--- a/options.h
+++ b/options.h
-@@ -38,7 +38,7 @@
+@@ -41,7 +41,7 @@
* Both of these flags can be defined at once, don't compile without at least
* one of them. */
#define NON_INETD_MODE
/* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
* perhaps 20% slower for pubkey operations (it is probably worth experimenting
-@@ -49,7 +49,7 @@
- several kB in binary size however will make the symmetrical ciphers and hashes
- slower, perhaps by 50%. Recommended for small systems that aren't doing
- much traffic. */
--/*#define DROPBEAR_SMALL_CODE*/
-+#define DROPBEAR_SMALL_CODE
-
- /* Enable X11 Forwarding - server only */
- #define ENABLE_X11FWD
-@@ -78,7 +78,7 @@ much traffic. */
+@@ -81,7 +81,7 @@ much traffic. */
/* Enable "Netcat mode" option. This will forward standard input/output
* to a remote TCP-forwarded connection */
/* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
#define ENABLE_USER_ALGO_LIST
-@@ -92,8 +92,8 @@ much traffic. */
+@@ -91,16 +91,16 @@ much traffic. */
+ * Including multiple keysize variants the same cipher
+ * (eg AES256 as well as AES128) will result in a minimal size increase.*/
+ #define DROPBEAR_AES128
+-#define DROPBEAR_3DES
++/*#define DROPBEAR_3DES*/
#define DROPBEAR_AES256
/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
/*#define DROPBEAR_BLOWFISH*/
-#define DROPBEAR_TWOFISH256
-#define DROPBEAR_TWOFISH128
-+/*#define DROPBEAR_TWOFISH256
-+#define DROPBEAR_TWOFISH128*/
++/*#define DROPBEAR_TWOFISH256*/
++/*#define DROPBEAR_TWOFISH128*/
+
+ /* Enable CBC mode for ciphers. This has security issues though
+ * is the most compatible with older SSH implementations */
+-#define DROPBEAR_ENABLE_CBC_MODE
++/*#define DROPBEAR_ENABLE_CBC_MODE*/
/* Enable "Counter Mode" for ciphers. This is more secure than normal
- * CBC mode against certain attacks. This adds around 1kB to binary
-@@ -119,7 +119,7 @@ much traffic. */
+ * CBC mode against certain attacks. It is recommended for security
+@@ -131,9 +131,9 @@ If you test it please contact the Dropbe
* If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
* which are not the standard form. */
#define DROPBEAR_SHA1_HMAC
-#define DROPBEAR_SHA1_96_HMAC
+/*#define DROPBEAR_SHA1_96_HMAC*/
- /*#define DROPBEAR_SHA2_256_HMAC*/
- /*#define DROPBEAR_SHA2_512_HMAC*/
+ #define DROPBEAR_SHA2_256_HMAC
+-#define DROPBEAR_SHA2_512_HMAC
++/*#define DROPBEAR_SHA2_512_HMAC*/
#define DROPBEAR_MD5_HMAC
-@@ -157,7 +157,7 @@ much traffic. */
+
+ /* You can also disable integrity. Don't bother disabling this if you're
+@@ -146,7 +146,7 @@ If you test it please contact the Dropbe
+ * Removing either of these won't save very much space.
+ * SSH2 RFC Draft requires dss, recommends rsa */
+ #define DROPBEAR_RSA
+-#define DROPBEAR_DSS
++/*#define DROPBEAR_DSS*/
+ /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
+ * code (either ECDSA or ECDH) increases binary size - around 30kB
+ * on x86-64 */
+@@ -194,7 +194,7 @@ If you test it please contact the Dropbe
/* Whether to print the message of the day (MOTD). This doesn't add much code
* size */
/* The MOTD file path */
#ifndef MOTD_FILENAME
-@@ -195,7 +195,7 @@ much traffic. */
+@@ -242,7 +242,7 @@ Homedir is prepended unless path begins
* note that it will be provided for all "hidden" client-interactive
* style prompts - if you want something more sophisticated, use
* SSH_ASKPASS instead. Comment out this var to remove this functionality.*/