# HG changeset patch # User Matt Johnston # Date 1176730790 0 # Node ID d82a2a44c68457fcd94df216c29edf2a78295b5c # Parent fdf06a5a54e4f972a2455d696e8db866faa91fe6 Add -u option to specify /dev/urandom instead diff -r fdf06a5a54e4 -r d82a2a44c684 cli-runopts.c --- a/cli-runopts.c Sat Mar 17 06:30:11 2007 +0000 +++ b/cli-runopts.c Mon Apr 16 13:39:50 2007 +0000 @@ -29,6 +29,7 @@ #include "dbutil.h" #include "algo.h" #include "tcpfwd.h" +#include "random.h" cli_runopts cli_opts; /* GLOBAL */ @@ -53,6 +54,7 @@ "-N Don't run a remote command\n" "-f Run in background after auth\n" "-y Always accept remote host key if unknown\n" + "-u Use /dev/urandom - use with caution\n" #ifdef ENABLE_CLI_PUBKEY_AUTH "-i (multiple allowed)\n" #endif @@ -86,6 +88,7 @@ char* dummy = NULL; /* Not used for anything real */ /* see printhelp() for options */ + opts.listen_fwd_all = 0; cli_opts.progname = argv[0]; cli_opts.remotehost = NULL; cli_opts.remoteport = NULL; @@ -100,7 +103,6 @@ #endif #ifdef ENABLE_CLI_LOCALTCPFWD cli_opts.localfwds = NULL; - opts.listen_fwd_all = 0; #endif #ifdef ENABLE_CLI_REMOTETCPFWD cli_opts.remotefwds = NULL; @@ -198,6 +200,9 @@ printhelp(); exit(EXIT_SUCCESS); break; + case 'u': + random_dev = DROPBEAR_URANDOM_DEV; + break; #ifdef DEBUG_TRACE case 'v': debug_trace = 1; diff -r fdf06a5a54e4 -r d82a2a44c684 dbclient.1 --- a/dbclient.1 Sat Mar 17 06:30:11 2007 +0000 +++ b/dbclient.1 Mon Apr 16 13:39:50 2007 +0000 @@ -74,6 +74,9 @@ .B \-y Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the connection will abort as normal. +.B \-u +Use /dev/urandom rather than /dev/random. This should only be used if the +/dev/urandom device is known to have sufficient entropy. .SH AUTHOR Matt Johnston (matt@ucc.asn.au). .br diff -r fdf06a5a54e4 -r d82a2a44c684 dropbear.8 --- a/dropbear.8 Sat Mar 17 06:30:11 2007 +0000 +++ b/dropbear.8 Mon Apr 16 13:39:50 2007 +0000 @@ -82,6 +82,9 @@ .TP .B \-a Allow remote hosts to connect to forwarded ports. +.B \-u +Use /dev/urandom rather than /dev/random. This should only be used if the +/dev/urandom device is known to have sufficient entropy. .SH AUTHOR Matt Johnston (matt@ucc.asn.au). .br diff -r fdf06a5a54e4 -r d82a2a44c684 options.h --- a/options.h Sat Mar 17 06:30:11 2007 +0000 +++ b/options.h Mon Apr 16 13:39:50 2007 +0000 @@ -169,6 +169,9 @@ * doing if you change this. */ #define DROPBEAR_RANDOM_DEV "/dev/random" +/* The -u flag on the commandline can also be used */ +#define DROPBEAR_URANDOM_DEV "/dev/urandom" + /* prngd must be manually set up to produce output */ /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ diff -r fdf06a5a54e4 -r d82a2a44c684 random.c --- a/random.c Sat Mar 17 06:30:11 2007 +0000 +++ b/random.c Mon Apr 16 13:39:50 2007 +0000 @@ -27,6 +27,13 @@ #include "dbutil.h" #include "bignum.h" +#ifdef DROPBEAR_RANDOM_DEV +const char* random_dev = DROPBEAR_RANDOM_DEV; +#else +const char* random_dev = NULL; +#endif + + static int donerandinit = 0; /* this is used to generate unique output from the same hashpool */ @@ -62,9 +69,9 @@ #endif #ifdef DROPBEAR_RANDOM_DEV - readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY); + readfd = open(random_dev, O_RDONLY); if (readfd < 0) { - dropbear_exit("couldn't open random device"); + dropbear_exit("couldn't open %s", random_dev); } #endif diff -r fdf06a5a54e4 -r d82a2a44c684 random.h --- a/random.h Sat Mar 17 06:30:11 2007 +0000 +++ b/random.h Mon Apr 16 13:39:50 2007 +0000 @@ -33,4 +33,6 @@ void addrandom(unsigned char* buf, int len); void gen_random_mpint(mp_int *max, mp_int *rand); +extern const char * random_dev; + #endif /* _RANDOM_H_ */ diff -r fdf06a5a54e4 -r d82a2a44c684 svr-runopts.c --- a/svr-runopts.c Sat Mar 17 06:30:11 2007 +0000 +++ b/svr-runopts.c Mon Apr 16 13:39:50 2007 +0000 @@ -28,6 +28,7 @@ #include "buffer.h" #include "dbutil.h" #include "algo.h" +#include "random.h" svr_runopts svr_opts; /* GLOBAL */ @@ -80,6 +81,7 @@ #ifdef INETD_MODE "-i Start for inetd\n" #endif + "-u Use /dev/urandom - use with caution\n" #ifdef DEBUG_TRACE "-v verbose\n" #endif @@ -216,6 +218,9 @@ printhelp(argv[0]); exit(EXIT_FAILURE); break; + case 'u': + random_dev = DROPBEAR_URANDOM_DEV; + break; #ifdef DEBUG_TRACE case 'v': debug_trace = 1;