diff options
author | Mike Frysinger <vapier@gentoo.org> | 2005-09-08 00:54:01 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2005-09-08 00:54:01 +0000 |
commit | 466e799505a70a59da44f137ea6661968352bea5 (patch) | |
tree | f00ba0beae3ff537b55afdf123dd19351540aec1 | |
parent | 913ad351c4aee42234a983e88ed2cfe15a5b2bb6 (diff) |
fall back to /dev/urandom if /dev/random is out of entropy Bug 138 by rireland
-rw-r--r-- | package/dropbear_sshd/dropbear-0.45-urandom.patch | 56 | ||||
-rw-r--r-- | package/dropbear_sshd/dropbear_sshd.mk | 5 |
2 files changed, 59 insertions, 2 deletions
diff --git a/package/dropbear_sshd/dropbear-0.45-urandom.patch b/package/dropbear_sshd/dropbear-0.45-urandom.patch new file mode 100644 index 000000000..a19490daa --- /dev/null +++ b/package/dropbear_sshd/dropbear-0.45-urandom.patch @@ -0,0 +1,56 @@ +--- dropbear-0.45/options.h ++++ dropbear-0.45/options.h +@@ -148,6 +148,10 @@ + /* prngd must be manually set up to produce output */ + /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ + ++/* If the normal random source would block for a while, fall back to ++ * the urandom source so that connections don't hang forever. */ ++#define DROPBEAR_URANDOM_DEV "/dev/urandom" ++ + /* Specify the number of clients we will allow to be connected but + * not yet authenticated. After this limit, connections are rejected */ + #ifndef MAX_UNAUTH_CLIENTS +--- dropbear-0.45/random.c ++++ dropbear-0.45/random.c +@@ -57,9 +57,14 @@ + struct sockaddr_un egdsock; + char egdcmd[2]; + #endif ++ mode_t readmode = O_RDONLY; ++#ifdef DROPBEAR_URANDOM_DEV ++ unsigned int readtries = 0; ++ readmode |= O_NONBLOCK; ++#endif + + #ifdef DROPBEAR_RANDOM_DEV +- readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY); ++ readfd = open(DROPBEAR_RANDOM_DEV, readmode); + if (readfd < 0) { + dropbear_exit("couldn't open random device"); + } +@@ -97,6 +102,24 @@ + if (readlen < 0 && errno == EINTR) { + continue; + } ++#ifdef DROPBEAR_URANDOM_DEV ++ /* if the main random source blocked, lets retry a few times, ++ * but then give up and try a constant random source. */ ++ if (readlen < 0 && errno == EAGAIN) { ++ ++readtries; ++ if (readtries < 5) { ++ sleep(1); ++ continue; ++ } else if (readtries == 5) { ++ close (readfd); ++ readfd = open(DROPBEAR_URANDOM_DEV, readmode); ++ if (readfd < 0) { ++ dropbear_exit("couldn't open secondary random device"); ++ } ++ continue; ++ } ++ } ++#endif + dropbear_exit("error reading random source"); + } + readpos += readlen; diff --git a/package/dropbear_sshd/dropbear_sshd.mk b/package/dropbear_sshd/dropbear_sshd.mk index 44b3bbd79..d59e09bad 100644 --- a/package/dropbear_sshd/dropbear_sshd.mk +++ b/package/dropbear_sshd/dropbear_sshd.mk @@ -3,9 +3,10 @@ # dropbear_sshd # ############################################################# -DROPBEAR_SSHD_SOURCE:=dropbear-0.46.tar.bz2 +DROPBEAR_SSHD_VER:=0.46 +DROPBEAR_SSHD_SOURCE:=dropbear-$(DROPBEAR_SSHD_VER).tar.bz2 DROPBEAR_SSHD_SITE:=http://matt.ucc.asn.au/dropbear/releases/ -DROPBEAR_SSHD_DIR:=$(BUILD_DIR)/dropbear-0.46 +DROPBEAR_SSHD_DIR:=$(BUILD_DIR)/dropbear-$(DROPBEAR_SSHD_VER) DROPBEAR_SSHD_CAT:=bzcat DROPBEAR_SSHD_BINARY:=dropbearmulti DROPBEAR_SSHD_TARGET_BINARY:=usr/sbin/dropbear |