summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2005-09-08 00:54:01 +0000
committerMike Frysinger <vapier@gentoo.org>2005-09-08 00:54:01 +0000
commit466e799505a70a59da44f137ea6661968352bea5 (patch)
treef00ba0beae3ff537b55afdf123dd19351540aec1
parent913ad351c4aee42234a983e88ed2cfe15a5b2bb6 (diff)
fall back to /dev/urandom if /dev/random is out of entropy Bug 138 by rireland
-rw-r--r--package/dropbear_sshd/dropbear-0.45-urandom.patch56
-rw-r--r--package/dropbear_sshd/dropbear_sshd.mk5
2 files changed, 59 insertions, 2 deletions
diff --git a/package/dropbear_sshd/dropbear-0.45-urandom.patch b/package/dropbear_sshd/dropbear-0.45-urandom.patch
new file mode 100644
index 000000000..a19490daa
--- /dev/null
+++ b/package/dropbear_sshd/dropbear-0.45-urandom.patch
@@ -0,0 +1,56 @@
+--- dropbear-0.45/options.h
++++ dropbear-0.45/options.h
+@@ -148,6 +148,10 @@
+ /* prngd must be manually set up to produce output */
+ /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
+
++/* If the normal random source would block for a while, fall back to
++ * the urandom source so that connections don't hang forever. */
++#define DROPBEAR_URANDOM_DEV "/dev/urandom"
++
+ /* Specify the number of clients we will allow to be connected but
+ * not yet authenticated. After this limit, connections are rejected */
+ #ifndef MAX_UNAUTH_CLIENTS
+--- dropbear-0.45/random.c
++++ dropbear-0.45/random.c
+@@ -57,9 +57,14 @@
+ struct sockaddr_un egdsock;
+ char egdcmd[2];
+ #endif
++ mode_t readmode = O_RDONLY;
++#ifdef DROPBEAR_URANDOM_DEV
++ unsigned int readtries = 0;
++ readmode |= O_NONBLOCK;
++#endif
+
+ #ifdef DROPBEAR_RANDOM_DEV
+- readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
++ readfd = open(DROPBEAR_RANDOM_DEV, readmode);
+ if (readfd < 0) {
+ dropbear_exit("couldn't open random device");
+ }
+@@ -97,6 +102,24 @@
+ if (readlen < 0 && errno == EINTR) {
+ continue;
+ }
++#ifdef DROPBEAR_URANDOM_DEV
++ /* if the main random source blocked, lets retry a few times,
++ * but then give up and try a constant random source. */
++ if (readlen < 0 && errno == EAGAIN) {
++ ++readtries;
++ if (readtries < 5) {
++ sleep(1);
++ continue;
++ } else if (readtries == 5) {
++ close (readfd);
++ readfd = open(DROPBEAR_URANDOM_DEV, readmode);
++ if (readfd < 0) {
++ dropbear_exit("couldn't open secondary random device");
++ }
++ continue;
++ }
++ }
++#endif
+ dropbear_exit("error reading random source");
+ }
+ readpos += readlen;
diff --git a/package/dropbear_sshd/dropbear_sshd.mk b/package/dropbear_sshd/dropbear_sshd.mk
index 44b3bbd79..d59e09bad 100644
--- a/package/dropbear_sshd/dropbear_sshd.mk
+++ b/package/dropbear_sshd/dropbear_sshd.mk
@@ -3,9 +3,10 @@
# dropbear_sshd
#
#############################################################
-DROPBEAR_SSHD_SOURCE:=dropbear-0.46.tar.bz2
+DROPBEAR_SSHD_VER:=0.46
+DROPBEAR_SSHD_SOURCE:=dropbear-$(DROPBEAR_SSHD_VER).tar.bz2
DROPBEAR_SSHD_SITE:=http://matt.ucc.asn.au/dropbear/releases/
-DROPBEAR_SSHD_DIR:=$(BUILD_DIR)/dropbear-0.46
+DROPBEAR_SSHD_DIR:=$(BUILD_DIR)/dropbear-$(DROPBEAR_SSHD_VER)
DROPBEAR_SSHD_CAT:=bzcat
DROPBEAR_SSHD_BINARY:=dropbearmulti
DROPBEAR_SSHD_TARGET_BINARY:=usr/sbin/dropbear