summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2004-12-20 13:11:15 +0000
committerMatt Johnston <matt@ucc.asn.au>2004-12-20 13:11:15 +0000
commit42c691a051af521efa3cd74045eed7db33a38ca2 (patch)
tree49e44b35eb37b3cdaef53eb2df8c5f1fc5f2c05a
parent8b32e8a08cb381eee3ffa3ad430b1517f39bac88 (diff)
Cleaned up the random code, use /dev/random by default,
and remove the addrandom() function which wasn't used. --HG-- extra : convert_revision : d560d214ad20001f8ef5d5494ff3c97e6184d9cc
-rw-r--r--options.h38
-rw-r--r--random.c30
2 files changed, 29 insertions, 39 deletions
diff --git a/options.h b/options.h
index c6b727f..7a8f1fd 100644
--- a/options.h
+++ b/options.h
@@ -128,19 +128,21 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
#define ENABLE_CLI_PASSWORD_AUTH
#define ENABLE_CLI_PUBKEY_AUTH
-/* Random device to use - you must specify _one only_.
- * DEV_URANDOM is recommended on hosts with a good /dev/urandom, otherwise use
- * PRNGD and run prngd, specifying the socket. This device must be able to
- * produce a large amount of random data, so using /dev/random or Entropy
- * Gathering Daemon (egd) may result in halting, as it waits for more random
- * data */
-#define DROPBEAR_DEV_URANDOM /* use /dev/urandom */
-
-/*#undef DROPBEAR_PRNGD */ /* use prngd socket - you must manually set up prngd
- to produce output */
-#ifndef DROPBEAR_PRNGD_SOCKET
-#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
-#endif
+/* Random device to use - define either DROPBEAR_RANDOM_DEV or
+ * DROPBEAR_PRNGD_SOCKET.
+ * DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random,
+ * otherwise use run prngd (or egd if you want), specifying the socket.
+ * The device will be queried for a few dozen bytes of seed a couple of times
+ * per session (or more for very long-lived sessions). */
+
+/* If you are lacking entropy on the system then using /dev/urandom
+ * will prevent Dropbear from blocking on the device. This could
+ * however significantly reduce the security of your ssh connections
+ * if the PRNG state becomes simpler. */
+#define DROPBEAR_RANDOM_DEV "/dev/random"
+
+/* prngd must be manually set up to produce output */
+/*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
/* Specify the number of clients we will allow to be connected but
* not yet authenticated. After this limit, connections are rejected */
@@ -213,8 +215,6 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
#define MAX_BANNER_SIZE 2000 /* this is 25*80 chars, any more is foolish */
#define MAX_BANNER_LINES 20 /* How many lines the client will display */
-#define DEV_URANDOM "/dev/urandom"
-
/* the number of NAME=VALUE pairs to malloc for environ, if we don't have
* the clearenv() function */
#define ENV_SIZE 100
@@ -336,6 +336,14 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
#error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
#endif
+#if defined(DROPBEAR_RANDOM_DEV) && defined(DROPBEAR_PRNGD_SOCKET)
+#error "You can't turn on DROPBEAR_PRNGD_SOCKET and DROPBEAR_RANDOM_DEV at once"
+#endif
+
+#if !defined(DROPBEAR_RANDOM_DEV) && !defined(DROPBEAR_PRNGD_SOCKET)
+#error "You must choose one of DROPBEAR_PRNGD_SOCKET or DROPBEAR_RANDOM_DEV in options.h"
+#endif
+
/* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
* code, if we're just compiling as client or server */
#if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT)
diff --git a/random.c b/random.c
index 65a9c64..e1c586e 100644
--- a/random.c
+++ b/random.c
@@ -38,7 +38,7 @@ unsigned char hashpool[SHA1_HASH_SIZE];
static void readrand(unsigned char* buf, unsigned int buflen);
-/* The basic setup is we read some data from DEV_URANDOM or PRNGD and hash it
+/* The basic setup is we read some data from /dev/(u)random or prngd and hash it
* into hashpool. To read data, we hash together current hashpool contents,
* and a counter. We feed more data in by hashing the current pool and new
* data into the pool.
@@ -53,19 +53,19 @@ static void readrand(unsigned char* buf, unsigned int buflen) {
int readfd;
unsigned int readpos;
int readlen;
-#ifdef DROPBEAR_EGD
+#ifdef DROPBEAR_PRNGD_SOCKET
struct sockaddr_un egdsock;
char egdcmd[2];
#endif
-#ifdef DROPBEAR_DEV_URANDOM
- readfd = open(DEV_URANDOM, O_RDONLY);
+#ifdef DROPBEAR_RANDOM_DEV
+ readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
if (readfd < 0) {
dropbear_exit("couldn't open random device");
}
#endif
-#ifdef DROPBEAR_EGD
+#ifdef DROPBEAR_PRNGD_SOCKET
memset((void*)&egdsock, 0x0, sizeof(egdsock));
egdsock.sun_family = AF_UNIX;
strlcpy(egdsock.sun_path, DROPBEAR_EGD_SOCKET,
@@ -105,7 +105,7 @@ static void readrand(unsigned char* buf, unsigned int buflen) {
close (readfd);
}
-/* initialise the prng from /dev/urandom or prngd */
+/* initialise the prng from /dev/(u)random or prngd */
void seedrandom() {
unsigned char readbuf[INIT_SEED_SIZE];
@@ -159,21 +159,3 @@ void genrandom(unsigned char* buf, unsigned int len) {
}
m_burn(hash, sizeof(hash));
}
-
-/* Adds entropy to the PRNG state. As long as the hash is strong, then we
- * don't need to worry about entropy being added "diluting" the current
- * state - it should only make it stronger. */
-void addrandom(unsigned char* buf, unsigned int len) {
-
- hash_state hs;
- if (!donerandinit) {
- dropbear_exit("seedrandom not done");
- }
-
- sha1_init(&hs);
- sha1_process(&hs, (void*)buf, len);
- sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
- sha1_done(&hs, hashpool);
- counter = 0;
-
-}