flag */
 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
 /* The command to invoke for xauth when using X11 forwarding.
 * "-q" for quiet */
 #define XAUTH_COMMAND "/usr/bin/xauth -q"
 #define DROPBEAR_SFTPSERVER 1
 /* if you want to enable running an sftp server (such as the one included with
 * OpenSSH), set the path below. If the path isn't defined, sftp will not
 * be enabled */
 #define SFTPSERVER_PATH "/usr/libexec/sftp-server"
 /* This is used by the scp binary when used as a client binary. If you're
 * not using the Dropbear client, you'll need to change it */
 #define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
 /* Whether to log commands executed by a client. This only logs the 
 * (single) command sent to the server, not what a user did in a 
 * shell/sftp session etc. */
 #define LOG_COMMANDS 0
 /* Window size limits. These tend to be a trade-off between memory
   usage and network performance: */
 /* Size of the network receive window. This amount of memory is allocated
   as a per-channel receive buffer. Increasing this value can make a
   significant difference to network performance. 24kB was empirically
   chosen for a 100mbit ethernet network. The value can be altered at
   runtime with the -W argument. */
 #define DEFAULT_RECV_WINDOW 24576
 /* Maximum size of a received SSH data packet - this _MUST_ be >= 32768
   in order to interoperate with other implementations */
 #define RECV_MAX_PAYLOAD_LEN 32768
 /* Maximum size of a transmitted data packet - this can be any value,
   though increasing it may not make a significant difference. */
 #define TRANS_MAX_PAYLOAD_LEN 16384
 /* Ensure that data is transmitted every KEEPALIVE seconds. This can
 be overridden at runtime with -K. 0 disables keepalives */
 #define DEFAULT_KEEPALIVE 0
 /* If this many KEEPALIVES are sent with no packets received from the
 other side, exit. Not run-time configurable - if you have a need
 for runtime configuration please mail the Dropbear list */
 #define DEFAULT_KEEPALIVE_LIMIT 3
 /* Ensure that data is received within IDLE_TIMEOUT seconds. This can
 be overridden at runtime with -I. 0 disables idle timeouts */
 #define DEFAULT_IDLE_TIMEOUT 0
 /* The default path. This will often get replaced by the shell */
 #define DEFAULT_PATH "/usr/bin:/bin"
 /* Include verbose debug output, enabled with -v at runtime. 
 * This will add a reasonable amount to your executable size. */
 #define DEBUG_TRACE 0
 #endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */
--- a/dropbear.8
+++ b/dropbear.8
@ -148,8 +148,10 @@ Host Key Files
 Host key files are read at startup from a standard location, by default
 /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key, and 
 /etc/dropbear/dropbear_ecdsa_host_key
-or specified on the commandline with -r. These are of the form generated
+
-by dropbearkey. The -R option can be used to automatically generate keys
+If the -r command line option is specified the default files are not loaded.
 Host key files are of the form generated by dropbearkey. 
 The -R option can be used to automatically generate keys
 in the default location - keys will be generated after startup when the first
 connection is established. This had the benefit that the system /dev/urandom
 random number source has a better chance of being securely seeded.
