changeset 759:76fba0856749 ecc

More changes for KEX and ECDH. Set up hash descriptors, make ECC code work, ses.hash and ses.session_id are now buffers (doesn't compile)
author Matt Johnston <matt@ucc.asn.au>
date Fri, 29 Mar 2013 00:28:09 +0800
parents 1c607a62d235
children f336d232fc63
files algo.h cli-kex.c common-algo.c common-kex.c ecc.c ecc.h kex.h libtomcrypt/src/headers/tomcrypt_custom.h ltc_prng.c ltc_prng.h random.c session.h svr-kex.c sysoptions.h
diffstat 14 files changed, 180 insertions(+), 114 deletions(-) [+]
line wrap: on
line diff
--- a/algo.h	Fri Mar 29 00:26:46 2013 +0800
+++ b/algo.h	Fri Mar 29 00:28:09 2013 +0800
@@ -35,8 +35,8 @@
 
 struct Algo_Type {
 
-	unsigned char *name; /* identifying name */
-	char val; /* a value for this cipher, or -1 for invalid */
+	const unsigned char *name; /* identifying name */
+	const char val; /* a value for this cipher, or -1 for invalid */
 	const void *data; /* algorithm specific data */
 	char usable; /* whether we can use this algorithm */
 	const void *mode; /* the mode, currently only used for ciphers,
@@ -59,8 +59,8 @@
 
 struct dropbear_cipher {
 	const struct ltc_cipher_descriptor *cipherdesc;
-	unsigned long keysize;
-	unsigned char blocksize;
+	const unsigned long keysize;
+	const unsigned char blocksize;
 };
 
 struct dropbear_cipher_mode {
@@ -75,14 +75,14 @@
 
 struct dropbear_hash {
 	const struct ltc_hash_descriptor *hashdesc;
-	unsigned long keysize;
-	unsigned char hashsize;
+	const unsigned long keysize;
+	const unsigned char hashsize;
 };
 
 struct dropbear_kex {
 	// "normal" DH KEX
-	unsigned char *dh_p_bytes;
-	int dh_p_len;
+	const unsigned char *dh_p_bytes;
+	const int dh_p_len;
 
 	// elliptic curve DH KEX
 #ifdef DROPBEAR_ECDH
@@ -108,14 +108,6 @@
 char * algolist_string(algo_type algos[]);
 #endif
 
-enum kex_type {
-	DROPBEAR_KEX_DH_GROUP1,
-	DROPBEAR_KEX_DH_GROUP14,
-	DROPBEAR_KEX_ECDH_SECP256R1,
-	DROPBEAR_KEX_ECDH_SECP384R1,
-	DROPBEAR_KEX_ECDH_SECP521R1,
-};
-
 #ifdef DROPBEAR_ECDH
 #define IS_NORMAL_DH(algo) ((algo)->dh_p_bytes != NULL)
 #else
--- a/cli-kex.c	Fri Mar 29 00:26:46 2013 +0800
+++ b/cli-kex.c	Fri Mar 29 00:28:09 2013 +0800
@@ -96,12 +96,15 @@
 
 		kexdh_comb_key(cli_ses.dh_param, &dh_f, hostkey);
 		mp_clear(&dh_f);
-		free_kexdh_param(cli_ses.dh_param);
-		cli_ses.dh_param = NULL;
 	} else {
 #ifdef DROPBEAR_ECDH
+		buffer *ecdh_qs = buf_getstringbuf(ses.payload);
+		kexecdh_comb_key(cli_ses.dh_param, ecdh_qs, hostkey);
+		buf_free(ecdh_qs);
 #endif
 	}
+	free_kexdh_param(cli_ses.dh_param);
+	cli_ses.dh_param = NULL;
 
 	if (buf_verify(ses.payload, hostkey, ses.hash, SHA1_HASH_SIZE) 
 			!= DROPBEAR_SUCCESS) {
--- a/common-algo.c	Fri Mar 29 00:26:46 2013 +0800
+++ b/common-algo.c	Fri Mar 29 00:28:09 2013 +0800
@@ -25,6 +25,7 @@
 
 #include "algo.h"
 #include "dbutil.h"
+#include "kex.h"
 
 /* This file (algo.c) organises the ciphers which can be used, and is used to
  * decide which ciphers/hashes/compression/signing to use during key exchange*/
@@ -212,18 +213,18 @@
 	{NULL, 0, NULL, 0, NULL}
 };
 
