Package: dropbear
Version: 0.48.1-1
I'm hitting the same problem as in bugs #310732 and #355414 - trying to
run dropbear on a small mipsel system, but /dev/random does not have
enough entropy. This makes dropbear unreliable on this system without
a recompile.
The attached patch adds a -u runtime option for using urandom.
Would this be an acceptable solution ?
Thanks,
--
Michel "Walken" Lespinasse
"Bill Gates is a monocle and a Persian cat away from being the villain
in a James Bond movie." -- Dennis Miller
diff -ru dropbear-0.48.1.orig/Makefile.in dropbear-0.48.1.urandom/Makefile.in
--- dropbear-0.48.1.orig/Makefile.in 2006-03-11 20:52:51.000000000 -0800
+++ dropbear-0.48.1.urandom/Makefile.in 2006-09-11 05:14:42.000000000 -0700
@@ -20,7 +20,8 @@
dss.o bignum.o \
signkey.o rsa.o random.o \
queue.o \
- atomicio.o compat.o fake-rfc2553.o
+ atomicio.o compat.o fake-rfc2553.o \
+ common-runopts.o
SVROBJS=svr-kex.o svr-algo.o svr-auth.o sshpty.o \
svr-authpasswd.o svr-authpubkey.o svr-session.o svr-service.o \
@@ -34,7 +35,7 @@
CLISVROBJS=common-session.o packet.o common-algo.o common-kex.o \
common-channel.o common-chansession.o termcodes.o
loginrec.o \
tcp-accept.o listener.o process-packet.o \
- common-runopts.o circbuffer.o
+ circbuffer.o
KEYOBJS=dropbearkey.o gendss.o genrsa.o
diff -ru dropbear-0.48.1.orig/cli-runopts.c
dropbear-0.48.1.urandom/cli-runopts.c
--- dropbear-0.48.1.orig/cli-runopts.c 2006-03-11 20:52:52.000000000 -0800
+++ dropbear-0.48.1.urandom/cli-runopts.c 2006-09-11 04:54:00.000000000
-0700
@@ -63,6 +63,9 @@
#ifdef DEBUG_TRACE
"-v verbose\n"
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ "-u use urandom device\n"
+#endif
,DROPBEAR_VERSION, cli_opts.progname);
}
@@ -99,6 +102,9 @@
#ifdef ENABLE_CLI_REMOTETCPFWD
cli_opts.remotefwds = NULL;
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ opts.use_urandom_dev = 0;
+#endif
/* not yet
opts.ipv4 = 1;
opts.ipv6 = 1;
@@ -188,6 +194,11 @@
debug_trace = 1;
break;
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ case 'u':
+ opts.use_urandom_dev = 1;
+ break;
+#endif
case 'F':
case 'e':
case 'c':
diff -ru dropbear-0.48.1.orig/dropbearconvert.c
dropbear-0.48.1.urandom/dropbearconvert.c
--- dropbear-0.48.1.orig/dropbearconvert.c 2006-03-11 20:52:51.000000000
-0800
+++ dropbear-0.48.1.urandom/dropbearconvert.c 2006-09-11 05:22:26.000000000
-0700
@@ -24,6 +24,7 @@
/* This program converts to/from Dropbear and OpenSSH private-key formats */
#include "includes.h"
+#include "runopts.h"
#include "signkey.h"
#include "buffer.h"
#include "dbutil.h"
@@ -66,6 +67,9 @@
/* It's hard for it to get in the way _too_ much */
debug_trace = 1;
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ opts.use_urandom_dev = 0;
+#endif
/* get the commandline options */
if (argc != 5) {
diff -ru dropbear-0.48.1.orig/dropbearkey.c
dropbear-0.48.1.urandom/dropbearkey.c
--- dropbear-0.48.1.orig/dropbearkey.c 2006-03-11 20:52:51.000000000 -0800
+++ dropbear-0.48.1.urandom/dropbearkey.c 2006-09-11 05:20:45.000000000
-0700
@@ -45,6 +45,7 @@
*
*/
#include "includes.h"
+#include "runopts.h"
#include "signkey.h"
#include "buffer.h"
#include "dbutil.h"
@@ -79,6 +80,9 @@
#ifdef DEBUG_TRACE
"-v verbose\n"
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ "-u use urandom device\n"
+#endif
,progname);
}
@@ -101,6 +105,10 @@
unsigned int keysize;
int printpub = 0;
+#ifdef DROPBEAR_URANDOM_DEV
+ opts.use_urandom_dev = 0;
+#endif
+
/* get the commandline options */
