changeset 858:220f55d540ae

rename random.h to dbrandom.h since some OSes have a system random.h
author Matt Johnston <matt@ucc.asn.au>
date Thu, 14 Nov 2013 22:05:47 +0800
parents c19acba28590
children 4891acd7ab4f
files Makefile.in cli-agentfwd.c cli-kex.c cli-main.c cli-session.c common-kex.c common-runopts.c common-session.c dbrandom.c dbrandom.h dropbearconvert.c dropbearkey.c dss.c gendss.c genrsa.c gensignkey.c ltc_prng.c packet.c process-packet.c random.c random.h rsa.c svr-agentfwd.c svr-auth.c svr-chansession.c svr-kex.c svr-main.c svr-session.c
diffstat 28 files changed, 372 insertions(+), 372 deletions(-) [+]
line wrap: on
line diff
--- a/Makefile.in	Thu Nov 14 22:03:30 2013 +0800
+++ b/Makefile.in	Thu Nov 14 22:05:47 2013 +0800
@@ -24,7 +24,7 @@
 
 COMMONOBJS=dbutil.o buffer.o \
 		dss.o bignum.o \
-		signkey.o rsa.o random.o \
+		signkey.o rsa.o dbrandom.o \
 		queue.o \
 		atomicio.o compat.o fake-rfc2553.o \
 		ltc_prng.o ecc.o ecdsa.o crypto_desc.o \
@@ -52,7 +52,7 @@
 SCPOBJS=scp.o progressmeter.o atomicio.o scpmisc.o compat.o
 
 HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \
-		dss.h bignum.h signkey.h rsa.h random.h service.h auth.h \
+		dss.h bignum.h signkey.h rsa.h dbrandom.h service.h auth.h \
 		debug.h channel.h chansession.h config.h queue.h sshpty.h \
 		termcodes.h gendss.h genrsa.h runopts.h includes.h \
 		loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
--- a/cli-agentfwd.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/cli-agentfwd.c	Thu Nov 14 22:05:47 2013 +0800
@@ -34,7 +34,7 @@
 #include "channel.h"
 #include "packet.h"
 #include "buffer.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "listener.h"
 #include "runopts.h"
 #include "atomicio.h"
--- a/cli-kex.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/cli-kex.c	Thu Nov 14 22:05:47 2013 +0800
@@ -33,7 +33,7 @@
 #include "ssh.h"
 #include "packet.h"
 #include "bignum.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "runopts.h"
 #include "signkey.h"
 #include "ecc.h"
--- a/cli-main.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/cli-main.c	Thu Nov 14 22:05:47 2013 +0800
@@ -28,7 +28,7 @@
 #include "dbutil.h"
 #include "runopts.h"
 #include "session.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "crypto_desc.h"
 
 static void cli_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
--- a/cli-session.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/cli-session.c	Thu Nov 14 22:05:47 2013 +0800
@@ -31,7 +31,7 @@
 #include "packet.h"
 #include "tcpfwd.h"
 #include "channel.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "service.h"
 #include "runopts.h"
 #include "chansession.h"
--- a/common-kex.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/common-kex.c	Thu Nov 14 22:05:47 2013 +0800
@@ -32,7 +32,7 @@
 #include "ssh.h"
 #include "packet.h"
 #include "bignum.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "runopts.h"
 #include "ecc.h"
 #include "crypto_desc.h"
--- a/common-runopts.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/common-runopts.c	Thu Nov 14 22:05:47 2013 +0800
@@ -29,7 +29,7 @@
 #include "dbutil.h"
 #include "auth.h"
 #include "algo.h"
-#include "random.h"
+#include "dbrandom.h"
 
