Dropbear test version 2013.61test with ECC

NiLuJe ninuje at gmail.com
Sun Nov 17 02:36:37 WST 2013


Hi,

Just ran a quick test on a Kindle (armv7-a/cortex-a8), it seems to work
fine, and, provided both sides handle ecdh, indeed gets rid of the slow kex
'bug' that has plagued some slow devices for a while, so, thanks :).

A few notes:

* libtomcrypt has to be built w/ -DLTM_DESC for ECC support (I'm using
external libtom* libs).


* I had to patch the configure script to detect libtommath before
libtomcrypt so that the LIBS var was built in the right order to please
recent binutils versions (libtomcrypt depends on libtommath, so -ltommath
has to come *after* -ltomcrypt).

diff -NuarpBZ dropbear-2013.61test-ori/configure.ac
dropbear-2013.61test/configure.ac
--- dropbear-2013.61test-ori/configure.ac	2013-11-16 16:40:51.904116642 +0100
+++ dropbear-2013.61test/configure.ac	2013-11-16 16:42:46.796680288 +0100
@@ -371,16 +371,16 @@ AC_ARG_ENABLE(bundled-libtom,
 			AC_MSG_NOTICE(Forcing bundled libtom*)
 		else
 			BUNDLED_LIBTOM=0
-			AC_CHECK_LIB(tomcrypt, register_cipher, , 
-				[AC_MSG_ERROR([Missing system libtomcrypt and --disable-bundled-libtom
was specified])] )
 			AC_CHECK_LIB(tommath, mp_exptmod, , 
 				[AC_MSG_ERROR([Missing system libtomcrypt and --disable-bundled-libtom
was specified])] )
+			AC_CHECK_LIB(tomcrypt, register_cipher, ,
+				[AC_MSG_ERROR([Missing system libtomcrypt and --disable-bundled-libtom
was specified])] )
 		fi
 	],
 	[
 		BUNDLED_LIBTOM=0
-		AC_CHECK_LIB(tomcrypt, register_cipher, , BUNDLED_LIBTOM=1)
 		AC_CHECK_LIB(tommath, mp_exptmod, , BUNDLED_LIBTOM=1)
+		AC_CHECK_LIB(tomcrypt, register_cipher, , BUNDLED_LIBTOM=1)
 	]
 )


* Didn't really look further than that, but dropbearconvert dropbear ->
openssh on a fresh ecdsa key generated by dropbearkey dies with a "*** glibc
detected *** dropbearconvert: free(): corrupted unsorted chunks: 0x000530b0
***" (take this one with a grain of salt, that's on a Kindle 5 [eglibc
2.12], so there may be some weirdness involved).
 



More information about the Dropbear mailing list