diff options
| -rw-r--r-- | cli-runopts.c | 7 | ||||
| -rw-r--r-- | dbclient.1 | 3 | ||||
| -rw-r--r-- | dropbear.8 | 3 | ||||
| -rw-r--r-- | options.h | 3 | ||||
| -rw-r--r-- | random.c | 11 | ||||
| -rw-r--r-- | random.h | 2 | ||||
| -rw-r--r-- | svr-runopts.c | 5 |
7 files changed, 31 insertions, 3 deletions
diff --git a/cli-runopts.c b/cli-runopts.c index fc67850..cb548a2 100644 --- a/cli-runopts.c +++ b/cli-runopts.c @@ -29,6 +29,7 @@ #include "dbutil.h" #include "algo.h" #include "tcpfwd.h" +#include "random.h" cli_runopts cli_opts; /* GLOBAL */ @@ -53,6 +54,7 @@ static void printhelp() { "-N Don't run a remote command\n" "-f Run in background after auth\n" "-y Always accept remote host key if unknown\n" + "-u Use /dev/urandom - use with caution\n" #ifdef ENABLE_CLI_PUBKEY_AUTH "-i <identityfile> (multiple allowed)\n" #endif @@ -86,6 +88,7 @@ void cli_getopts(int argc, char ** argv) { char* dummy = NULL; /* Not used for anything real */ /* see printhelp() for options */ + opts.listen_fwd_all = 0; cli_opts.progname = argv[0]; cli_opts.remotehost = NULL; cli_opts.remoteport = NULL; @@ -100,7 +103,6 @@ void cli_getopts(int argc, char ** argv) { #endif #ifdef ENABLE_CLI_LOCALTCPFWD cli_opts.localfwds = NULL; - opts.listen_fwd_all = 0; #endif #ifdef ENABLE_CLI_REMOTETCPFWD cli_opts.remotefwds = NULL; @@ -198,6 +200,9 @@ void cli_getopts(int argc, char ** argv) { printhelp(); exit(EXIT_SUCCESS); break; + case 'u': + random_dev = DROPBEAR_URANDOM_DEV; + break; #ifdef DEBUG_TRACE case 'v': debug_trace = 1; @@ -74,6 +74,9 @@ by the ssh server. .B \-y Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the connection will abort as normal. +.B \-u +Use /dev/urandom rather than /dev/random. This should only be used if the +/dev/urandom device is known to have sufficient entropy. .SH AUTHOR Matt Johnston (matt@ucc.asn.au). .br @@ -82,6 +82,9 @@ default is /var/run/dropbear.pid .TP .B \-a Allow remote hosts to connect to forwarded ports. +.B \-u +Use /dev/urandom rather than /dev/random. This should only be used if the +/dev/urandom device is known to have sufficient entropy. .SH AUTHOR Matt Johnston (matt@ucc.asn.au). .br @@ -169,6 +169,9 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * doing if you change this. */ #define DROPBEAR_RANDOM_DEV "/dev/random" +/* The -u flag on the commandline can also be used */ +#define DROPBEAR_URANDOM_DEV "/dev/urandom" + /* prngd must be manually set up to produce output */ /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ @@ -27,6 +27,13 @@ #include "dbutil.h" #include "bignum.h" +#ifdef DROPBEAR_RANDOM_DEV +const char* random_dev = DROPBEAR_RANDOM_DEV; +#else +const char* random_dev = NULL; +#endif + + static int donerandinit = 0; /* this is used to generate unique output from the same hashpool */ @@ -62,9 +69,9 @@ static void readrand(unsigned char* buf, unsigned int buflen) { #endif #ifdef DROPBEAR_RANDOM_DEV - readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY); + readfd = open(random_dev, O_RDONLY); if (readfd < 0) { - dropbear_exit("couldn't open random device"); + dropbear_exit("couldn't open %s", random_dev); } #endif @@ -33,4 +33,6 @@ void genrandom(unsigned char* buf, int len); void addrandom(unsigned char* buf, int len); void gen_random_mpint(mp_int *max, mp_int *rand); +extern const char * random_dev; + #endif /* _RANDOM_H_ */ diff --git a/svr-runopts.c b/svr-runopts.c index 2f51096..59f4514 100644 --- a/svr-runopts.c +++ b/svr-runopts.c @@ -28,6 +28,7 @@ #include "buffer.h" #include "dbutil.h" #include "algo.h" +#include "random.h" svr_runopts svr_opts; /* GLOBAL */ @@ -80,6 +81,7 @@ static void printhelp(const char * progname) { #ifdef INETD_MODE "-i Start for inetd\n" #endif + "-u Use /dev/urandom - use with caution\n" #ifdef DEBUG_TRACE "-v verbose\n" #endif @@ -216,6 +218,9 @@ void svr_getopts(int argc, char ** argv) { printhelp(argv[0]); exit(EXIT_FAILURE); break; + case 'u': + random_dev = DROPBEAR_URANDOM_DEV; + break; #ifdef DEBUG_TRACE case 'v': debug_trace = 1; |