-static struct dropbear_kex kex_dh_group1 {dh_p_1, DH_P_1_LEN, NULL, sha1_desc };
-static struct dropbear_kex kex_dh_group14 {dh_p_14, DH_P_14_LEN, NULL, sha1_desc };
+static struct dropbear_kex kex_dh_group1 = {dh_p_1, DH_P_1_LEN, NULL, &sha1_desc };
+static struct dropbear_kex kex_dh_group14 = {dh_p_14, DH_P_14_LEN, NULL, &sha1_desc };
 
 #ifdef DROPBEAR_ECC_DH
 #ifdef DROPBEAR_ECC_256
-static struct dropbear_kex kex_ecdh_secp256r1 {NULL, 0, &ecc_curve_secp256r1, sha256_desc };
+static struct dropbear_kex kex_ecdh_secp256r1 = {NULL, 0, &ecc_curve_secp256r1, &sha256_desc };
 #endif
 #ifdef DROPBEAR_ECC_384
-static struct dropbear_kex kex_ecdh_secp384r1 {NULL, 0, &ecc_curve_secp384r1, sha384_desc };
+static struct dropbear_kex kex_ecdh_secp384r1 = {NULL, 0, &ecc_curve_secp384r1, &sha384_desc };
 #endif
 #ifdef DROPBEAR_ECC_521
-static struct dropbear_kex kex_ecdh_secp521r1 {NULL, 0, &ecc_curve_secp521r1, sha512_desc };
+static struct dropbear_kex kex_ecdh_secp521r1 = {NULL, 0, &ecc_curve_secp521r1, &sha512_desc };
 #endif
 #endif // DROPBEAR_ECC_DH
 
@@ -272,10 +273,13 @@
 #ifdef DROPBEAR_MD5_HMAC
 		&md5_desc,
 #endif
-#ifdef DROPBEAR_SHA2_256_HMAC
+#ifdef DROPBEAR_SHA256
 		&sha256_desc,
 #endif
-#ifdef DROPBEAR_SHA2_512_HMAC
+#ifdef DROPBEAR_SHA384
+		&sha384_desc,
+#endif
+#ifdef DROPBEAR_SHA512
 		&sha512_desc,
 #endif
 		NULL
--- a/common-kex.c	Fri Mar 29 00:26:46 2013 +0800
+++ b/common-kex.c	Fri Mar 29 00:28:09 2013 +0800
@@ -34,6 +34,7 @@
 #include "bignum.h"
 #include "random.h"
 #include "runopts.h"
+#include "ecc.h"
 
 /* diffie-hellman-group1-sha1 value for p */
 const unsigned char dh_p_1[DH_P_1_LEN] = {
@@ -642,6 +643,9 @@
 	buf_setpos(ses.kexhashbuf, 0);
 	sha1_process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len),
 			ses.kexhashbuf->len);
+	
+		ses.hash = m_malloc(SHA1_HASH_SIZE);
+	}
 	sha1_done(&hs, ses.hash);
 
 	buf_burn(ses.kexhashbuf);
@@ -660,8 +664,8 @@
 struct kex_ecdh_param *gen_kexecdh_param() {
 	struct kex_ecdh_param *param = m_malloc(sizeof(*param));
 	if (ecc_make_key_ex(NULL, dropbear_ltc_prng, 
-		&param->key, ses.newkeys->algo_kex->ecc_curve) != CRYPT_OK) {
-		dropbear_exit("ECC error")
+		&param->key, ses.newkeys->algo_kex->ecc_curve->dp) != CRYPT_OK) {
+		dropbear_exit("ECC error");
 	}
 	return param;
 }
@@ -673,58 +677,45 @@
 }
 void kexecdh_comb_key(struct kex_ecdh_param *param, buffer *pub_them,
 		sign_key *hostkey) {
-
+	const struct dropbear_kex *algo_kex = ses.newkeys->algo_kex;
 	hash_state hs;
 	// public keys from client and server
 	ecc_key *Q_C, *Q_S, *Q_them;
 
-oj	// XXX load Q_them
-	Q_them = buf_get_ecc_key_string()
-
-	ses.dh_K = dropbear_ecc_shared_secret();
+	// XXX load Q_them
+	Q_them = buf_get_ecc_pubkey(pub_them, algo_kex->ecc_curve);
 