 runopts opts; /* GLOBAL */
 
--- a/common-session.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/common-session.c	Thu Nov 14 22:05:47 2013 +0800
@@ -30,7 +30,7 @@
 #include "buffer.h"
 #include "dss.h"
 #include "ssh.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "kex.h"
 #include "channel.h"
 #include "runopts.h"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dbrandom.c	Thu Nov 14 22:05:47 2013 +0800
@@ -0,0 +1,312 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "buffer.h"
+#include "dbutil.h"
+#include "bignum.h"
+#include "dbrandom.h"
+
+
+/* this is used to generate unique output from the same hashpool */
+static uint32_t counter = 0;
+/* the max value for the counter, so it won't integer overflow */
+#define MAX_COUNTER 1<<30 
+
+static unsigned char hashpool[SHA1_HASH_SIZE] = {0};
+static int donerandinit = 0;
+
+#define INIT_SEED_SIZE 32 /* 256 bits */
+
+/* The basic setup is we read some data from /dev/(u)random or prngd and hash it
+ * into hashpool. To read data, we hash together current hashpool contents,
+ * and a counter. We feed more data in by hashing the current pool and new
+ * data into the pool.
+ *
+ * It is important to ensure that counter doesn't wrap around before we
+ * feed in new entropy.
+ *
+ */
+
+/* Pass len=0 to hash an entire file */
+static int
+process_file(hash_state *hs, const char *filename,
+		unsigned int len, int prngd)
+{
+	static int already_blocked = 0;
+	int readfd;
+	unsigned int readcount;
+	int ret = DROPBEAR_FAILURE;
+
+#ifdef DROPBEAR_PRNGD_SOCKET
+	if (prngd)
+	{
+		readfd = connect_unix(filename);
+	}
+	else
+#endif
+	{
+		readfd = open(filename, O_RDONLY);
+	}
+
+	if (readfd < 0) {
+		goto out;
+	}
+
+	readcount = 0;
+	while (len == 0 || readcount < len)
+	{
+		int readlen, wantread;
+		unsigned char readbuf[4096];
+		if (!already_blocked && !prngd)
+		{
+			int res;
+			struct timeval timeout;
+			fd_set read_fds;
+
+ 			timeout.tv_sec  = 2;
+ 			timeout.tv_usec = 0;
+
+			FD_ZERO(&read_fds);
+			FD_SET(readfd, &read_fds);
+			res = select(readfd + 1, &read_fds, NULL, NULL, &timeout);
+			if (res == 0)
+			{
+				dropbear_log(LOG_WARNING, "Warning: Reading the randomness source '%s' seems to have blocked.\nYou may need to find a better entropy source.", filename);
+				already_blocked = 1;
+			}
+		}
+
+		if (len == 0)
+		{
+			wantread = sizeof(readbuf);
+		} 
+		else
+		{
+			wantread = MIN(sizeof(readbuf), len-readcount);
+		}
+
+#ifdef DROPBEAR_PRNGD_SOCKET
+		if (prngd)
+		{
+			char egdcmd[2];
+			egdcmd[0] = 0x02;	/* blocking read */
+			egdcmd[1] = (unsigned char)wantread;
+			if (write(readfd, egdcmd, 2) < 0)
+			{
+				dropbear_exit("Can't send command to egd");
+			}
+		}
+#endif
+
+		readlen = read(readfd, readbuf, wantread);
+		if (readlen <= 0) {
+			if (readlen < 0 && errno == EINTR) {
+				continue;
+			}
+			if (readlen == 0 && len == 0)
+			{
+				/* whole file was read as requested */
+				break;
+			}
+			goto out;
+		}
+		sha1_process(hs, readbuf, readlen);
+		readcount += readlen;
+	}
+	ret = DROPBEAR_SUCCESS;
+out:
+	close(readfd);
+	return ret;
+}
+
+void addrandom(char * buf, unsigned int len)
+{
+	hash_state hs;
+
+	/* hash in the new seed data */
+	sha1_init(&hs);
+	/* existing state (zeroes on startup) */
+	sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
+
+	/* new */
+	sha1_process(&hs, buf, len);
+	sha1_done(&hs, hashpool);
+}
+
+static void write_urandom()
+{
+#ifndef DROPBEAR_PRNGD_SOCKET
+	/* This is opportunistic, don't worry about failure */
+	unsigned char buf[INIT_SEED_SIZE];
+	FILE *f = fopen(DROPBEAR_URANDOM_DEV, "w");
+	if (!f) {
+		return;
+	}
+	genrandom(buf, sizeof(buf));
+	fwrite(buf, sizeof(buf), 1, f);
+	fclose(f);
+#endif
+}
+
+/* Initialise the prng from /dev/urandom or prngd. This function can
+ * be called multiple times */
+void seedrandom() {
+		
+	hash_state hs;
+
+	pid_t pid;
+	struct timeval tv;
+	clock_t clockval;
+
+	/* hash in the new seed data */
+	sha1_init(&hs);
+	/* existing state */
+	sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
+
+#ifdef DROPBEAR_PRNGD_SOCKET
+	if (process_file(&hs, DROPBEAR_PRNGD_SOCKET, INIT_SEED_SIZE, 1) 
+			!= DROPBEAR_SUCCESS) {
+		dropbear_exit("Failure reading random device %s", 
