ViewMTN: Diff from [fdd44441..] to [1d86a4f0..]

The unified diff between revisions [fdd44441..] and [1d86a4f0..] is displayed below. It can also be downloaded as a raw diff.
This diff has been restricted to the following files: 'options.h'
#
#
# patch "options.h"
#  from [323eba2e14c100c6ed74e49dd07d1fd2507ab448]
#    to [bbbe23e7f3e5b7da71171834bface2d0daf76146]
#
============================================================
--- options.h	323eba2e14c100c6ed74e49dd07d1fd2507ab448
+++ options.h	bbbe23e7f3e5b7da71171834bface2d0daf76146
@@ -65,25 +65,30 @@ etc) slower (perhaps by 50%). Recommende
 #define ENABLE_AGENTFWD

 /* Encryption - at least one required.
- * RFC Draft requires 3DES, and recommends Blowfish, AES128 & Twofish128 */
+ * RFC Draft requires 3DES and recommends AES128 for interoperability.
+ * Including multiple keysize variants the same cipher
+ * (eg AES256 as well as AES128) will result in a minimal size increase.*/
 #define DROPBEAR_AES128_CBC
+#define DROPBEAR_3DES_CBC
+#define DROPBEAR_AES256_CBC
 #define DROPBEAR_BLOWFISH_CBC
+#define DROPBEAR_TWOFISH256_CBC
 #define DROPBEAR_TWOFISH128_CBC
-#define DROPBEAR_3DES_CBC

-/* Integrity - at least one required.
- * RFC Draft requires sha1-hmac, and recommends md5-hmac.
+/* Message Integrity - at least one required.
+ * RFC Draft requires sha1 and recommends sha1-96.
+ * sha1-96 may be of use for slow links, as it has a smaller overhead.
  *
- * Note: there's no point disabling sha1 to save space, since it's used in the
+ * Note: there's no point disabling sha1 to save space, since it's used
  * for the random number generator and public-key cryptography anyway.
  * Disabling it here will just stop it from being used as the integrity portion
  * of the ssh protocol.
  *
- * These are also used for key fingerprints in logs (when pubkey auth is used),
- * MD5 fingerprints are printed if available, however SHA1 fingerprints will be
- * generated otherwise. This isn't exactly optimal, although SHA1 fingerprints
- * are not too hard to create from pubkeys if required. */
+ * These hashes are also used for public key fingerprints in logs.
+ * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
+ * which are not the standard form. */
 #define DROPBEAR_SHA1_HMAC
+#define DROPBEAR_SHA1_96_HMAC
 #define DROPBEAR_MD5_HMAC

 /* Hostkey/public key algorithms - at least one required, these are used
@@ -276,7 +281,7 @@ etc) slower (perhaps by 50%). Recommende
 #define MAX_MAC_LEN SHA1_HASH_SIZE


-#define MAX_KEY_LEN 24 /* 3DES requires a 24 byte key */
+#define MAX_KEY_LEN 32 /* 256 bits for aes256 etc */
 #define MAX_IV_LEN 20 /* must be same as max blocksize,
 						 and >= SHA1_HASH_SIZE */
 #define MAX_MAC_KEY 20
@@ -313,6 +318,14 @@ etc) slower (perhaps by 50%). Recommende

 #define DROPBEAR_MAX_CLI_PASS 1024

+#if defined(DROPBEAR_AES256_CBC) || defined(DROPBEAR_AES128_CBC)
+#define DROPBEAR_AES_CBC
+#endif
+
+#if defined(DROPBEAR_TWOFISH256_CBC) || defined(DROPBEAR_TWOFISH128_CBC)
+#define DROPBEAR_TWOFISH_CBC
+#endif
+
 #ifndef ENABLE_X11FWD
 #define DISABLE_X11FWD
 #endif