fall back to /dev/urandom if /dev/random is out of entropy Bug 138 by rireland

diff --git a/package/dropbear_sshd/dropbear-0.45-urandom.patch b/package/dropbear_sshd/dropbear-0.45-urandom.patch
new file mode 100644 (file)
index 0000000..a19490d
--- /dev/null
+++ b/package/dropbear_sshd/dropbear-0.45-urandom.patch
@@ -0,0 +1,56 @@
+--- dropbear-0.45/options.h
++++ dropbear-0.45/options.h
+@@ -148,6 +148,10 @@
+ /* prngd must be manually set up to produce output */
+ /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
+ 
++/* If the normal random source would block for a while, fall back to 
++ * the urandom source so that connections don't hang forever. */
++#define DROPBEAR_URANDOM_DEV "/dev/urandom"
++
+ /* Specify the number of clients we will allow to be connected but
+  * not yet authenticated. After this limit, connections are rejected */
+ #ifndef MAX_UNAUTH_CLIENTS
+--- dropbear-0.45/random.c
++++ dropbear-0.45/random.c
+@@ -57,9 +57,14 @@
+       struct sockaddr_un egdsock;
+       char egdcmd[2];
+ #endif
++      mode_t readmode = O_RDONLY;
++#ifdef DROPBEAR_URANDOM_DEV
++      unsigned int readtries = 0;
++      readmode |= O_NONBLOCK;
++#endif
+ 
+ #ifdef DROPBEAR_RANDOM_DEV
+-      readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
++      readfd = open(DROPBEAR_RANDOM_DEV, readmode);
+       if (readfd < 0) {
+               dropbear_exit("couldn't open random device");
+       }
+@@ -97,6 +102,24 @@
+                       if (readlen < 0 && errno == EINTR) {
+                               continue;
+                       }
++#ifdef DROPBEAR_URANDOM_DEV
++                      /* if the main random source blocked, lets retry a few times, 
++                       * but then give up and try a constant random source. */
++                      if (readlen < 0 && errno == EAGAIN) {
++                              ++readtries;
++                              if (readtries < 5) {
++                                      sleep(1);
++                                      continue;
++                              } else if (readtries == 5) {
++                                      close (readfd);
++                                      readfd = open(DROPBEAR_URANDOM_DEV, readmode);
++                                      if (readfd < 0) {
++                                              dropbear_exit("couldn't open secondary random device");
++                                      }
++                                      continue;
++                              }
++                      }
++#endif
+                       dropbear_exit("error reading random source");
+               }
+               readpos += readlen;

diff --git a/package/dropbear_sshd/dropbear_sshd.mk b/package/dropbear_sshd/dropbear_sshd.mk
index 44b3bbd795b6b69142490713caacc3ffd4f0174e..d59e09badf4a5fa1905924e0e0bcdbd3ed09e935 100644 (file)
--- a/package/dropbear_sshd/dropbear_sshd.mk
+++ b/package/dropbear_sshd/dropbear_sshd.mk
@@ -3,9 +3,10 @@
 # dropbear_sshd
 #
 #############################################################
-DROPBEAR_SSHD_SOURCE:=dropbear-0.46.tar.bz2
+DROPBEAR_SSHD_VER:=0.46
+DROPBEAR_SSHD_SOURCE:=dropbear-$(DROPBEAR_SSHD_VER).tar.bz2
 DROPBEAR_SSHD_SITE:=http://matt.ucc.asn.au/dropbear/releases/
-DROPBEAR_SSHD_DIR:=$(BUILD_DIR)/dropbear-0.46
+DROPBEAR_SSHD_DIR:=$(BUILD_DIR)/dropbear-$(DROPBEAR_SSHD_VER)
 DROPBEAR_SSHD_CAT:=bzcat
 DROPBEAR_SSHD_BINARY:=dropbearmulti
 DROPBEAR_SSHD_TARGET_BINARY:=usr/sbin/dropbear