-	/* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */
-	if (mp_cmp(dh_pub_them, &dh_p) != MP_LT 
-			|| mp_cmp_d(dh_pub_them, 0) != MP_GT) {
-		dropbear_exit("Diffie-Hellman error");
-	}
-	
-	/* K = e^y mod p = f^x mod p */
-	ses.dh_K = (mp_int*)m_malloc(sizeof(mp_int));
-	m_mp_init(ses.dh_K);
-	if (mp_exptmod(dh_pub_them, &param->priv, &dh_p, ses.dh_K) != MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
-
-	/* clear no longer needed vars */
-	mp_clear_multi(&dh_p, NULL);
+	ses.dh_K = dropbear_ecc_shared_secret(Q_them, param->key);
 
 	/* From here on, the code needs to work with the _same_ vars on each side,
 	 * not vice-versaing for client/server */
 	if (IS_DROPBEAR_CLIENT) {
-		dh_e = &param->pub;
-		dh_f = dh_pub_them;
+		Q_C = param->key;
+		Q_S = Q_them;
 	} else {
-		dh_e = dh_pub_them;
-		dh_f = &param->pub;
+		Q_C = Q_them;
+		Q_S = param->key;
 	} 
 
 	/* Create the remainder of the hash buffer, to generate the exchange hash */
 	/* K_S, the host key */
 	buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey);
-	/* e, exchange value sent by the client */
-	buf_putmpint(ses.kexhashbuf, dh_e);
-	/* f, exchange value sent by the server */
-	buf_putmpint(ses.kexhashbuf, dh_f);
+	/* Q_C, client's ephemeral public key octet string */
+	buf_put_ecc_pubkey_string(Q_C);
+	/* Q_S, server's ephemeral public key octet string */
+	buf_put_ecc_pubkey_string(Q_S);
 	/* K, the shared secret */
 	buf_putmpint(ses.kexhashbuf, ses.dh_K);
 
 	/* calculate the hash H to sign */
-	sha1_init(&hs);
+	algo_kex->hashdesc->init(&hs);
 	buf_setpos(ses.kexhashbuf, 0);
-	sha1_process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len),
+	algo_kex->hashdesc->process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len),
 			ses.kexhashbuf->len);
-	sha1_done(&hs, ses.hash);
+	if (!ses.hash) {
+		ses.hash = m_malloc(algo_kex->hashdesc->hashsize);
+	}
+	algo_kex->hashdesc->done(&hs, ses.hash);
 
 	buf_burn(ses.kexhashbuf);
 	buf_free(ses.kexhashbuf);
@@ -733,8 +724,8 @@
 	/* first time around, we set the session_id to H */
 	if (ses.session_id == NULL) {
 		/* create the session_id, this never needs freeing */
-		ses.session_id = (unsigned char*)m_malloc(SHA1_HASH_SIZE);
-		memcpy(ses.session_id, ses.hash, SHA1_HASH_SIZE);
+		ses.session_id = m_malloc(algo_kex->hashdesc->hashsize);
+		memcpy(ses.session_id, ses.hash, algo_kex->hashdesc->hashsize);
 	}
 
 }
--- a/ecc.c	Fri Mar 29 00:26:46 2013 +0800
+++ b/ecc.c	Fri Mar 29 00:28:09 2013 +0800
@@ -1,41 +1,48 @@
 #include "includes.h"
 #include "options.h"
 #include "ecc.h"
+#include "dbutil.h"
+#include "bignum.h"
 
 #ifdef DROPBEAR_ECC
 
 // TODO: use raw bytes for the dp rather than the hex strings in libtomcrypt's ecc.c
 
 #ifdef DROPBEAR_ECC_256
-const struct dropbear_ecc_curve ecc_curve_secp256r1 {
+const struct dropbear_ecc_curve ecc_curve_secp256r1 = {
 	.dp = &ltc_ecc_sets[0],
-	.hash_desc = sha256_desc,
+	.hash_desc = &sha256_desc,
 	.name = "secp256r1"
 };
 #endif
-
-
 #ifdef DROPBEAR_ECC_384
-const struct dropbear_ecc_curve ecc_curve_secp384r1 {
+const struct dropbear_ecc_curve ecc_curve_secp384r1 = {
 	.dp = &ltc_ecc_sets[1],
-	.hash_desc = sha384_desc,
+	.hash_desc = &sha384_desc,
 	.name = "secp384r1"
 };
 #endif
-
 #ifdef DROPBEAR_ECC_521
-const struct dropbear_ecc_curve ecc_curve_secp521r1 {
+const struct dropbear_ecc_curve ecc_curve_secp521r1 = {
 	.dp = &ltc_ecc_sets[2],
-	.hash_desc = sha521_desc,
+	.hash_desc = &sha512_desc,
 	.name = "secp521r1"
 };
 #endif
 
