ViewMTN: Diff from [685c1004..] to [88ed2b94..]

The unified diff between revisions [685c1004..] and [88ed2b94..] is displayed below. It can also be downloaded as a raw diff.
This diff has been restricted to the following files: 'options.h'
#
#
# patch "options.h"
#  from [5c60d62615833b7810eb67ca051accd5323171af]
#    to [d9be3995c3f14fdb5848a70c91d7341e83d2c210]
#
============================================================
--- options.h	5c60d62615833b7810eb67ca051accd5323171af
+++ options.h	d9be3995c3f14fdb5848a70c91d7341e83d2c210
@@ -65,13 +65,27 @@ etc) slower (perhaps by 50%). Recommende
  * RFC Draft requires 3DES and recommends AES128 for interoperability.
  * Including multiple keysize variants the same cipher
  * (eg AES256 as well as AES128) will result in a minimal size increase.*/
+/*
 #define DROPBEAR_AES128_CBC
 #define DROPBEAR_3DES_CBC
 #define DROPBEAR_AES256_CBC
 #define DROPBEAR_BLOWFISH_CBC
 #define DROPBEAR_TWOFISH256_CBC
 #define DROPBEAR_TWOFISH128_CBC
+*/

+/* You can compile with no encryption if you want. In some circumstances
+ * this could be safe securitywise, though make sure you know what
+ * you're doing. Anyone can see everything that goes over the wire, so
+ * the only safe auth method is public key. You'll have to disable all other
+ * ciphers above in the client if you want to use this, or implement cipher
+ * prioritisation in cli-runopts.
+ *
+ * The best way to do things is probably make normal compile of dropbear with all
+ * ciphers including "none" as the server, then recompile a special
+ * "dbclient-insecure" client. */
+#define DROPBEAR_NONE_CIPHER
+
 /* Message Integrity - at least one required.
  * RFC Draft requires sha1 and recommends sha1-96.
  * sha1-96 may be of use for slow links, as it has a smaller overhead.
@@ -88,6 +102,12 @@ etc) slower (perhaps by 50%). Recommende
 #define DROPBEAR_SHA1_96_HMAC
 #define DROPBEAR_MD5_HMAC

+/* You can also disable integrity. Don't bother disabling this if you're
+ * still using a cipher, it's relatively cheap. Don't disable this if you're
+ * using 'none' cipher, since it's dead simple to run arbitrary commands
+ * on the remote host. Go ahead. Hang yourself with your own rope. */
+/*#define DROPBEAR_NONE_INTEGRITY*/
+
 /* Hostkey/public key algorithms - at least one required, these are used
  * for hostkey as well as for verifying signatures with pubkey auth.
  * Removing either of these won't save very much space.