--- a/ecc.c
+++ b/ecc.c
@ -1,5 +1,4 @@
 #include "includes.h"
 #include "options.h"
 #include "ecc.h"
 #include "dbutil.h"
 #include "bignum.h"
--- a/ecc.h
+++ b/ecc.h
@ -2,7 +2,6 @@
 #define DROPBEAR_DROPBEAR_ECC_H
 #include "includes.h"
 #include "options.h"
 #include "buffer.h"
--- a/ecdsa.c
+++ b/ecdsa.c
@ -1,4 +1,3 @@
 #include "options.h"
 #include "includes.h"
 #include "dbutil.h"
 #include "crypto_desc.h"
--- a/ecdsa.h
+++ b/ecdsa.h
@ -7,13 +7,14 @@
 #if DROPBEAR_ECDSA
-/* Prefer the larger size - it's fast anyway */
+/* prefer 256 or 384 since those are SHOULD for
-#if DROPBEAR_ECC_521
+   draft-ietf-curdle-ssh-kex-sha2.txt */
-#define ECDSA_DEFAULT_SIZE 521
+#if DROPBEAR_ECC_256
 #define ECDSA_DEFAULT_SIZE 256
 #elif DROPBEAR_ECC_384
 #define ECDSA_DEFAULT_SIZE 384
-#elif DROPBEAR_ECC_256
+#elif DROPBEAR_ECC_521
-#define ECDSA_DEFAULT_SIZE 256
+#define ECDSA_DEFAULT_SIZE 521
 #else
 #define ECDSA_DEFAULT_SIZE 0
 #endif
--- a/ifndef_wrapper.sh
+++ b/ifndef_wrapper.sh
@ -2,6 +2,6 @@
 # Wrap all "#define X Y" with a #ifndef X...#endif"
-sed -E 's/^(#define ([^ ]+) .*)/#ifndef \2\
+sed -E 's/^( *#define ([^ ]+) .*)/#ifndef \2\
 \1\
 #endif/' 
--- a/includes.h
+++ b/includes.h
@ -26,7 +26,6 @@
 #define DROPBEAR_INCLUDES_H_
 #include "config.h"
 #include "options.h"
 #include "debug.h"
--- a/libtommath/Makefile.in
+++ b/libtommath/Makefile.in
@ -126,19 +126,6 @@ docdvi poster docs mandvi manual:
 pretty:
 	perl pretty.build
 #\zipup the project (take that!)
 no_oops: clean
 	cd .. ; cvs commit
 	echo Scanning for scratch/dirty files
 	find . -type f | grep -v CVS | xargs -n 1 bash mess.sh
 clean:
 	rm -f *.bat *.pdf *.o *.a *.obj *.lib *.exe *.dll etclib/*.o demo/demo.o test ltmtest mpitest mtest/mtest mtest/mtest.exe \
        *.idx *.toc *.log *.aux *.dvi *.lof *.ind *.ilg *.ps *.log *.s mpi.c *.da *.dyn *.dpi tommath.tex `find . -type f | grep [~] | xargs` *.lo *.la
 	rm -rf .libs
 	-cd etc && MAKE=${MAKE} ${MAKE} clean
 	-cd pics && MAKE=${MAKE} ${MAKE} clean
 .PHONY: pre_gen
 pre_gen:
 	perl gen.pl
--- a/libtommath/makefile.include
+++ b/libtommath/makefile.include
@ -1,105 +0,0 @@
 #
 # Include makefile for libtommath
 #
 #version of library
 VERSION=1.0
 VERSION_SO=1:0
 # default make target
 default: ${LIBNAME}
 # Compiler and Linker Names
 ifndef PREFIX
  PREFIX=
 endif
 ifeq ($(CC),cc)
  CC = $(PREFIX)gcc
 endif
 LD=$(PREFIX)ld
 AR=$(PREFIX)ar
 RANLIB=$(PREFIX)ranlib
 ifndef MAKE
   MAKE=make
 endif
 CFLAGS += -I./ -Wall -Wsign-compare -Wextra -Wshadow
 ifndef NO_ADDTL_WARNINGS
 # additional warnings
 CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align
 CFLAGS += -Wstrict-prototypes -Wpointer-arith
 endif
 ifdef COMPILE_DEBUG
 #debug
 CFLAGS += -g3
 else
 ifdef COMPILE_SIZE
 #for size
 CFLAGS += -Os
 else
 ifndef IGNORE_SPEED
 #for speed
 CFLAGS += -O3 -funroll-loops
 #x86 optimizations [should be valid for any GCC install though]
 CFLAGS  += -fomit-frame-pointer
 endif
 endif # COMPILE_SIZE
 endif # COMPILE_DEBUG
 # adjust coverage set
 ifneq ($(filter $(shell arch), i386 i686 x86_64 amd64 ia64),)
   COVERAGE = test_standalone timing
   COVERAGE_APP = ./test && ./ltmtest
 else
   COVERAGE = test_standalone
   COVERAGE_APP = ./test
 endif
 HEADERS_PUB=tommath.h tommath_class.h tommath_superclass.h
 HEADERS=tommath_private.h $(HEADERS_PUB)
 test_standalone: CFLAGS+=-DLTM_DEMO_TEST_VS_MTEST=0
 #LIBPATH-The directory for libtommath to be installed to.