+static ecc_key * new_ecc_key(void) {
+   ecc_key *key = m_malloc(sizeof(*key));
+   key->pubkey.x = m_malloc(sizeof(mp_int));
+   key->pubkey.y = m_malloc(sizeof(mp_int));
+   key->pubkey.z = m_malloc(sizeof(mp_int));
+   key->k = m_malloc(sizeof(mp_init));
+   m_mp_init_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
+   return key;
+}
 
 void buf_put_ecc_pubkey_string(buffer *buf, ecc_key *key) {
-	// XXX point compression
-	int len = key->dp->size*2 + 1;
-	buf_putint(len);
+	unsigned long len = key->dp->size*2 + 1;
+	buf_putint(buf, len);
 	int err = ecc_ansi_x963_export(key, buf_getwriteptr(buf, len), &len);
 	if (err != CRYPT_OK) {
 		dropbear_exit("ECC error");
@@ -43,38 +50,93 @@
 	buf_incrwritepos(buf, len);
 }
 
-ecc_key * buf_get_ecc_key_string(buffer *buf, const struct dropbear_ecc_curve *curve) {
+// Copied from libtomcrypt ecc_import.c (version there is static), modified
+// for different mp_int pointer without LTC_SOURCE
+static int ecc_is_point(ecc_key *key)
+{
+   mp_int *prime, *b, *t1, *t2;
+   int err;
+
+   prime = m_malloc(sizeof(mp_int));
+   b = m_malloc(sizeof(mp_int));
+   t1 = m_malloc(sizeof(mp_int));
+   t2 = m_malloc(sizeof(mp_int));
+   
+   m_mp_init_multi(prime, b, t1, t2, NULL);
+   
+   /* load prime and b */
+   if ((err = mp_read_radix(prime, key->dp->prime, 16)) != CRYPT_OK)                          { goto error; }
+   if ((err = mp_read_radix(b, key->dp->B, 16)) != CRYPT_OK)                                  { goto error; }
+   
+   /* compute y^2 */
+   if ((err = mp_sqr(key->pubkey.y, t1)) != CRYPT_OK)                                         { goto error; }
+   
+   /* compute x^3 */
+   if ((err = mp_sqr(key->pubkey.x, t2)) != CRYPT_OK)                                         { goto error; }
+   if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK)                                             { goto error; }
+   if ((err = mp_mul(key->pubkey.x, t2, t2)) != CRYPT_OK)                                     { goto error; }
+   
+   /* compute y^2 - x^3 */
+   if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK)                                                { goto error; }
+   
+   /* compute y^2 - x^3 + 3x */
+   if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK)                                     { goto error; }
+   if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK)                                     { goto error; }
+   if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK)                                     { goto error; }
+   if ((err = mp_mod(t1, prime, t1)) != CRYPT_OK)                                             { goto error; }
+   while (mp_cmp_d(t1, 0) == LTC_MP_LT) {
+      if ((err = mp_add(t1, prime, t1)) != CRYPT_OK)                                          { goto error; }
+   }
+   while (mp_cmp(t1, prime) != LTC_MP_LT) {
+      if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK)                                          { goto error; }
+   }
+   
+   /* compare to b */
+   if (mp_cmp(t1, b) != LTC_MP_EQ) {
+      err = CRYPT_INVALID_PACKET;
+   } else {
+      err = CRYPT_OK;
+   }
+   
+error:
+   mp_clear_multi(prime, b, t1, t2, NULL);
+   m_free(prime);
+   m_free(b);
+   m_free(t1);
+   m_free(t2);
+   return err;
+}
+
+ecc_key * buf_get_ecc_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve) {
    ecc_key *key = NULL;
    int ret = DROPBEAR_FAILURE;
    const int size = curve->dp->size;
-   unsigned int len = buf_get_string(buf);
-   unsigned char first = buf_get_char(buf);
+   buf_setpos(buf, 0);
+   unsigned int len = buf->len;
+   unsigned char first = buf_getbyte(buf);
    if (first == 2 || first == 3) {
-      dropbear_log("Dropbear doesn't support ECC point compression");
+      dropbear_log(LOG_WARNING, "Dropbear doesn't support ECC point compression");
       return NULL;
    }
    if (first != 4 || len != 1+2*size) {
       return NULL;
    }
 
