# HG changeset patch # User Matt Johnston # Date 1103548275 0 # Node ID ed9ca2a9705cd6bb02a1a9819a25accd2e344a72 # Parent 9a1dc9bc17d791ba5c039579b8fd6a93ae86118b Cleaned up the random code, use /dev/random by default, and remove the addrandom() function which wasn't used. diff -r 9a1dc9bc17d7 -r ed9ca2a9705c options.h --- a/options.h Sun Dec 19 16:28:08 2004 +0000 +++ b/options.h Mon Dec 20 13:11:15 2004 +0000 @@ -128,19 +128,21 @@ #define ENABLE_CLI_PASSWORD_AUTH #define ENABLE_CLI_PUBKEY_AUTH -/* Random device to use - you must specify _one only_. - * DEV_URANDOM is recommended on hosts with a good /dev/urandom, otherwise use - * PRNGD and run prngd, specifying the socket. This device must be able to - * produce a large amount of random data, so using /dev/random or Entropy - * Gathering Daemon (egd) may result in halting, as it waits for more random - * data */ -#define DROPBEAR_DEV_URANDOM /* use /dev/urandom */ +/* Random device to use - define either DROPBEAR_RANDOM_DEV or + * DROPBEAR_PRNGD_SOCKET. + * DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random, + * otherwise use run prngd (or egd if you want), specifying the socket. + * The device will be queried for a few dozen bytes of seed a couple of times + * per session (or more for very long-lived sessions). */ -/*#undef DROPBEAR_PRNGD */ /* use prngd socket - you must manually set up prngd - to produce output */ -#ifndef DROPBEAR_PRNGD_SOCKET -#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng" -#endif +/* If you are lacking entropy on the system then using /dev/urandom + * will prevent Dropbear from blocking on the device. This could + * however significantly reduce the security of your ssh connections + * if the PRNG state becomes simpler. */ +#define DROPBEAR_RANDOM_DEV "/dev/random" + +/* prngd must be manually set up to produce output */ +/*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ /* Specify the number of clients we will allow to be connected but * not yet authenticated. After this limit, connections are rejected */ @@ -213,8 +215,6 @@ #define MAX_BANNER_SIZE 2000 /* this is 25*80 chars, any more is foolish */ #define MAX_BANNER_LINES 20 /* How many lines the client will display */ -#define DEV_URANDOM "/dev/urandom" - /* the number of NAME=VALUE pairs to malloc for environ, if we don't have * the clearenv() function */ #define ENV_SIZE 100 @@ -336,6 +336,14 @@ #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h" #endif +#if defined(DROPBEAR_RANDOM_DEV) && defined(DROPBEAR_PRNGD_SOCKET) +#error "You can't turn on DROPBEAR_PRNGD_SOCKET and DROPBEAR_RANDOM_DEV at once" +#endif + +#if !defined(DROPBEAR_RANDOM_DEV) && !defined(DROPBEAR_PRNGD_SOCKET) +#error "You must choose one of DROPBEAR_PRNGD_SOCKET or DROPBEAR_RANDOM_DEV in options.h" +#endif + /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant * code, if we're just compiling as client or server */ #if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT) diff -r 9a1dc9bc17d7 -r ed9ca2a9705c random.c --- a/random.c Sun Dec 19 16:28:08 2004 +0000 +++ b/random.c Mon Dec 20 13:11:15 2004 +0000 @@ -38,7 +38,7 @@ static void readrand(unsigned char* buf, unsigned int buflen); -/* The basic setup is we read some data from DEV_URANDOM or PRNGD and hash it +/* The basic setup is we read some data from /dev/(u)random or prngd and hash it * into hashpool. To read data, we hash together current hashpool contents, * and a counter. We feed more data in by hashing the current pool and new * data into the pool. @@ -53,19 +53,19 @@ int readfd; unsigned int readpos; int readlen; -#ifdef DROPBEAR_EGD +#ifdef DROPBEAR_PRNGD_SOCKET struct sockaddr_un egdsock; char egdcmd[2]; #endif -#ifdef DROPBEAR_DEV_URANDOM - readfd = open(DEV_URANDOM, O_RDONLY); +#ifdef DROPBEAR_RANDOM_DEV + readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY); if (readfd < 0) { dropbear_exit("couldn't open random device"); } #endif -#ifdef DROPBEAR_EGD +#ifdef DROPBEAR_PRNGD_SOCKET memset((void*)&egdsock, 0x0, sizeof(egdsock)); egdsock.sun_family = AF_UNIX; strlcpy(egdsock.sun_path, DROPBEAR_EGD_SOCKET, @@ -105,7 +105,7 @@ close (readfd); } -/* initialise the prng from /dev/urandom or prngd */ +/* initialise the prng from /dev/(u)random or prngd */ void seedrandom() { unsigned char readbuf[INIT_SEED_SIZE]; @@ -159,21 +159,3 @@ } m_burn(hash, sizeof(hash)); } - -/* Adds entropy to the PRNG state. As long as the hash is strong, then we - * don't need to worry about entropy being added "diluting" the current - * state - it should only make it stronger. */ -void addrandom(unsigned char* buf, unsigned int len) { - - hash_state hs; - if (!donerandinit) { - dropbear_exit("seedrandom not done"); - } - - sha1_init(&hs); - sha1_process(&hs, (void*)buf, len); - sha1_process(&hs, (void*)hashpool, sizeof(hashpool)); - sha1_done(&hs, hashpool); - counter = 0; - -}