 #INCPATH-The directory to install the header files for libtommath.
 #DATAPATH-The directory to install the pdf docs.
 LIBPATH?=/usr/lib
 INCPATH?=/usr/include
 DATAPATH?=/usr/share/doc/libtommath/pdf
 #make the code coverage of the library
 #
 coverage: CFLAGS += -fprofile-arcs -ftest-coverage -DTIMING_NO_LOGS
 coverage: LFLAGS += -lgcov
 coverage: LDFLAGS += -lgcov
 coverage: $(COVERAGE)
 	$(COVERAGE_APP)
 lcov: coverage
 	rm -f coverage.info
 	lcov --capture --no-external --no-recursion $(LCOV_ARGS) --output-file coverage.info -q
 	genhtml coverage.info --output-directory coverage -q
 # target that removes all coverage output
 cleancov-clean:
 	rm -f `find . -type f -name "*.info" | xargs`
 	rm -rf coverage/
 # cleans everything - coverage output and standard 'clean'
 cleancov: cleancov-clean clean
 clean:
 	rm -f *.gcda *.gcno *.bat *.o *.a *.obj *.lib *.exe *.dll etclib/*.o demo/demo.o test ltmtest mpitest mtest/mtest mtest/mtest.exe \
        *.idx *.toc *.log *.aux *.dvi *.lof *.ind *.ilg *.ps *.log *.s mpi.c *.da *.dyn *.dpi tommath.tex `find . -type f | grep [~] | xargs` *.lo *.la
 	rm -rf .libs/
 	cd etc ; MAKE=${MAKE} ${MAKE} clean
 	cd pics ; MAKE=${MAKE} ${MAKE} clean
--- a/libtommath/makefile_include.mk
+++ b/libtommath/makefile_include.mk
@ -17,12 +17,13 @@ ifndef CROSS_COMPILE
  CROSS_COMPILE=
 endif
-ifeq ($(CC),cc)
+# Dropbear passes these down
-  CC = $(CROSS_COMPILE)gcc
+#ifeq ($(CC),cc)
-endif
+#  CC = $(CROSS_COMPILE)gcc
-LD=$(CROSS_COMPILE)ld
+#endif
-AR=$(CROSS_COMPILE)ar
+#LD=$(CROSS_COMPILE)ld
-RANLIB=$(CROSS_COMPILE)ranlib
+#AR=$(CROSS_COMPILE)ar
 #RANLIB=$(CROSS_COMPILE)ranlib
 ifndef MAKE
   MAKE=make
@ -113,5 +114,5 @@ clean:
 	rm -f *.gcda *.gcno *.gcov *.bat *.o *.a *.obj *.lib *.exe *.dll etclib/*.o demo/demo.o test ltmtest mpitest mtest/mtest mtest/mtest.exe \
        *.idx *.toc *.log *.aux *.dvi *.lof *.ind *.ilg *.ps *.log *.s mpi.c *.da *.dyn *.dpi tommath.tex `find . -type f | grep [~] | xargs` *.lo *.la
 	rm -rf .libs/
-	${MAKE} -C etc/ clean MAKE=${MAKE}
+	#${MAKE} -C etc/ clean MAKE=${MAKE}
-	${MAKE} -C doc/ clean MAKE=${MAKE}
+	#${MAKE} -C doc/ clean MAKE=${MAKE}
--- a/list.c
+++ b/list.c
@ -1,4 +1,4 @@
-#include "options.h"
+#include "includes.h"
 #include "dbutil.h"
 #include "list.h"
--- a/loginrec.c
+++ b/loginrec.c
@ -1330,7 +1330,8 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode)
 		if ( lseek(*fd, offset, SEEK_SET) != offset ) {
 			dropbear_log(LOG_WARNING, "lastlog_openseek: %s->lseek(): %s",
-			 lastlog_file, strerror(errno));
+				lastlog_file, strerror(errno));
 			m_close(*fd);
 			return 0;
 		}
 	}
--- a/ltc_prng.c
+++ b/ltc_prng.c
@ -11,7 +11,6 @@
 *
 * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
 */
 #include "options.h"
 #include "includes.h"
 #include "dbrandom.h"
 #include "ltc_prng.h"
--- a/ltc_prng.h
+++ b/ltc_prng.h
@ -1,7 +1,6 @@
 #ifndef DROPBEAR_LTC_PRNG_H_DROPBEAR
 #define DROPBEAR_LTC_PRNG_H_DROPBEAR
 #include "options.h"
 #include "includes.h"
 #if DROPBEAR_LTC_PRNG
--- a/options.h
+++ b/options.h
@ -8,11 +8,15 @@ Local compile-time configuration should be defined in localoptions.h
 See default_options.h.in for a description of the available options.