-   key = m_malloc(sizeof(*key));
-   m_mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL);
+   key = new_ecc_key();
 
-   if (mp_read_unsigned_bin(&key->pubkey.x, buf_getptr(buf, size), size) != MP_OKAY) {
+   if (mp_read_unsigned_bin(key->pubkey.x, buf_getptr(buf, size), size) != MP_OKAY) {
       goto out;
    }
    buf_incrpos(buf, size);
 
-   if (mp_read_unsigned_bin(&key->pubkey.y, buf_getptr(buf, size), size) != MP_OKAY) {
+   if (mp_read_unsigned_bin(key->pubkey.y, buf_getptr(buf, size), size) != MP_OKAY) {
       goto out;
    }
    buf_incrpos(buf, size);
 
-   if (mp_set(key->pubkey.z, 1) != MP_OKAY) {
-      goto out;
-   }
+   mp_set(key->pubkey.z, 1);
 
-   if (is_point(key) != CRYPT_OK) {
+   if (ecc_is_point(key) != CRYPT_OK) {
       goto out;
    }
 
@@ -91,7 +153,7 @@
 out:
    if (ret == DROPBEAR_FAILURE) {
       if (key) {
-         mp_free_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL);
+         ecc_free(key);
          m_free(key);
          key = NULL;
       }
@@ -105,9 +167,9 @@
 // a mp_int instead.
 mp_int * dropbear_ecc_shared_secret(ecc_key *public_key, ecc_key *private_key)
 {
-   ecc_point *result = NULL
+   ecc_point *result = NULL;
    mp_int *prime = NULL, *shared_secret = NULL;
-   int ret = DROPBEAR_FAILURE;
+   int err = DROPBEAR_FAILURE;
 
    /* type valid? */
    if (private_key->type != PK_PRIVATE) {
@@ -163,9 +225,6 @@
    }
 
    return shared_secret;
-   return err;
-}
-
 }
 
 #endif
--- a/ecc.h	Fri Mar 29 00:26:46 2013 +0800
+++ b/ecc.h	Fri Mar 29 00:28:09 2013 +0800
@@ -21,14 +21,11 @@
 // "pubkey" refers to a point, but LTC uses ecc_key structure for both public
 // and private keys
 void buf_put_ecc_pubkey_string(buffer *buf, ecc_key *key);
-int buf_get_ecc_pubkey_string(buffer *buf, ecc_key *key);
+ecc_key * buf_get_ecc_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve);
 int buf_get_ecc_privkey_string(buffer *buf, ecc_key *key);
 
 mp_int * dropbear_ecc_shared_secret(ecc_key *pub_key, ecc_key *priv_key);
 
-
-const ltc_ecc_set_type* get_ecc_curve(enum kex_type type);
-
 #endif
 
 #endif // _DROPBEAR_ECC_H
\ No newline at end of file
--- a/kex.h	Fri Mar 29 00:26:46 2013 +0800
+++ b/kex.h	Fri Mar 29 00:28:09 2013 +0800
@@ -27,6 +27,7 @@
 
 #include "includes.h"
 #include "algo.h"
+#include "signkey.h"
 
 void send_msg_kexinit();
 void recv_msg_kexinit();
@@ -74,9 +75,9 @@
 };
 
 #define DH_P_1_LEN 128
-extern const const unsigned char dh_p_1[DH_P_1_LEN];
+extern const unsigned char dh_p_1[DH_P_1_LEN];
 #define DH_P_14_LEN 256
-const unsigned char dh_p_14[DH_P_14_LEN] = {
+extern const unsigned char dh_p_14[DH_P_14_LEN];
 
 struct kex_dh_param {
 	mp_int pub;
--- a/libtomcrypt/src/headers/tomcrypt_custom.h	Fri Mar 29 00:26:46 2013 +0800
+++ b/libtomcrypt/src/headers/tomcrypt_custom.h	Fri Mar 29 00:28:09 2013 +0800
@@ -127,7 +127,9 @@
 #ifdef DROPBEAR_SHA256
 #define SHA256
 #endif
-
+#ifdef DROPBEAR_SHA384
+#define SHA384
+#endif
 #ifdef DROPBEAR_SHA512
 #define SHA512
 #endif
--- a/ltc_prng.c	Fri Mar 29 00:26:46 2013 +0800
+++ b/ltc_prng.c	Fri Mar 29 00:28:09 2013 +0800
@@ -14,6 +14,7 @@
 #include "options.h"
 #include "includes.h"
 #include "random.h"
+#include "ltc_prng.h"
 
