changeset 446:2cd2edfa11ee

Just use /dev/urandom since that's what everyone ends up using anyway. Make -u a nop.
author Matt Johnston <matt@ucc.asn.au>
date Thu, 19 Jul 2007 15:47:32 +0000
parents edbee0596531
children 278805938dcf
files cli-runopts.c dbclient.1 dropbear.8 options.h random.c random.h svr-runopts.c
diffstat 7 files changed, 9 insertions(+), 33 deletions(-) [+]
line wrap: on
line diff
--- a/cli-runopts.c	Thu Jul 19 14:08:24 2007 +0000
+++ b/cli-runopts.c	Thu Jul 19 15:47:32 2007 +0000
@@ -29,7 +29,6 @@
 #include "dbutil.h"
 #include "algo.h"
 #include "tcpfwd.h"
-#include "random.h"
 
 cli_runopts cli_opts; /* GLOBAL */
 
@@ -54,7 +53,6 @@
 					"-N    Don't run a remote command\n"
 					"-f    Run in background after auth\n"
 					"-y    Always accept remote host key if unknown\n"
-					"-u    Use /dev/urandom - use with caution\n"
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 					"-i <identityfile>   (multiple allowed)\n"
 #endif
@@ -88,7 +86,6 @@
 	char* dummy = NULL; /* Not used for anything real */
 
 	/* see printhelp() for options */
-	opts.listen_fwd_all = 0;
 	cli_opts.progname = argv[0];
 	cli_opts.remotehost = NULL;
 	cli_opts.remoteport = NULL;
@@ -103,6 +100,7 @@
 #endif
 #ifdef ENABLE_CLI_LOCALTCPFWD
 	cli_opts.localfwds = NULL;
+	opts.listen_fwd_all = 0;
 #endif
 #ifdef ENABLE_CLI_REMOTETCPFWD
 	cli_opts.remotefwds = NULL;
@@ -201,7 +199,7 @@
 					exit(EXIT_SUCCESS);
 					break;
 				case 'u':
-					random_dev = DROPBEAR_URANDOM_DEV;
+					/* backwards compatibility with old urandom option */
 					break;
 #ifdef DEBUG_TRACE
 				case 'v':
--- a/dbclient.1	Thu Jul 19 14:08:24 2007 +0000
+++ b/dbclient.1	Thu Jul 19 15:47:32 2007 +0000
@@ -74,9 +74,6 @@
 .B \-y
 Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the
 connection will abort as normal.
-.B \-u
-Use /dev/urandom rather than /dev/random. This should only be used if the
-/dev/urandom device is known to have sufficient entropy.
 .SH AUTHOR
 Matt Johnston ([email protected]).
 .br
--- a/dropbear.8	Thu Jul 19 14:08:24 2007 +0000
+++ b/dropbear.8	Thu Jul 19 15:47:32 2007 +0000
@@ -82,9 +82,6 @@
 .TP
 .B \-a
 Allow remote hosts to connect to forwarded ports.
-.B \-u
-Use /dev/urandom rather than /dev/random. This should only be used if the
-/dev/urandom device is known to have sufficient entropy.
 .SH AUTHOR
 Matt Johnston ([email protected]).
 .br
--- a/options.h	Thu Jul 19 14:08:24 2007 +0000
+++ b/options.h	Thu Jul 19 15:47:32 2007 +0000
@@ -162,15 +162,10 @@
  * The device will be queried for a few dozen bytes of seed a couple of times
  * per session (or more for very long-lived sessions). */
 
-/* If you are lacking entropy on the system then using /dev/urandom
- * will prevent Dropbear from blocking on the device. This could
- * however significantly reduce the security of your ssh connections
- * if the PRNG state becomes guessable - make sure you know what you are
- * doing if you change this. */
-#define DROPBEAR_RANDOM_DEV "/dev/random"
-
-/* The -u flag on the commandline can also be used */
-#define DROPBEAR_URANDOM_DEV "/dev/urandom"
+/* We'll use /dev/urandom by default, since /dev/random is too much hassle.
+ * If system developers aren't keeping seeds between boots nor getting
+ * any entropy from somewhere it's their own fault. */
+#define DROPBEAR_RANDOM_DEV "/dev/urandom"
 
 /* prngd must be manually set up to produce output */
 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
--- a/random.c	Thu Jul 19 14:08:24 2007 +0000
+++ b/random.c	Thu Jul 19 15:47:32 2007 +0000
@@ -27,13 +27,6 @@
 #include "dbutil.h"
 #include "bignum.h"
 
-#ifdef DROPBEAR_RANDOM_DEV
-const char* random_dev = DROPBEAR_RANDOM_DEV;	
-#else
-const char* random_dev = NULL;
-#endif
-
-
 static int donerandinit = 0;
 
 /* this is used to generate unique output from the same hashpool */
@@ -69,9 +62,9 @@
 #endif
 
 #ifdef DROPBEAR_RANDOM_DEV
-	readfd = open(random_dev, O_RDONLY);		
+	readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
 	if (readfd < 0) {
-		dropbear_exit("couldn't open %s", random_dev);
+		dropbear_exit("couldn't open random device");
 	}
 #endif
 
--- a/random.h	Thu Jul 19 14:08:24 2007 +0000
+++ b/random.h	Thu Jul 19 15:47:32 2007 +0000
@@ -33,6 +33,4 @@
 void addrandom(unsigned char* buf, int len);
 void gen_random_mpint(mp_int *max, mp_int *rand);
 
-extern const char * random_dev;
-
 #endif /* _RANDOM_H_ */
--- a/svr-runopts.c	Thu Jul 19 14:08:24 2007 +0000
+++ b/svr-runopts.c	Thu Jul 19 15:47:32 2007 +0000
@@ -28,7 +28,6 @@
 #include "buffer.h"
 #include "dbutil.h"
 #include "algo.h"
-#include "random.h"
 
 svr_runopts svr_opts; /* GLOBAL */
 
@@ -81,7 +80,6 @@
 #ifdef INETD_MODE
 					"-i		Start for inetd\n"
 #endif
-					"-u		Use /dev/urandom - use with caution\n"
 #ifdef DEBUG_TRACE
 					"-v		verbose\n"
 #endif
@@ -219,7 +217,7 @@
 					exit(EXIT_FAILURE);
 					break;
 				case 'u':
-					random_dev = DROPBEAR_URANDOM_DEV;
+					/* backwards compatibility with old urandom option */
 					break;
 #ifdef DEBUG_TRACE
 				case 'v':