 */
 /* Some configuration options or checks depend on system config */
 #include "config.h"
 #ifdef LOCALOPTIONS_H_EXISTS
 #include "localoptions.h"
 #endif
-#include "default_options.h"
+/* default_options.h is processed to add #ifndef guards */
 #include "default_options_guard.h"
 /* Some other defines that mostly should be left alone are defined
 * in sysoptions.h */
--- a/runopts.h
+++ b/runopts.h
@ -92,6 +92,8 @@ typedef struct svr_runopts {
 #endif
 	int norootlogin;
 	char *restrict_group;
 	gid_t restrict_group_gid;
 	int noauthpass;
 	int norootpass;
--- a/session.h
+++ b/session.h
@ -26,7 +26,6 @@
 #define DROPBEAR_SESSION_H_
 #include "includes.h"
 #include "options.h"
 #include "buffer.h"
 #include "signkey.h"
 #include "kex.h"
@ -41,7 +40,7 @@
 #include "netio.h"
 void common_session_init(int sock_in, int sock_out);
-void session_loop(void(*loophandler)()) ATTRIB_NORETURN;
+void session_loop(void(*loophandler)(void)) ATTRIB_NORETURN;
 void session_cleanup(void);
 void send_session_identification(void);
 void send_msg_ignore(void);
--- a/svr-auth.c
+++ b/svr-auth.c
@ -25,6 +25,8 @@
 /* This file (auth.c) handles authentication requests, passing it to the
 * particular type (auth-passwd, auth-pubkey). */
 #include <limits.h>
 #include "includes.h"
 #include "dbutil.h"
 #include "session.h"
@ -35,26 +37,10 @@
 #include "runopts.h"
 #include "dbrandom.h"
-static void authclear(void);
+static int checkusername(const char *username, unsigned int userlen);
 static int checkusername(char *username, unsigned int userlen);
 /* initialise the first time for a session, resetting all parameters */
 void svr_authinitialise() {
 	ses.authstate.failcount = 0;
 	ses.authstate.pw_name = NULL;
 	ses.authstate.pw_dir = NULL;
 	ses.authstate.pw_shell = NULL;
 	ses.authstate.pw_passwd = NULL;
 	authclear();
 }
 /* Reset the auth state, but don't reset the failcount. This is for if the
 * user decides to try with a different username etc, and is also invoked
 * on initialisation */
 static void authclear() {
 	memset(&ses.authstate, 0, sizeof(ses.authstate));
 #if DROPBEAR_SVR_PUBKEY_AUTH
 	ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
@ -64,19 +50,6 @@ static void authclear() {
 		ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
 	}
 #endif
 	if (ses.authstate.pw_name) {
 		m_free(ses.authstate.pw_name);
 	}
 	if (ses.authstate.pw_shell) {
 		m_free(ses.authstate.pw_shell);
 	}
 	if (ses.authstate.pw_dir) {
 		m_free(ses.authstate.pw_dir);
 	}
 	if (ses.authstate.pw_passwd) {
 		m_free(ses.authstate.pw_passwd);
 	}
 }
 /* Send a banner message if specified to the client. The client might
@ -224,31 +197,76 @@ out:
 	m_free(methodname);
 }
 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
 static int check_group_membership(gid_t check_gid, const char* username, gid_t user_gid) {
 	int ngroups, i, ret;
 	gid_t *grouplist = NULL;
 	int match = DROPBEAR_FAILURE;
 	for (ngroups = 32; ngroups <= DROPBEAR_NGROUP_MAX; ngroups *= 2) {
 		grouplist = m_malloc(sizeof(gid_t) * ngroups);
 		/* BSD returns ret==0 on success. Linux returns ret==ngroups on success */
 		ret = getgrouplist(username, user_gid, grouplist, &ngroups);
 		if (ret >= 0) {
 			break;
 		}
 		m_free(grouplist);
 		grouplist = NULL;
 	}
 	if (!grouplist) {
 		dropbear_log(LOG_ERR, "Too many groups for user '%s'", username);
 		return DROPBEAR_FAILURE;
 	}
 	for (i = 0; i < ngroups; i++) {
 		if (grouplist[i] == check_gid) {
 			match = DROPBEAR_SUCCESS;
 			break;
 		}
 	}
 	m_free(grouplist);
 	return match;
 }
 /* Check that the username exists and isn't disallowed (root), and has a valid shell.
 * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
-static int checkusername(char *username, unsigned int userlen) {
+static int checkusername(const char *username, unsigned int userlen) {
 	char* listshell = NULL;
 	char* usershell = NULL;
 	uid_t uid;
 	TRACE(("enter checkusername"))
 	if (userlen > MAX_USERNAME_LEN) {
 		return DROPBEAR_FAILURE;
 	}
-	/* new user or username has changed */
+	if (strlen(username) != userlen) {
-	if (ses.authstate.username == NULL ||
+		dropbear_exit("Attempted username with a null byte from %s",
-		strcmp(username, ses.authstate.username) != 0) {
+			svr_ses.addrstring);
-			/* the username needs resetting */
+	}
-			if (ses.authstate.username != NULL) {
+
-				dropbear_log(LOG_WARNING, "Client trying multiple usernames from %s",
+	if (ses.authstate.username == NULL) {
-							svr_ses.addrstring);
+		/* first request */
-				m_free(ses.authstate.username);
+		fill_passwd(username);
-			}
+		ses.authstate.username = m_strdup(username);
-			authclear();
+	} else {
-			fill_passwd(username);
+		/* check username hasn't changed */
-			ses.authstate.username = m_strdup(username);
+		if (strcmp(username, ses.authstate.username) != 0) {
 			dropbear_exit("Client trying multiple usernames from %s",
 				svr_ses.addrstring);
 		}
 	}
 	/* avoids cluttering logs with repeated failure messages from
 	consecutive authentication requests in a sesssion */
 	if (ses.authstate.checkusername_failed) {
 		TRACE(("checkusername: returning cached failure"))
 		return DROPBEAR_FAILURE;
 	}
 	/* check that user exists */
@ -257,6 +275,7 @@ static int checkusername(char *username, unsigned int userlen) {
 		dropbear_log(LOG_WARNING,
 				"Login attempt for nonexistent user from %s",
 				svr_ses.addrstring);
 		ses.authstate.checkusername_failed = 1;
 		return DROPBEAR_FAILURE;
 	}
@ -268,6 +287,7 @@ static int checkusername(char *username, unsigned int userlen) {
 				"Login attempt with wrong user %s from %s",
 				ses.authstate.pw_name,
 				svr_ses.addrstring);
 		ses.authstate.checkusername_failed = 1;
 		return DROPBEAR_FAILURE;
 	}
@ -275,9 +295,22 @@ static int checkusername(char *username, unsigned int userlen) {
 	if (svr_opts.norootlogin && ses.authstate.pw_uid == 0) {
 		TRACE(("leave checkusername: root login disabled"))
 		dropbear_log(LOG_WARNING, "root login rejected");
 		ses.authstate.checkusername_failed = 1;
 		return DROPBEAR_FAILURE;
 	}
 	/* check for login restricted to certain group if desired */
 	if (svr_opts.restrict_group) {
 		if (check_group_membership(svr_opts.restrict_group_gid,
 				ses.authstate.pw_name, ses.authstate.pw_gid) == DROPBEAR_FAILURE) {
 			dropbear_log(LOG_WARNING,
 				"Logins are restricted to the group %s but user '%s' is not a member",
 				svr_opts.restrict_group, ses.authstate.pw_name);
 			ses.authstate.checkusername_failed = 1;
 			return DROPBEAR_FAILURE;
 		}
 	}
 	TRACE(("shell is %s", ses.authstate.pw_shell))
 	/* check that the shell is set */
@ -301,6 +334,7 @@ static int checkusername(char *username, unsigned int userlen) {
 	/* no matching shell */
 	endusershell();
 	TRACE(("no matching shell"))
 	ses.authstate.checkusername_failed = 1;
 	dropbear_log(LOG_WARNING, "User '%s' has invalid shell, rejected",
 				ses.authstate.pw_name);
 	return DROPBEAR_FAILURE;
--- a/svr-runopts.c
+++ b/svr-runopts.c
@ -30,6 +30,8 @@
 #include "algo.h"
 #include "ecdsa.h"
 #include <grp.h>
 svr_runopts svr_opts; /* GLOBAL */
