Just use /dev/urandom since that's what everyone ends up using anyway.

Make -u a nop.

7 files changed, 9 insertions, 33 deletions

diff --git a/cli-runopts.c b/cli-runopts.c
index cb548a2..3e9b5ab 100644
--- a/cli-runopts.c
+++ b/cli-runopts.c
@@ -29,7 +29,6 @@
 #include "dbutil.h"
 #include "algo.h"
 #include "tcpfwd.h"
-#include "random.h"
 
 cli_runopts cli_opts; /* GLOBAL */
 
@@ -54,7 +53,6 @@ static void printhelp() {
 					"-N    Don't run a remote command\n"
 					"-f    Run in background after auth\n"
 					"-y    Always accept remote host key if unknown\n"
-					"-u    Use /dev/urandom - use with caution\n"
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 					"-i <identityfile>   (multiple allowed)\n"
 #endif
@@ -88,7 +86,6 @@ void cli_getopts(int argc, char ** argv) {
 	char* dummy = NULL; /* Not used for anything real */
 
 	/* see printhelp() for options */
-	opts.listen_fwd_all = 0;
 	cli_opts.progname = argv[0];
 	cli_opts.remotehost = NULL;
 	cli_opts.remoteport = NULL;
@@ -103,6 +100,7 @@ void cli_getopts(int argc, char ** argv) {
 #endif
 #ifdef ENABLE_CLI_LOCALTCPFWD
 	cli_opts.localfwds = NULL;
+	opts.listen_fwd_all = 0;
 #endif
 #ifdef ENABLE_CLI_REMOTETCPFWD
 	cli_opts.remotefwds = NULL;
@@ -201,7 +199,7 @@ void cli_getopts(int argc, char ** argv) {
 					exit(EXIT_SUCCESS);
 					break;
 				case 'u':
-					random_dev = DROPBEAR_URANDOM_DEV;
+					/* backwards compatibility with old urandom option */
 					break;
 #ifdef DEBUG_TRACE
 				case 'v':
diff --git a/dbclient.1 b/dbclient.1
index 4cf537c..4145342 100644
--- a/dbclient.1
+++ b/dbclient.1
@@ -74,9 +74,6 @@ by the ssh server.
 .B \-y
 Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the
 connection will abort as normal.
-.B \-u
-Use /dev/urandom rather than /dev/random. This should only be used if the
-/dev/urandom device is known to have sufficient entropy.
 .SH AUTHOR
 Matt Johnston (matt@ucc.asn.au).
 .br
diff --git a/dropbear.8 b/dropbear.8
index a1d5443..ef0caf3 100644
--- a/dropbear.8
+++ b/dropbear.8
@@ -82,9 +82,6 @@ default is /var/run/dropbear.pid
 .TP
 .B \-a
 Allow remote hosts to connect to forwarded ports.
-.B \-u
-Use /dev/urandom rather than /dev/random. This should only be used if the
-/dev/urandom device is known to have sufficient entropy.
 .SH AUTHOR
 Matt Johnston (matt@ucc.asn.au).
 .br
diff --git a/options.h b/options.h
index f71206d..8fd7971 100644
--- a/options.h
+++ b/options.h
@@ -162,15 +162,10 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  * The device will be queried for a few dozen bytes of seed a couple of times
  * per session (or more for very long-lived sessions). */
 
-/* If you are lacking entropy on the system then using /dev/urandom
- * will prevent Dropbear from blocking on the device. This could
- * however significantly reduce the security of your ssh connections
- * if the PRNG state becomes guessable - make sure you know what you are
- * doing if you change this. */
-#define DROPBEAR_RANDOM_DEV "/dev/random"
-
-/* The -u flag on the commandline can also be used */
-#define DROPBEAR_URANDOM_DEV "/dev/urandom"
+/* We'll use /dev/urandom by default, since /dev/random is too much hassle.
+ * If system developers aren't keeping seeds between boots nor getting
+ * any entropy from somewhere it's their own fault. */
+#define DROPBEAR_RANDOM_DEV "/dev/urandom"
 
 /* prngd must be manually set up to produce output */
 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
diff --git a/random.c b/random.c
index cd0ac31..f1475ed 100644
--- a/random.c
+++ b/random.c
@@ -27,13 +27,6 @@
 #include "dbutil.h"
 #include "bignum.h"
 
-#ifdef DROPBEAR_RANDOM_DEV
-const char* random_dev = DROPBEAR_RANDOM_DEV;	
-#else
-const char* random_dev = NULL;
-#endif
-
-
 static int donerandinit = 0;
 
 /* this is used to generate unique output from the same hashpool */
@@ -69,9 +62,9 @@ static void readrand(unsigned char* buf, unsigned int buflen) {
 #endif
 
 #ifdef DROPBEAR_RANDOM_DEV
-	readfd = open(random_dev, O_RDONLY);		
+	readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
 	if (readfd < 0) {
-		dropbear_exit("couldn't open %s", random_dev);
+		dropbear_exit("couldn't open random device");
 	}
 #endif
 
diff --git a/random.h b/random.h
index d35320f..84a0a39 100644
--- a/random.h
+++ b/random.h
@@ -33,6 +33,4 @@ void genrandom(unsigned char* buf, int len);
 void addrandom(unsigned char* buf, int len);
 void gen_random_mpint(mp_int *max, mp_int *rand);
 
-extern const char * random_dev;
-
 #endif /* _RANDOM_H_ */
diff --git a/svr-runopts.c b/svr-runopts.c
index 59f4514..dde0b07 100644
--- a/svr-runopts.c
+++ b/svr-runopts.c
@@ -28,7 +28,6 @@
 #include "buffer.h"
 #include "dbutil.h"
 #include "algo.h"
-#include "random.h"
 
 svr_runopts svr_opts; /* GLOBAL */
 
@@ -81,7 +80,6 @@ static void printhelp(const char * progname) {
 #ifdef INETD_MODE
 					"-i		Start for inetd\n"
 #endif
-					"-u		Use /dev/urandom - use with caution\n"
 #ifdef DEBUG_TRACE
 					"-v		verbose\n"
 #endif
@@ -219,7 +217,7 @@ void svr_getopts(int argc, char ** argv) {
 					exit(EXIT_FAILURE);
 					break;
 				case 'u':
-					random_dev = DROPBEAR_URANDOM_DEV;
+					/* backwards compatibility with old urandom option */
 					break;
 #ifdef DEBUG_TRACE
 				case 'v':