fall back to /dev/urandom if /dev/random is out of entropy Bug 138 by rireland
This commit is contained in:
Mike Frysinger
parent
913ad351c4
commit
466e799505
56
package/dropbear_sshd/dropbear-0.45-urandom.patch
Normal file
56
package/dropbear_sshd/dropbear-0.45-urandom.patch
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
--- dropbear-0.45/options.h
|
||||||
|
+++ dropbear-0.45/options.h
|
||||||
|
@@ -148,6 +148,10 @@
|
||||||
|
/* prngd must be manually set up to produce output */
|
||||||
|
/*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
|
||||||
|
|
||||||
|
+/* If the normal random source would block for a while, fall back to
|
||||||
|
+ * the urandom source so that connections don't hang forever. */
|
||||||
|
+#define DROPBEAR_URANDOM_DEV "/dev/urandom"
|
||||||
|
+
|
||||||
|
/* Specify the number of clients we will allow to be connected but
|
||||||
|
* not yet authenticated. After this limit, connections are rejected */
|
||||||
|
#ifndef MAX_UNAUTH_CLIENTS
|
||||||
|
--- dropbear-0.45/random.c
|
||||||
|
+++ dropbear-0.45/random.c
|
||||||
|
@@ -57,9 +57,14 @@
|
||||||
|
struct sockaddr_un egdsock;
|
||||||
|
char egdcmd[2];
|
||||||
|
#endif
|
||||||
|
+ mode_t readmode = O_RDONLY;
|
||||||
|
+#ifdef DROPBEAR_URANDOM_DEV
|
||||||
|
+ unsigned int readtries = 0;
|
||||||
|
+ readmode |= O_NONBLOCK;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
#ifdef DROPBEAR_RANDOM_DEV
|
||||||
|
- readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
|
||||||
|
+ readfd = open(DROPBEAR_RANDOM_DEV, readmode);
|
||||||
|
if (readfd < 0) {
|
||||||
|
dropbear_exit("couldn't open random device");
|
||||||
|
}
|
||||||
|
@@ -97,6 +102,24 @@
|
||||||
|
if (readlen < 0 && errno == EINTR) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
+#ifdef DROPBEAR_URANDOM_DEV
|
||||||
|
+ /* if the main random source blocked, lets retry a few times,
|
||||||
|
+ * but then give up and try a constant random source. */
|
||||||
|
+ if (readlen < 0 && errno == EAGAIN) {
|
||||||
|
+ ++readtries;
|
||||||
|
+ if (readtries < 5) {
|
||||||
|
+ sleep(1);
|
||||||
|
+ continue;
|
||||||
|
+ } else if (readtries == 5) {
|
||||||
|
+ close (readfd);
|
||||||
|
+ readfd = open(DROPBEAR_URANDOM_DEV, readmode);
|
||||||
|
+ if (readfd < 0) {
|
||||||
|
+ dropbear_exit("couldn't open secondary random device");
|
||||||
|
+ }
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
dropbear_exit("error reading random source");
|
||||||
|
}
|
||||||
|
readpos += readlen;
|
||||||
@ -3,9 +3,10 @@
|
|||||||
# dropbear_sshd
|
# dropbear_sshd
|
||||||
#
|
#
|
||||||
#############################################################
|
#############################################################
|
||||||
DROPBEAR_SSHD_SOURCE:=dropbear-0.46.tar.bz2
|
DROPBEAR_SSHD_VER:=0.46
|
||||||
|
DROPBEAR_SSHD_SOURCE:=dropbear-$(DROPBEAR_SSHD_VER).tar.bz2
|
||||||
DROPBEAR_SSHD_SITE:=http://matt.ucc.asn.au/dropbear/releases/
|
DROPBEAR_SSHD_SITE:=http://matt.ucc.asn.au/dropbear/releases/
|
||||||
DROPBEAR_SSHD_DIR:=$(BUILD_DIR)/dropbear-0.46
|
DROPBEAR_SSHD_DIR:=$(BUILD_DIR)/dropbear-$(DROPBEAR_SSHD_VER)
|
||||||
DROPBEAR_SSHD_CAT:=bzcat
|
DROPBEAR_SSHD_CAT:=bzcat
|
||||||
DROPBEAR_SSHD_BINARY:=dropbearmulti
|
DROPBEAR_SSHD_BINARY:=dropbearmulti
|
||||||
DROPBEAR_SSHD_TARGET_BINARY:=usr/sbin/dropbear
|
DROPBEAR_SSHD_TARGET_BINARY:=usr/sbin/dropbear
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user