 static void printhelp(const char * progname);
@ -68,6 +70,7 @@ static void printhelp(const char * progname) {
 					"-m		Don't display the motd on login\n"
 #endif
 					"-w		Disallow root logins\n"
 					"-G		Restrict logins to members of specified group\n"
 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
 					"-s		Disable password logins\n"
 					"-g		Disable password logins for root\n"
@ -132,6 +135,8 @@ void svr_getopts(int argc, char ** argv) {
 	svr_opts.forced_command = NULL;
 	svr_opts.forkbg = 1;
 	svr_opts.norootlogin = 0;
 	svr_opts.restrict_group = NULL;
 	svr_opts.restrict_group_gid = 0;
 	svr_opts.noauthpass = 0;
 	svr_opts.norootpass = 0;
 	svr_opts.allowblankpass = 0;
@ -230,6 +235,9 @@ void svr_getopts(int argc, char ** argv) {
 				case 'w':
 					svr_opts.norootlogin = 1;
 					break;
 				case 'G':
 					next = &svr_opts.restrict_group;
 					break;
 				case 'W':
 					next = &recv_window_arg;
 					break;
@ -331,6 +339,17 @@ void svr_getopts(int argc, char ** argv) {
 		}
 		buf_setpos(svr_opts.banner, 0);
 	}
 	if (svr_opts.restrict_group) {
 		struct group *restrictedgroup = getgrnam(svr_opts.restrict_group);
 		if (restrictedgroup){
 			svr_opts.restrict_group_gid = restrictedgroup->gr_gid;
 		} else {
 			dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group);
 		}
 	}
 	if (recv_window_arg) {
 		opts.recv_window = atol(recv_window_arg);
@ -511,17 +530,20 @@ void load_all_hostkeys() {
 		m_free(hostkey_file);
 	}
 	/* Only load default host keys if a host key is not specified by the user */
 	if (svr_opts.num_hostkey_files == 0) {
 #if DROPBEAR_RSA
-	loadhostkey(RSA_PRIV_FILENAME, 0);
+		loadhostkey(RSA_PRIV_FILENAME, 0);
 #endif
 #if DROPBEAR_DSS
-	loadhostkey(DSS_PRIV_FILENAME, 0);
+		loadhostkey(DSS_PRIV_FILENAME, 0);
 #endif
 #if DROPBEAR_ECDSA
-	loadhostkey(ECDSA_PRIV_FILENAME, 0);
+		loadhostkey(ECDSA_PRIV_FILENAME, 0);
 #endif
 	}
 #if DROPBEAR_DELAY_HOSTKEY
 	if (svr_opts.delay_hostkey) {
--- a/svr-service.c
+++ b/svr-service.c
@ -30,7 +30,7 @@
 #include "ssh.h"
 #include "auth.h"
-static void send_msg_service_accept(char *name, int len);
+static void send_msg_service_accept(const char *name, int len);
 /* processes a SSH_MSG_SERVICE_REQUEST, returning 0 if finished,
 * 1 if not */
@ -73,7 +73,7 @@ void recv_msg_service_request() {
 }
-static void send_msg_service_accept(char *name, int len) {
+static void send_msg_service_accept(const char *name, int len) {
 	TRACE(("accepting service %s", name))
--- a/svr-session.c
+++ b/svr-session.c
@ -43,6 +43,7 @@
 #include "fuzz.h"
 static void svr_remoteclosed(void);
 static void svr_algos_initialise(void);
 struct serversession svr_ses; /* GLOBAL */
@ -103,6 +104,7 @@ void svr_session(int sock, int childpipe) {
 	svr_authinitialise();
 	chaninitialise(svr_chantypes);
 	svr_chansessinitialise();
 	svr_algos_initialise();
 	/* for logging the remote address */
 	get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0);
@ -254,3 +256,14 @@ static void svr_remoteclosed() {
 }
 static void svr_algos_initialise(void) {
 #if DROPBEAR_DH_GROUP1 && DROPBEAR_DH_GROUP1_CLIENTONLY
 	algo_type *algo;
 	for (algo = sshkex; algo->name; algo++) {
 		if (strcmp(algo->name, "diffie-hellman-group1-sha1") == 0) {
 			algo->usable = 0;
 		}
 	}
 #endif
 }
--- a/svr-tcpfwd.c
+++ b/svr-tcpfwd.c
@ -94,7 +94,7 @@ void recv_msg_global_request_remotetcp() {
 			buf_putbyte(ses.writepayload, SSH_MSG_REQUEST_SUCCESS);