+				DROPBEAR_PRNGD_SOCKET);
+	}
+#else
+	/* non-blocking random source (probably /dev/urandom) */
+	if (process_file(&hs, DROPBEAR_URANDOM_DEV, INIT_SEED_SIZE, 0) 
+			!= DROPBEAR_SUCCESS) {
+		dropbear_exit("Failure reading random device %s", 
+				DROPBEAR_URANDOM_DEV);
+	}
+#endif
+
+	/* A few other sources to fall back on. 
+	 * Add more here for other platforms */
+#ifdef __linux__
+	/* Seems to be a reasonable source of entropy from timers. Possibly hard
+	 * for even local attackers to reproduce */
+	process_file(&hs, "/proc/timer_list", 0, 0);
+	/* Might help on systems with wireless */
+	process_file(&hs, "/proc/interrupts", 0, 0);
+
+	process_file(&hs, "/proc/loadavg", 0, 0);
+	process_file(&hs, "/proc/sys/kernel/random/entropy_avail", 0, 0);
+
+	/* Mostly network visible but useful in some situations.
+	 * Limit size to avoid slowdowns on systems with lots of routes */
+	process_file(&hs, "/proc/net/netstat", 4096, 0);
+	process_file(&hs, "/proc/net/dev", 4096, 0);
+	process_file(&hs, "/proc/net/tcp", 4096, 0);
+	/* Also includes interface lo */
+	process_file(&hs, "/proc/net/rt_cache", 4096, 0);
+	process_file(&hs, "/proc/vmstat", 0, 0);
+#endif
+
+	pid = getpid();
+	sha1_process(&hs, (void*)&pid, sizeof(pid));
+
+	/* gettimeofday() doesn't completely fill out struct timeval on 
+	   OS X (10.8.3), avoid valgrind warnings by clearing it first */
+	memset(&tv, 0x0, sizeof(tv));
+	gettimeofday(&tv, NULL);
+	sha1_process(&hs, (void*)&tv, sizeof(tv));
+
+	clockval = clock();
+	sha1_process(&hs, (void*)&clockval, sizeof(clockval));
+
+	/* When a private key is read by the client or server it will
+	 * be added to the hashpool - see runopts.c */
+
+	sha1_done(&hs, hashpool);
+
+	counter = 0;
+	donerandinit = 1;
+
+	/* Feed it all back into /dev/urandom - this might help if Dropbear
+	 * is running from inetd and gets new state each time */
+	write_urandom();
+}
+
+/* return len bytes of pseudo-random data */
+void genrandom(unsigned char* buf, unsigned int len) {
+
+	hash_state hs;
+	unsigned char hash[SHA1_HASH_SIZE];
+	unsigned int copylen;
+
+	if (!donerandinit) {
+		dropbear_exit("seedrandom not done");
+	}
+
+	while (len > 0) {
+		sha1_init(&hs);
+		sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
+		sha1_process(&hs, (void*)&counter, sizeof(counter));
+		sha1_done(&hs, hash);
+
+		counter++;
+		if (counter > MAX_COUNTER) {
+			seedrandom();
+		}
+
+		copylen = MIN(len, SHA1_HASH_SIZE);
+		memcpy(buf, hash, copylen);
+		len -= copylen;
+		buf += copylen;
+	}
+	m_burn(hash, sizeof(hash));
+}
+
+/* Generates a random mp_int. 
+ * max is a *mp_int specifying an upper bound.
+ * rand must be an initialised *mp_int for the result.
+ * the result rand satisfies:  0 < rand < max 
+ * */
+void gen_random_mpint(mp_int *max, mp_int *rand) {
+
+	unsigned char *randbuf = NULL;
+	unsigned int len = 0;
+	const unsigned char masks[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
+
+	const int size_bits = mp_count_bits(max);
+
+	len = size_bits / 8;
+	if ((size_bits % 8) != 0) {
+		len += 1;
+	}
+
+	randbuf = (unsigned char*)m_malloc(len);
+	do {
+		genrandom(randbuf, len);
+		/* Mask out the unrequired bits - mp_read_unsigned_bin expects
+		 * MSB first.*/
+		randbuf[0] &= masks[size_bits % 8];
+
+		bytes_to_mp(rand, randbuf, len);
+
+		/* keep regenerating until we get one satisfying
+		 * 0 < rand < max    */
+	} while (mp_cmp(rand, max) != MP_LT);
+	m_burn(randbuf, len);
+	m_free(randbuf);
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dbrandom.h	Thu Nov 14 22:05:47 2013 +0800
@@ -0,0 +1,35 @@
+/*
+ * Dropbear - a SSH2 server
+ * 
+ * Copyright (c) 2002,2003 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef _RANDOM_H_
+#define _RANDOM_H_
+
+#include "includes.h"
+
+void seedrandom();
+void genrandom(unsigned char* buf, unsigned int len);
+void addrandom(char * buf, unsigned int len);
+void gen_random_mpint(mp_int *max, mp_int *rand);
+
+#endif /* _RANDOM_H_ */
--- a/dropbearconvert.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/dropbearconvert.c	Thu Nov 14 22:05:47 2013 +0800
@@ -29,7 +29,7 @@
 #include "dbutil.h"
 #include "keyimport.h"
 #include "crypto_desc.h" 
-#include "random.h" 
+#include "dbrandom.h" 
 
