Add -u option to specify /dev/urandom instead

--HG--
extra : convert_revision : 6925cd3fd7727fbc69db9883675aa90f594f58a0

cli-runopts.c

@@ -29,6 +29,7 @@
 #include "dbutil.h"
 #include "algo.h"
 #include "tcpfwd.h"
+#include "random.h"
 
 cli_runopts cli_opts; /* GLOBAL */
 
@@ -53,6 +54,7 @@ static void printhelp() {
 					"-N    Don't run a remote command\n"
 					"-f    Run in background after auth\n"
 					"-y    Always accept remote host key if unknown\n"
+					"-u    Use /dev/urandom - use with caution\n"
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 					"-i <identityfile>   (multiple allowed)\n"
 #endif
@@ -86,6 +88,7 @@ void cli_getopts(int argc, char ** argv) {
 	char* dummy = NULL; /* Not used for anything real */
 
 	/* see printhelp() for options */
+	opts.listen_fwd_all = 0;
 	cli_opts.progname = argv[0];
 	cli_opts.remotehost = NULL;
 	cli_opts.remoteport = NULL;
@@ -100,7 +103,6 @@ void cli_getopts(int argc, char ** argv) {
 #endif
 #ifdef ENABLE_CLI_LOCALTCPFWD
 	cli_opts.localfwds = NULL;
-	opts.listen_fwd_all = 0;
 #endif
 #ifdef ENABLE_CLI_REMOTETCPFWD
 	cli_opts.remotefwds = NULL;
@@ -198,6 +200,9 @@ void cli_getopts(int argc, char ** argv) {
 					printhelp();
 					exit(EXIT_SUCCESS);
 					break;
+				case 'u':
+					random_dev = DROPBEAR_URANDOM_DEV;
+					break;
 #ifdef DEBUG_TRACE
 				case 'v':
 					debug_trace = 1;

dbclient.1

@@ -74,6 +74,9 @@ by the ssh server.
 .B \-y
 Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the
 connection will abort as normal.
+.B \-u
+Use /dev/urandom rather than /dev/random. This should only be used if the
+/dev/urandom device is known to have sufficient entropy.
 .SH AUTHOR
 Matt Johnston (matt@ucc.asn.au).
 .br

dropbear.8

@@ -82,6 +82,9 @@ default is /var/run/dropbear.pid
 .TP
 .B \-a
 Allow remote hosts to connect to forwarded ports.
+.B \-u
+Use /dev/urandom rather than /dev/random. This should only be used if the
+/dev/urandom device is known to have sufficient entropy.
 .SH AUTHOR
 Matt Johnston (matt@ucc.asn.au).
 .br

options.h

@@ -169,6 +169,9 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  * doing if you change this. */
 #define DROPBEAR_RANDOM_DEV "/dev/random"
 
+/* The -u flag on the commandline can also be used */
+#define DROPBEAR_URANDOM_DEV "/dev/urandom"
+
 /* prngd must be manually set up to produce output */
 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
 

random.c

@@ -27,6 +27,13 @@
 #include "dbutil.h"
 #include "bignum.h"
 
+#ifdef DROPBEAR_RANDOM_DEV
+const char* random_dev = DROPBEAR_RANDOM_DEV;	
+#else
+const char* random_dev = NULL;
+#endif
+
+
 static int donerandinit = 0;
 
 /* this is used to generate unique output from the same hashpool */
@@ -62,9 +69,9 @@ static void readrand(unsigned char* buf, unsigned int buflen) {
 #endif
 
 #ifdef DROPBEAR_RANDOM_DEV
-	readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
+	readfd = open(random_dev, O_RDONLY);		
 	if (readfd < 0) {
-		dropbear_exit("couldn't open random device");
+		dropbear_exit("couldn't open %s", random_dev);
 	}
 #endif
 

random.h

@@ -33,4 +33,6 @@ void genrandom(unsigned char* buf, int len);
 void addrandom(unsigned char* buf, int len);
 void gen_random_mpint(mp_int *max, mp_int *rand);
 
+extern const char * random_dev;
+
 #endif /* _RANDOM_H_ */

svr-runopts.c

@@ -28,6 +28,7 @@
 #include "buffer.h"
 #include "dbutil.h"
 #include "algo.h"
+#include "random.h"
 
 svr_runopts svr_opts; /* GLOBAL */
 
@@ -80,6 +81,7 @@ static void printhelp(const char * progname) {
 #ifdef INETD_MODE
 					"-i		Start for inetd\n"
 #endif
+					"-u		Use /dev/urandom - use with caution\n"
 #ifdef DEBUG_TRACE
 					"-v		verbose\n"
 #endif
@@ -216,6 +218,9 @@ void svr_getopts(int argc, char ** argv) {
 					printhelp(argv[0]);
 					exit(EXIT_FAILURE);
 					break;
+				case 'u':
+					random_dev = DROPBEAR_URANDOM_DEV;
+					break;
 #ifdef DEBUG_TRACE
 				case 'v':
 					debug_trace = 1;