The unified diff between revisions [da85d807..] and [0578ae2c..] is displayed below. It can also be downloaded as a raw diff.
#
#
# patch "options.h"
# from [01caf0fc5c1b4d7ef35a1e8eb222f443bbe5ac81]
# to [0e15d2ad778f160198c6ed28bbc8d5712139bf20]
#
# patch "random.c"
# from [7a0da732314a4748499377bdd22686ccb772b3fc]
# to [3014f3c0398f6756e9580c0ff69db3a0acf74d51]
#
============================================================
--- options.h 01caf0fc5c1b4d7ef35a1e8eb222f443bbe5ac81
+++ options.h 0e15d2ad778f160198c6ed28bbc8d5712139bf20
@@ -127,8 +127,8 @@ etc) slower (perhaps by 50%). Recommende
* but there's an interface via a PAM module - don't bother using it otherwise.
* You can't enable both PASSWORD and PAM. */
-/*#define ENABLE_SVR_PASSWORD_AUTH*/
-#define ENABLE_SVR_PAM_AUTH
+#define ENABLE_SVR_PASSWORD_AUTH
+/*#define ENABLE_SVR_PAM_AUTH */
#define ENABLE_SVR_PUBKEY_AUTH
#define ENABLE_CLI_PASSWORD_AUTH
============================================================
--- random.c 7a0da732314a4748499377bdd22686ccb772b3fc
+++ random.c 3014f3c0398f6756e9580c0ff69db3a0acf74d51
@@ -38,87 +38,13 @@ static unsigned char hashpool[SHA1_HASH_
#define INIT_SEED_SIZE 32 /* 256 bits */
-static void readrand(unsigned char* buf, unsigned int buflen);
-
-/* The basic setup is we read some data from /dev/(u)random or prngd and hash it
- * into hashpool. To read data, we hash together current hashpool contents,
- * and a counter. We feed more data in by hashing the current pool and new
- * data into the pool.
- *
- * It is important to ensure that counter doesn't wrap around before we
- * feed in new entropy.
- *
- */
-
-static void readrand(unsigned char* buf, unsigned int buflen) {
-
- static int already_blocked = 0;
- int readfd;
- unsigned int readpos;
- int readlen;
-#ifdef DROPBEAR_PRNGD_SOCKET
- struct sockaddr_un egdsock;
- char egdcmd[2];
-#endif
-
-#ifdef DROPBEAR_RANDOM_DEV
- readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
- if (readfd < 0) {
- dropbear_exit("couldn't open random device");
- }
-#endif
-
-#ifdef DROPBEAR_PRNGD_SOCKET
- memset((void*)&egdsock, 0x0, sizeof(egdsock));
- egdsock.sun_family = AF_UNIX;
- strlcpy(egdsock.sun_path, DROPBEAR_PRNGD_SOCKET,
- sizeof(egdsock.sun_path));
-
- readfd = socket(PF_UNIX, SOCK_STREAM, 0);
- if (readfd < 0) {
- dropbear_exit("couldn't open random device");
- }
- /* todo - try various common locations */
- if (connect(readfd, (struct sockaddr*)&egdsock,
- sizeof(struct sockaddr_un)) < 0) {
- dropbear_exit("couldn't open random device");
- }
-
- if (buflen > 255)
- dropbear_exit("can't request more than 255 bytes from egd");
- egdcmd[0] = 0x02; /* blocking read */
- egdcmd[1] = (unsigned char)buflen;
- if (write(readfd, egdcmd, 2) < 0)
- dropbear_exit("can't send command to egd");
-#endif
-
- /* read the actual random data */
-
- close (readfd);
-}
-
/* initialise the prng from /dev/(u)random or prngd */
void seedrandom() {
-
- unsigned char readbuf[INIT_SEED_SIZE];
- hash_state hs;
-
/* initialise so that things won't warn about
* hashing an undefined buffer */
- if (!donerandinit) {
- m_burn(hashpool, sizeof(hashpool));
- }
+ m_burn(hashpool, sizeof(hashpool));
- /* get the seed data */
- readrand(readbuf, sizeof(readbuf));
-
- /* hash in the new seed data */
- sha1_init(&hs);
- sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
- sha1_process(&hs, (void*)readbuf, sizeof(readbuf));
- sha1_done(&hs, hashpool);
-
counter = 0;
donerandinit = 1;
}