Cleaned up the random code, use /dev/random by default,

and remove the addrandom() function which wasn't used. --HG-- extra : convert_revision : d560d214ad20001f8ef5d5494ff3c97e6184d9cc
2025-04-27 09:29:31 +00:00 · 2004-12-20 13:11:15 +00:00 · 2004-12-20 13:11:15 +00:00 · 42c691a051
commit 42c691a051
parent 8b32e8a08c
2 changed files with 28 additions and 38 deletions
--- a/options.h
+++ b/options.h
@ -128,19 +128,21 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #define ENABLE_CLI_PASSWORD_AUTH
 #define ENABLE_CLI_PUBKEY_AUTH
-/* Random device to use - you must specify _one only_.
+/* Random device to use - define either DROPBEAR_RANDOM_DEV or
- * DEV_URANDOM is recommended on hosts with a good /dev/urandom, otherwise use
+ * DROPBEAR_PRNGD_SOCKET.
- * PRNGD and run prngd, specifying the socket. This device must be able to
+ * DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random,
- * produce a large amount of random data, so using /dev/random or Entropy
+ * otherwise use run prngd (or egd if you want), specifying the socket. 
- * Gathering Daemon (egd) may result in halting, as it waits for more random
+ * The device will be queried for a few dozen bytes of seed a couple of times
- * data */
+ * per session (or more for very long-lived sessions). */
 #define DROPBEAR_DEV_URANDOM /* use /dev/urandom */
-/*#undef DROPBEAR_PRNGD */ /* use prngd socket - you must manually set up prngd
+/* If you are lacking entropy on the system then using /dev/urandom
-							  to produce output */
+ * will prevent Dropbear from blocking on the device. This could
-#ifndef DROPBEAR_PRNGD_SOCKET
+ * however significantly reduce the security of your ssh connections
-#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
+ * if the PRNG state becomes simpler. */
-#endif
+#define DROPBEAR_RANDOM_DEV "/dev/random"
 /* prngd must be manually set up to produce output */
 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
 /* Specify the number of clients we will allow to be connected but
 * not yet authenticated. After this limit, connections are rejected */
@ -213,8 +215,6 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #define MAX_BANNER_SIZE 2000 /* this is 25*80 chars, any more is foolish */
 #define MAX_BANNER_LINES 20 /* How many lines the client will display */
 #define DEV_URANDOM "/dev/urandom"
 /* the number of NAME=VALUE pairs to malloc for environ, if we don't have
 * the clearenv() function */
 #define ENV_SIZE 100
@ -336,6 +336,14 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
 #endif
 #if defined(DROPBEAR_RANDOM_DEV) && defined(DROPBEAR_PRNGD_SOCKET)
 #error "You can't turn on DROPBEAR_PRNGD_SOCKET and DROPBEAR_RANDOM_DEV at once"
 #endif
 #if !defined(DROPBEAR_RANDOM_DEV) && !defined(DROPBEAR_PRNGD_SOCKET)
 #error "You must choose one of DROPBEAR_PRNGD_SOCKET or DROPBEAR_RANDOM_DEV in options.h"
 #endif
 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
 * code, if we're just compiling as client or server */
 #if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT)
--- a/random.c
+++ b/random.c
@ -38,7 +38,7 @@ unsigned char hashpool[SHA1_HASH_SIZE];
 static void readrand(unsigned char* buf, unsigned int buflen);
-/* The basic setup is we read some data from DEV_URANDOM or PRNGD and hash it
+/* The basic setup is we read some data from /dev/(u)random or prngd and hash it
 * into hashpool. To read data, we hash together current hashpool contents,
 * and a counter. We feed more data in by hashing the current pool and new
 * data into the pool.
@ -53,19 +53,19 @@ static void readrand(unsigned char* buf, unsigned int buflen) {
 	int readfd;
 	unsigned int readpos;
 	int readlen;
-#ifdef DROPBEAR_EGD
+#ifdef DROPBEAR_PRNGD_SOCKET
 	struct sockaddr_un egdsock;
 	char egdcmd[2];
 #endif
-#ifdef DROPBEAR_DEV_URANDOM
+#ifdef DROPBEAR_RANDOM_DEV
-	readfd = open(DEV_URANDOM, O_RDONLY);
+	readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
 	if (readfd < 0) {
 		dropbear_exit("couldn't open random device");
 	}
 #endif
-#ifdef DROPBEAR_EGD
+#ifdef DROPBEAR_PRNGD_SOCKET
 	memset((void*)&egdsock, 0x0, sizeof(egdsock));
 	egdsock.sun_family = AF_UNIX;
 	strlcpy(egdsock.sun_path, DROPBEAR_EGD_SOCKET,
@ -105,7 +105,7 @@ static void readrand(unsigned char* buf, unsigned int buflen) {
 	close (readfd);
 }
-/* initialise the prng from /dev/urandom or prngd */
+/* initialise the prng from /dev/(u)random or prngd */
 void seedrandom() {
 	unsigned char readbuf[INIT_SEED_SIZE];
@ -159,21 +159,3 @@ void genrandom(unsigned char* buf, unsigned int len) {
 	}
 	m_burn(hash, sizeof(hash));
 }
 /* Adds entropy to the PRNG state. As long as the hash is strong, then we
 * don't need to worry about entropy being added "diluting" the current
 * state - it should only make it stronger. */
 void addrandom(unsigned char* buf, unsigned int len) {
 	hash_state hs;
 	if (!donerandinit) {
 		dropbear_exit("seedrandom not done");
 	}
 	sha1_init(&hs);
 	sha1_process(&hs, (void*)buf, len);
 	sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
 	sha1_done(&hs, hashpool);
 	counter = 0;
 }