From 42c691a051af521efa3cd74045eed7db33a38ca2 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Mon, 20 Dec 2004 13:11:15 +0000 Subject: Cleaned up the random code, use /dev/random by default, and remove the addrandom() function which wasn't used. --HG-- extra : convert_revision : d560d214ad20001f8ef5d5494ff3c97e6184d9cc --- options.h | 38 +++++++++++++++++++++++--------------- random.c | 30 ++++++------------------------ 2 files changed, 29 insertions(+), 39 deletions(-) diff --git a/options.h b/options.h index c6b727f..7a8f1fd 100644 --- a/options.h +++ b/options.h @@ -128,19 +128,21 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #define ENABLE_CLI_PASSWORD_AUTH #define ENABLE_CLI_PUBKEY_AUTH -/* Random device to use - you must specify _one only_. - * DEV_URANDOM is recommended on hosts with a good /dev/urandom, otherwise use - * PRNGD and run prngd, specifying the socket. This device must be able to - * produce a large amount of random data, so using /dev/random or Entropy - * Gathering Daemon (egd) may result in halting, as it waits for more random - * data */ -#define DROPBEAR_DEV_URANDOM /* use /dev/urandom */ - -/*#undef DROPBEAR_PRNGD */ /* use prngd socket - you must manually set up prngd - to produce output */ -#ifndef DROPBEAR_PRNGD_SOCKET -#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng" -#endif +/* Random device to use - define either DROPBEAR_RANDOM_DEV or + * DROPBEAR_PRNGD_SOCKET. + * DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random, + * otherwise use run prngd (or egd if you want), specifying the socket. + * The device will be queried for a few dozen bytes of seed a couple of times + * per session (or more for very long-lived sessions). */ + +/* If you are lacking entropy on the system then using /dev/urandom + * will prevent Dropbear from blocking on the device. This could + * however significantly reduce the security of your ssh connections + * if the PRNG state becomes simpler. */ +#define DROPBEAR_RANDOM_DEV "/dev/random" + +/* prngd must be manually set up to produce output */ +/*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ /* Specify the number of clients we will allow to be connected but * not yet authenticated. After this limit, connections are rejected */ @@ -213,8 +215,6 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #define MAX_BANNER_SIZE 2000 /* this is 25*80 chars, any more is foolish */ #define MAX_BANNER_LINES 20 /* How many lines the client will display */ -#define DEV_URANDOM "/dev/urandom" - /* the number of NAME=VALUE pairs to malloc for environ, if we don't have * the clearenv() function */ #define ENV_SIZE 100 @@ -336,6 +336,14 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h" #endif +#if defined(DROPBEAR_RANDOM_DEV) && defined(DROPBEAR_PRNGD_SOCKET) +#error "You can't turn on DROPBEAR_PRNGD_SOCKET and DROPBEAR_RANDOM_DEV at once" +#endif + +#if !defined(DROPBEAR_RANDOM_DEV) && !defined(DROPBEAR_PRNGD_SOCKET) +#error "You must choose one of DROPBEAR_PRNGD_SOCKET or DROPBEAR_RANDOM_DEV in options.h" +#endif + /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant * code, if we're just compiling as client or server */ #if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT) diff --git a/random.c b/random.c index 65a9c64..e1c586e 100644 --- a/random.c +++ b/random.c @@ -38,7 +38,7 @@ unsigned char hashpool[SHA1_HASH_SIZE]; static void readrand(unsigned char* buf, unsigned int buflen); -/* The basic setup is we read some data from DEV_URANDOM or PRNGD and hash it +/* The basic setup is we read some data from /dev/(u)random or prngd and hash it * into hashpool. To read data, we hash together current hashpool contents, * and a counter. We feed more data in by hashing the current pool and new * data into the pool. @@ -53,19 +53,19 @@ static void readrand(unsigned char* buf, unsigned int buflen) { int readfd; unsigned int readpos; int readlen; -#ifdef DROPBEAR_EGD +#ifdef DROPBEAR_PRNGD_SOCKET struct sockaddr_un egdsock; char egdcmd[2]; #endif -#ifdef DROPBEAR_DEV_URANDOM - readfd = open(DEV_URANDOM, O_RDONLY); +#ifdef DROPBEAR_RANDOM_DEV + readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY); if (readfd < 0) { dropbear_exit("couldn't open random device"); } #endif -#ifdef DROPBEAR_EGD +#ifdef DROPBEAR_PRNGD_SOCKET memset((void*)&egdsock, 0x0, sizeof(egdsock)); egdsock.sun_family = AF_UNIX; strlcpy(egdsock.sun_path, DROPBEAR_EGD_SOCKET, @@ -105,7 +105,7 @@ static void readrand(unsigned char* buf, unsigned int buflen) { close (readfd); } -/* initialise the prng from /dev/urandom or prngd */ +/* initialise the prng from /dev/(u)random or prngd */ void seedrandom() { unsigned char readbuf[INIT_SEED_SIZE]; @@ -159,21 +159,3 @@ void genrandom(unsigned char* buf, unsigned int len) { } m_burn(hash, sizeof(hash)); } - -/* Adds entropy to the PRNG state. As long as the hash is strong, then we - * don't need to worry about entropy being added "diluting" the current - * state - it should only make it stronger. */ -void addrandom(unsigned char* buf, unsigned int len) { - - hash_state hs; - if (!donerandinit) { - dropbear_exit("seedrandom not done"); - } - - sha1_init(&hs); - sha1_process(&hs, (void*)buf, len); - sha1_process(&hs, (void*)hashpool, sizeof(hashpool)); - sha1_done(&hs, hashpool); - counter = 0; - -} -- cgit v1.2.3