 			buf_putint(ses.writepayload, allocated_listen_port);
 			encrypt_packet();
-			wantreply = 0; //so out does not do so
+			wantreply = 0; /* avoid out: below sending another reply */
 		}
 	} else if (strcmp("cancel-tcpip-forward", reqname) == 0) {
 		ret = svr_cancelremotetcp();
@ -212,9 +212,6 @@ static int svr_remotetcpreq(int *allocated_listen_port) {
 	if (DROPBEAR_SUCCESS == ret) {
 		tcpinfo->listenport = get_sock_port(ses.listeners[0]->socks[0]);
 		*allocated_listen_port = tcpinfo->listenport;
 		dropbear_log(LOG_INFO, "tcpip-forward %s:%d '%s'", 
 			((NULL == tcpinfo->listenaddr)?"localhost":tcpinfo->listenaddr), 
 			tcpinfo->listenport, ses.authstate.pw_name);
 	}
 out:
--- a/sysoptions.h
+++ b/sysoptions.h
@ -23,7 +23,11 @@
 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */
 #endif
- #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS))
+#define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS))
 #if !(NON_INETD_MODE || INETD_MODE)
 	#error "NON_INETD_MODE or INETD_MODE (or both) must be enabled."
 #endif
 /* A client should try and send an initial key exchange packet guessing
 * the algorithm that will match - saves a round trip connecting, has little
@ -77,6 +81,8 @@
 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
 #define DROPBEAR_NGROUP_MAX 1024
 /* Required for pubkey auth */
 #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) || (DROPBEAR_CLIENT))
@ -95,6 +101,23 @@
 #define MAX_MAC_LEN 20
 #endif
 /* sha2-512 is not necessary unless unforseen problems arise with sha2-256 */
 #ifndef DROPBEAR_SHA2_512_HMAC
 #define DROPBEAR_SHA2_512_HMAC 0
 #endif
 /* might be needed for compatibility with very old implementations */
 #ifndef DROPBEAR_MD5_HMAC
 #define DROPBEAR_MD5_HMAC 0
 #endif
 /* Twofish counter mode is disabled by default because it 
 has not been tested for interoperability with other SSH implementations.
 If you test it please contact the Dropbear author */
 #ifndef DROPBEAR_TWOFISH_CTR
 #define DROPBEAR_TWOFISH_CTR 0
 #endif
 #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA))
@ -205,6 +228,39 @@
 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
 #endif
 /* PAM requires ./configure --enable-pam */
 #if !defined(HAVE_LIBPAM) && DROPBEAR_SVR_PAM_AUTH
 #error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?"
 #endif
 #if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT
 	#error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
 #endif
 #if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH)
 	#error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended."
 #endif
 #if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \
      || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128)
 	#error "At least one encryption algorithm must be enabled. AES128 is recommended."
 #endif
 #if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA)
 	#error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended."
 #endif
 /* Source for randomness. This must be able to provide hundreds of bytes per SSH
 * connection without blocking. */
 #ifndef DROPBEAR_URANDOM_DEV
 #define DROPBEAR_URANDOM_DEV "/dev/urandom"
 #endif
 /* client keyboard interactive authentication is often used for password auth.
 rfc4256 */
 #define DROPBEAR_CLI_INTERACT_AUTH (DROPBEAR_CLI_PASSWORD_AUTH)
 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
 * code, if we're just compiling as client or server */
 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT)