[patches.git] / dropbear-0.45-urandom.patch

--- dropbear-0.45.orig/options.h	2005-03-08 14:43:07.000000000 -0500
+++ dropbear-0.45/options.h	2005-03-08 14:44:41.000000000 -0500
@@ -148,6 +148,10 @@
 /* prngd must be manually set up to produce output */
 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
 
+/* If the normal random source would block for a while, fall back to 
+ * the urandom source so that connections don't hang forever. */
+#define DROPBEAR_URANDOM_DEV "/dev/urandom"
+
 /* Specify the number of clients we will allow to be connected but
  * not yet authenticated. After this limit, connections are rejected */
 #ifndef MAX_UNAUTH_CLIENTS
diff -ur dropbear-0.45.orig/random.c dropbear-0.45/random.c
--- dropbear-0.45.orig/random.c	2005-03-08 14:43:07.000000000 -0500
+++ dropbear-0.45/random.c	2005-03-08 14:57:31.000000000 -0500
@@ -57,9 +57,14 @@
 	struct sockaddr_un egdsock;
 	char egdcmd[2];
 #endif
+	mode_t readmode = O_RDONLY;
+#ifdef DROPBEAR_URANDOM_DEV
+	unsigned int readtries = 0;
+	readmode |= O_NONBLOCK;
+#endif
 
 #ifdef DROPBEAR_RANDOM_DEV
-	readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
+	readfd = open(DROPBEAR_RANDOM_DEV, readmode);
 	if (readfd < 0) {
 		dropbear_exit("couldn't open random device");
 	}
@@ -97,6 +102,24 @@
 			if (readlen < 0 && errno == EINTR) {
 				continue;
 			}
+#ifdef DROPBEAR_URANDOM_DEV
+			/* if the main random source blocked, lets retry a few times, 
+			 * but then give up and try a constant random source. */
+			if (readlen < 0 && errno == EAGAIN) {
+				++readtries;
+				if (readtries < 5) {
+					sleep(1);
+					continue;
+				} else if (readtries == 5) {
+					close (readfd);
+					readfd = open(DROPBEAR_URANDOM_DEV, readmode);
+					if (readfd < 0) {
+						dropbear_exit("couldn't open secondary random device");
+					}
+					continue;
+				}
+			}
+#endif
 			dropbear_exit("error reading random source");
 		}
 		readpos += readlen;
Commit	Line	Data
b53d1f41 MF	1	--- dropbear-0.45.orig/options.h 2005-03-08 14:43:07.000000000 -0500
	2	+++ dropbear-0.45/options.h 2005-03-08 14:44:41.000000000 -0500
	3	@@ -148,6 +148,10 @@
	4	/* prngd must be manually set up to produce output */
	5	/#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"/
	6
	7	+/* If the normal random source would block for a while, fall back to
	8	+ * the urandom source so that connections don't hang forever. */
	9	+#define DROPBEAR_URANDOM_DEV "/dev/urandom"
	10	+
	11	/* Specify the number of clients we will allow to be connected but
	12	* not yet authenticated. After this limit, connections are rejected */
	13	#ifndef MAX_UNAUTH_CLIENTS
	14	diff -ur dropbear-0.45.orig/random.c dropbear-0.45/random.c
	15	--- dropbear-0.45.orig/random.c 2005-03-08 14:43:07.000000000 -0500
	16	+++ dropbear-0.45/random.c 2005-03-08 14:57:31.000000000 -0500
	17	@@ -57,9 +57,14 @@
	18	struct sockaddr_un egdsock;
	19	char egdcmd[2];
	20	#endif
	21	+ mode_t readmode = O_RDONLY;
	22	+#ifdef DROPBEAR_URANDOM_DEV
	23	+ unsigned int readtries = 0;
	24	+ readmode \|= O_NONBLOCK;
	25	+#endif
	26
	27	#ifdef DROPBEAR_RANDOM_DEV
	28	- readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
	29	+ readfd = open(DROPBEAR_RANDOM_DEV, readmode);
	30	if (readfd < 0) {
	31	dropbear_exit("couldn't open random device");
	32	}
	33	@@ -97,6 +102,24 @@
	34	if (readlen < 0 && errno == EINTR) {
	35	continue;
	36	}
	37	+#ifdef DROPBEAR_URANDOM_DEV
	38	+ /* if the main random source blocked, lets retry a few times,
	39	+ * but then give up and try a constant random source. */
	40	+ if (readlen < 0 && errno == EAGAIN) {
	41	+ ++readtries;
	42	+ if (readtries < 5) {
	43	+ sleep(1);
	44	+ continue;
	45	+ } else if (readtries == 5) {
	46	+ close (readfd);
	47	+ readfd = open(DROPBEAR_URANDOM_DEV, readmode);
	48	+ if (readfd < 0) {
	49	+ dropbear_exit("couldn't open secondary random device");
	50	+ }
	51	+ continue;
	52	+ }
	53	+ }
	54	+#endif
	55	dropbear_exit("error reading random source");
	56	}
	57	readpos += readlen;