Cleaned up the random code, use /dev/random by default,

and remove the addrandom() function which wasn't used.

2 files changed, 29 insertions, 39 deletions

diff --git a/options.h b/options.h
index c6b727f..7a8f1fd 100644
--- a/options.h
+++ b/options.h
@@ -128,19 +128,21 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #define ENABLE_CLI_PASSWORD_AUTH
 #define ENABLE_CLI_PUBKEY_AUTH
 
-/* Random device to use - you must specify _one only_.
- * DEV_URANDOM is recommended on hosts with a good /dev/urandom, otherwise use
- * PRNGD and run prngd, specifying the socket. This device must be able to
- * produce a large amount of random data, so using /dev/random or Entropy
- * Gathering Daemon (egd) may result in halting, as it waits for more random
- * data */
-#define DROPBEAR_DEV_URANDOM /* use /dev/urandom */
-
-/*#undef DROPBEAR_PRNGD */ /* use prngd socket - you must manually set up prngd
-							  to produce output */
-#ifndef DROPBEAR_PRNGD_SOCKET
-#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
-#endif
+/* Random device to use - define either DROPBEAR_RANDOM_DEV or
+ * DROPBEAR_PRNGD_SOCKET.
+ * DROPBEAR_RANDOM_DEV is recommended on hosts with a good /dev/(u)random,
+ * otherwise use run prngd (or egd if you want), specifying the socket. 
+ * The device will be queried for a few dozen bytes of seed a couple of times
+ * per session (or more for very long-lived sessions). */
+
+/* If you are lacking entropy on the system then using /dev/urandom
+ * will prevent Dropbear from blocking on the device. This could
+ * however significantly reduce the security of your ssh connections
+ * if the PRNG state becomes simpler. */
+#define DROPBEAR_RANDOM_DEV "/dev/random"
+
+/* prngd must be manually set up to produce output */
+/*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
 
 /* Specify the number of clients we will allow to be connected but
  * not yet authenticated. After this limit, connections are rejected */
@@ -213,8 +215,6 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #define MAX_BANNER_SIZE 2000 /* this is 25*80 chars, any more is foolish */
 #define MAX_BANNER_LINES 20 /* How many lines the client will display */
 
-#define DEV_URANDOM "/dev/urandom"
-
 /* the number of NAME=VALUE pairs to malloc for environ, if we don't have
  * the clearenv() function */
 #define ENV_SIZE 100
@@ -336,6 +336,14 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
 #endif
 
+#if defined(DROPBEAR_RANDOM_DEV) && defined(DROPBEAR_PRNGD_SOCKET)
+#error "You can't turn on DROPBEAR_PRNGD_SOCKET and DROPBEAR_RANDOM_DEV at once"
+#endif
+
+#if !defined(DROPBEAR_RANDOM_DEV) && !defined(DROPBEAR_PRNGD_SOCKET)
+#error "You must choose one of DROPBEAR_PRNGD_SOCKET or DROPBEAR_RANDOM_DEV in options.h"
+#endif
+
 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
  * code, if we're just compiling as client or server */
 #if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT)
diff --git a/random.c b/random.c
index 65a9c64..e1c586e 100644
--- a/random.c
+++ b/random.c
@@ -38,7 +38,7 @@ unsigned char hashpool[SHA1_HASH_SIZE];
 
 static void readrand(unsigned char* buf, unsigned int buflen);
 
-/* The basic setup is we read some data from DEV_URANDOM or PRNGD and hash it
+/* The basic setup is we read some data from /dev/(u)random or prngd and hash it
  * into hashpool. To read data, we hash together current hashpool contents,
  * and a counter. We feed more data in by hashing the current pool and new
  * data into the pool.
@@ -53,19 +53,19 @@ static void readrand(unsigned char* buf, unsigned int buflen) {
 	int readfd;
 	unsigned int readpos;
 	int readlen;
-#ifdef DROPBEAR_EGD
+#ifdef DROPBEAR_PRNGD_SOCKET
 	struct sockaddr_un egdsock;
 	char egdcmd[2];
 #endif
 
-#ifdef DROPBEAR_DEV_URANDOM
-	readfd = open(DEV_URANDOM, O_RDONLY);
+#ifdef DROPBEAR_RANDOM_DEV
+	readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
 	if (readfd < 0) {
 		dropbear_exit("couldn't open random device");
 	}
 #endif
 
-#ifdef DROPBEAR_EGD
+#ifdef DROPBEAR_PRNGD_SOCKET
 	memset((void*)&egdsock, 0x0, sizeof(egdsock));
 	egdsock.sun_family = AF_UNIX;
 	strlcpy(egdsock.sun_path, DROPBEAR_EGD_SOCKET,
@@ -105,7 +105,7 @@ static void readrand(unsigned char* buf, unsigned int buflen) {
 	close (readfd);
 }
 
-/* initialise the prng from /dev/urandom or prngd */
+/* initialise the prng from /dev/(u)random or prngd */
 void seedrandom() {
 		
 	unsigned char readbuf[INIT_SEED_SIZE];
@@ -159,21 +159,3 @@ void genrandom(unsigned char* buf, unsigned int len) {
 	}
 	m_burn(hash, sizeof(hash));
 }
-
-/* Adds entropy to the PRNG state. As long as the hash is strong, then we
- * don't need to worry about entropy being added "diluting" the current
- * state - it should only make it stronger. */
-void addrandom(unsigned char* buf, unsigned int len) {
-
-	hash_state hs;
-	if (!donerandinit) {
-		dropbear_exit("seedrandom not done");
-	}
-
-	sha1_init(&hs);
-	sha1_process(&hs, (void*)buf, len);
-	sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
-	sha1_done(&hs, hashpool);
-	counter = 0;
-
-}