changeset 442:d82a2a44c684

Add -u option to specify /dev/urandom instead
author Matt Johnston <matt@ucc.asn.au>
date Mon, 16 Apr 2007 13:39:50 +0000
parents fdf06a5a54e4
children 2d943453cecf
files cli-runopts.c dbclient.1 dropbear.8 options.h random.c random.h svr-runopts.c
diffstat 7 files changed, 31 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/cli-runopts.c	Sat Mar 17 06:30:11 2007 +0000
+++ b/cli-runopts.c	Mon Apr 16 13:39:50 2007 +0000
@@ -29,6 +29,7 @@
 #include "dbutil.h"
 #include "algo.h"
 #include "tcpfwd.h"
+#include "random.h"
 
 cli_runopts cli_opts; /* GLOBAL */
 
@@ -53,6 +54,7 @@
 					"-N    Don't run a remote command\n"
 					"-f    Run in background after auth\n"
 					"-y    Always accept remote host key if unknown\n"
+					"-u    Use /dev/urandom - use with caution\n"
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 					"-i <identityfile>   (multiple allowed)\n"
 #endif
@@ -86,6 +88,7 @@
 	char* dummy = NULL; /* Not used for anything real */
 
 	/* see printhelp() for options */
+	opts.listen_fwd_all = 0;
 	cli_opts.progname = argv[0];
 	cli_opts.remotehost = NULL;
 	cli_opts.remoteport = NULL;
@@ -100,7 +103,6 @@
 #endif
 #ifdef ENABLE_CLI_LOCALTCPFWD
 	cli_opts.localfwds = NULL;
-	opts.listen_fwd_all = 0;
 #endif
 #ifdef ENABLE_CLI_REMOTETCPFWD
 	cli_opts.remotefwds = NULL;
@@ -198,6 +200,9 @@
 					printhelp();
 					exit(EXIT_SUCCESS);
 					break;
+				case 'u':
+					random_dev = DROPBEAR_URANDOM_DEV;
+					break;
 #ifdef DEBUG_TRACE
 				case 'v':
 					debug_trace = 1;
--- a/dbclient.1	Sat Mar 17 06:30:11 2007 +0000
+++ b/dbclient.1	Mon Apr 16 13:39:50 2007 +0000
@@ -74,6 +74,9 @@
 .B \-y
 Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the
 connection will abort as normal.
+.B \-u
+Use /dev/urandom rather than /dev/random. This should only be used if the
+/dev/urandom device is known to have sufficient entropy.
 .SH AUTHOR
 Matt Johnston ([email protected]).
 .br
--- a/dropbear.8	Sat Mar 17 06:30:11 2007 +0000
+++ b/dropbear.8	Mon Apr 16 13:39:50 2007 +0000
@@ -82,6 +82,9 @@
 .TP
 .B \-a
 Allow remote hosts to connect to forwarded ports.
+.B \-u
+Use /dev/urandom rather than /dev/random. This should only be used if the
+/dev/urandom device is known to have sufficient entropy.
 .SH AUTHOR
 Matt Johnston ([email protected]).
 .br
--- a/options.h	Sat Mar 17 06:30:11 2007 +0000
+++ b/options.h	Mon Apr 16 13:39:50 2007 +0000
@@ -169,6 +169,9 @@
  * doing if you change this. */
 #define DROPBEAR_RANDOM_DEV "/dev/random"
 
+/* The -u flag on the commandline can also be used */
+#define DROPBEAR_URANDOM_DEV "/dev/urandom"
+
 /* prngd must be manually set up to produce output */
 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
 
--- a/random.c	Sat Mar 17 06:30:11 2007 +0000
+++ b/random.c	Mon Apr 16 13:39:50 2007 +0000
@@ -27,6 +27,13 @@
 #include "dbutil.h"
 #include "bignum.h"
 
+#ifdef DROPBEAR_RANDOM_DEV
+const char* random_dev = DROPBEAR_RANDOM_DEV;	
+#else
+const char* random_dev = NULL;
+#endif
+
+
 static int donerandinit = 0;
 
 /* this is used to generate unique output from the same hashpool */
@@ -62,9 +69,9 @@
 #endif
 
 #ifdef DROPBEAR_RANDOM_DEV
-	readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
+	readfd = open(random_dev, O_RDONLY);		
 	if (readfd < 0) {
-		dropbear_exit("couldn't open random device");
+		dropbear_exit("couldn't open %s", random_dev);
 	}
 #endif
 
--- a/random.h	Sat Mar 17 06:30:11 2007 +0000
+++ b/random.h	Mon Apr 16 13:39:50 2007 +0000
@@ -33,4 +33,6 @@
 void addrandom(unsigned char* buf, int len);
 void gen_random_mpint(mp_int *max, mp_int *rand);
 
+extern const char * random_dev;
+
 #endif /* _RANDOM_H_ */
--- a/svr-runopts.c	Sat Mar 17 06:30:11 2007 +0000
+++ b/svr-runopts.c	Mon Apr 16 13:39:50 2007 +0000
@@ -28,6 +28,7 @@
 #include "buffer.h"
 #include "dbutil.h"
 #include "algo.h"
+#include "random.h"
 
 svr_runopts svr_opts; /* GLOBAL */
 
@@ -80,6 +81,7 @@
 #ifdef INETD_MODE
 					"-i		Start for inetd\n"
 #endif
+					"-u		Use /dev/urandom - use with caution\n"
 #ifdef DEBUG_TRACE
 					"-v		verbose\n"
 #endif
@@ -216,6 +218,9 @@
 					printhelp(argv[0]);
 					exit(EXIT_FAILURE);
 					break;
+				case 'u':
+					random_dev = DROPBEAR_URANDOM_DEV;
+					break;
 #ifdef DEBUG_TRACE
 				case 'v':
 					debug_trace = 1;