 /**
    @file sprng.c
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ltc_prng.h	Fri Mar 29 00:28:09 2013 +0800
@@ -0,0 +1,13 @@
+#ifndef _LTC_PRNG_H_DROPBEAR
+#define _LTC_PRNG_H_DROPBEAR
+
+#include "options.h"
+#include "includes.h"
+
+#ifdef DROPBEAR_LTC_PRNG
+
+extern const struct ltc_prng_descriptor dropbear_prng_desc;
+
+#endif // DROPBEAR_LTC_PRNG
+
+#endif // _LTC_PRNG_H_DROPBEAR
\ No newline at end of file
--- a/random.c	Fri Mar 29 00:26:46 2013 +0800
+++ b/random.c	Fri Mar 29 00:28:09 2013 +0800
@@ -27,6 +27,8 @@
 #include "dbutil.h"
 #include "bignum.h"
 #include "random.h"
+#include "ltc_prng.h"
+
 
 /* this is used to generate unique output from the same hashpool */
 static uint32_t counter = 0;
--- a/session.h	Fri Mar 29 00:26:46 2013 +0800
+++ b/session.h	Fri Mar 29 00:28:09 2013 +0800
@@ -154,10 +154,10 @@
 	struct KEXState kexstate;
 	struct key_context *keys;
 	struct key_context *newkeys;
-	unsigned char *session_id; /* this is the hash from the first kex */
-	/* The below are used temorarily during kex, are freed after use */
+	buffer *session_id; /* this is the hash from the first kex */
+	/* The below are used temporarily during kex, are freed after use */
 	mp_int * dh_K; /* SSH_MSG_KEXDH_REPLY and sending SSH_MSH_NEWKEYS */
-	unsigned char hash[SHA1_HASH_SIZE]; /* the hash*/
+	buffer *hash/* the session hash */
 	buffer* kexhashbuf; /* session hash buffer calculated from various packets*/
 	buffer* transkexinit; /* the kexinit packet we send should be kept so we
 							 can add it to the hash when generating keys */
--- a/svr-kex.c	Fri Mar 29 00:26:46 2013 +0800
+++ b/svr-kex.c	Fri Mar 29 00:28:09 2013 +0800
@@ -59,6 +59,7 @@
 		}
 	} else {
 #ifdef DROPBEAR_ECDH
+		buffer *ecdh_qs = buf_getstringbuf(ses.payload);
 #endif
 	}
 
--- a/sysoptions.h	Fri Mar 29 00:26:46 2013 +0800
+++ b/sysoptions.h	Fri Mar 29 00:28:09 2013 +0800
@@ -93,13 +93,26 @@
 #define DROPBEAR_ECC
 #endif
 
-
 #ifdef DROPBEAR_ECC
 #define DROPBEAR_ECC_256
 #define DROPBEAR_ECC_384
 #define DROPBEAR_ECC_521
 #endif
 
+// hashes which will be linked and registered
+#if defined(DROPBEAR_SHA2_256_HMAC) || defined(DROPBEAR_ECC_256)
+#define DROPBEAR_SHA256
+#endif
+#if defined(DROPBEAR_ECC_384)
+#define DROPBEAR_SHA384
+#endif
+#if defined(DROPBEAR_SHA2_512_HMAC) || defined(DROPBEAR_ECC_521)
+#define DROPBEAR_SHA512
+#endif
+#if defined(DROPBEAR_MD5_HMAC)
+#define DROPBEAR_MD5
+#endif
+
 // roughly 2x 521 bits
 #define MAX_ECC_SIZE 140
 
@@ -155,19 +168,6 @@
 #define DROPBEAR_TWOFISH
 #endif
 
-#ifdef DROPBEAR_MD5_HMAC
-#define DROPBEAR_MD5
-#endif
-
-#ifdef DROPBEAR_SHA2_256_HMAC
-#define DROPBEAR_SHA256
-#endif
-
-#if (defined(DROPBEAR_DSS) && defined(DSS_PROTOK)) \
-	|| defined(DROPBEAR_SHA2_512_HMAC)
-#define DROPBEAR_SHA512
-#endif
-
 #ifndef ENABLE_X11FWD
 #define DISABLE_X11FWD
 #endif