for (i = 1; i < argc; i++) {
if (argv[i] == NULL) {
@@ -135,6 +143,11 @@
debug_trace = 1;
break;
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ case 'u':
+ opts.use_urandom_dev = 1;
+ break;
+#endif
default:
fprintf(stderr, "Unknown argument
%s\n", argv[i]);
printhelp(argv[0]);
diff -ru dropbear-0.48.1.orig/options.h dropbear-0.48.1.urandom/options.h
--- dropbear-0.48.1.orig/options.h 2006-03-11 20:52:51.000000000 -0800
+++ dropbear-0.48.1.urandom/options.h 2006-09-11 04:32:40.000000000 -0700
@@ -156,6 +156,10 @@
* doing if you change this. */
#define DROPBEAR_RANDOM_DEV "/dev/random"
+/* If DROPBEAR_URANDOM_DEV is defined in addition of DROPBEAR_RANDOM_DEV,
+ * it will be selectable at runtime using the -u option. */
+#define DROPBEAR_URANDOM_DEV "/dev/urandom"
+
/* prngd must be manually set up to produce output */
/*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
@@ -379,6 +383,10 @@
#error "You must choose one of DROPBEAR_PRNGD_SOCKET or DROPBEAR_RANDOM_DEV in
options.h"
#endif
+#if defined(DROPBEAR_URANDOM_DEV) && !defined(DROPBEAR_RANDOM_DEV)
+#error "You can't turn on DROPBEAR_URANDOM_DEV when DROPBEAR_RANDOM_DEV is off"
+#endif
+
/* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
* code, if we're just compiling as client or server */
#if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT)
diff -ru dropbear-0.48.1.orig/random.c dropbear-0.48.1.urandom/random.c
--- dropbear-0.48.1.orig/random.c 2006-03-11 20:52:51.000000000 -0800
+++ dropbear-0.48.1.urandom/random.c 2006-09-11 04:52:39.000000000 -0700
@@ -23,6 +23,7 @@
* SOFTWARE. */
#include "includes.h"
+#include "runopts.h"
#include "buffer.h"
#include "dbutil.h"
#include "bignum.h"
@@ -55,13 +56,21 @@
int readfd;
unsigned int readpos;
int readlen;
+#ifdef DROPBEAR_RANDOM_DEV
+ char *random_dev = DROPBEAR_RANDOM_DEV;
+#endif
#ifdef DROPBEAR_PRNGD_SOCKET
struct sockaddr_un egdsock;
char egdcmd[2];
#endif
#ifdef DROPBEAR_RANDOM_DEV
- readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
+#ifdef DROPBEAR_URANDOM_DEV
+ if (opts.use_urandom_dev) {
+ random_dev = DROPBEAR_URANDOM_DEV;
+ }
+#endif
+ readfd = open(random_dev, O_RDONLY);
if (readfd < 0) {
dropbear_exit("couldn't open random device");
}
diff -ru dropbear-0.48.1.orig/runopts.h dropbear-0.48.1.urandom/runopts.h
--- dropbear-0.48.1.orig/runopts.h 2006-03-11 20:52:51.000000000 -0800
+++ dropbear-0.48.1.urandom/runopts.h 2006-09-11 04:38:31.000000000 -0700
@@ -37,6 +37,10 @@
int listen_fwd_all;
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ int use_urandom_dev;
+#endif
+
} runopts;
extern runopts opts;
diff -ru dropbear-0.48.1.orig/svr-runopts.c
dropbear-0.48.1.urandom/svr-runopts.c
--- dropbear-0.48.1.orig/svr-runopts.c 2006-03-11 20:52:52.000000000 -0800
+++ dropbear-0.48.1.urandom/svr-runopts.c 2006-09-11 04:43:55.000000000
-0700
@@ -78,6 +78,9 @@
#ifdef DEBUG_TRACE
"-v verbose\n"
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ "-u use urandom device\n"
+#endif
,DROPBEAR_VERSION, progname,
#ifdef DROPBEAR_DSS
DSS_PRIV_FILENAME,
@@ -124,6 +127,9 @@
#ifdef ENABLE_SVR_REMOTETCPFWD
opts.listen_fwd_all = 0;
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ opts.use_urandom_dev = 0;
+#endif
for (i = 1; i < (unsigned int)argc; i++) {
if (next) {
@@ -211,6 +217,11 @@
debug_trace = 1;
break;
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ case 'u':
+ opts.use_urandom_dev = 1;
+ break;
+#endif
default:
fprintf(stderr, "Unknown argument
%s\n", argv[i]);
printhelp(argv[0]);