 
 static int do_convert(int intype, const char* infile, int outtype,
--- a/dropbearkey.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/dropbearkey.c	Thu Nov 14 22:05:47 2013 +0800
@@ -53,7 +53,7 @@
 #include "gendss.h"
 #include "ecdsa.h"
 #include "crypto_desc.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "gensignkey.h"
 
 static void printhelp(char * progname);
--- a/dss.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/dss.c	Thu Nov 14 22:05:47 2013 +0800
@@ -28,7 +28,7 @@
 #include "dss.h"
 #include "buffer.h"
 #include "ssh.h"
-#include "random.h"
+#include "dbrandom.h"
 
 /* Handle DSS (Digital Signature Standard), aka DSA (D.S. Algorithm),
  * operations, such as key reading, signing, verification. Key generation
--- a/gendss.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/gendss.c	Thu Nov 14 22:05:47 2013 +0800
@@ -26,7 +26,7 @@
 #include "dbutil.h"
 #include "signkey.h"
 #include "bignum.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "buffer.h"
 #include "gendss.h"
 #include "dss.h"
--- a/genrsa.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/genrsa.c	Thu Nov 14 22:05:47 2013 +0800
@@ -25,7 +25,7 @@
 #include "includes.h"
 #include "dbutil.h"
 #include "bignum.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "rsa.h"
 #include "genrsa.h"
 
--- a/gensignkey.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/gensignkey.c	Thu Nov 14 22:05:47 2013 +0800
@@ -5,7 +5,7 @@
 #include "genrsa.h"
 #include "gendss.h"
 #include "signkey.h"
-#include "random.h"
+#include "dbrandom.h"
 
 #define RSA_DEFAULT_SIZE 2048
 #define DSS_DEFAULT_SIZE 1024
--- a/ltc_prng.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/ltc_prng.c	Thu Nov 14 22:05:47 2013 +0800
@@ -13,7 +13,7 @@
  */
 #include "options.h"
 #include "includes.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "ltc_prng.h"
 
 /**
--- a/packet.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/packet.c	Thu Nov 14 22:05:47 2013 +0800
@@ -30,7 +30,7 @@
 #include "algo.h"
 #include "buffer.h"
 #include "kex.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "service.h"
 #include "auth.h"
 #include "channel.h"
--- a/process-packet.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/process-packet.c	Thu Nov 14 22:05:47 2013 +0800
@@ -30,7 +30,7 @@
 #include "algo.h"
 #include "buffer.h"
 #include "kex.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "service.h"
 #include "auth.h"
 #include "channel.h"
--- a/random.c	Thu Nov 14 22:03:30 2013 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,312 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#include "includes.h"
-#include "buffer.h"
-#include "dbutil.h"
-#include "bignum.h"
-#include "random.h"
-
-
-/* this is used to generate unique output from the same hashpool */
-static uint32_t counter = 0;
-/* the max value for the counter, so it won't integer overflow */
-#define MAX_COUNTER 1<<30 
-
-static unsigned char hashpool[SHA1_HASH_SIZE] = {0};
-static int donerandinit = 0;
-
-#define INIT_SEED_SIZE 32 /* 256 bits */
-
-/* The basic setup is we read some data from /dev/(u)random or prngd and hash it
- * into hashpool. To read data, we hash together current hashpool contents,
- * and a counter. We feed more data in by hashing the current pool and new
- * data into the pool.
- *
- * It is important to ensure that counter doesn't wrap around before we
- * feed in new entropy.
- *
- */
-
-/* Pass len=0 to hash an entire file */
-static int
-process_file(hash_state *hs, const char *filename,
-		unsigned int len, int prngd)
-{
-	static int already_blocked = 0;
-	int readfd;
-	unsigned int readcount;
-	int ret = DROPBEAR_FAILURE;
-
-#ifdef DROPBEAR_PRNGD_SOCKET
-	if (prngd)
-	{
-		readfd = connect_unix(filename);
-	}
-	else
-#endif
-	{
-		readfd = open(filename, O_RDONLY);
-	}
-
-	if (readfd < 0) {
-		goto out;
-	}
-
-	readcount = 0;
-	while (len == 0 || readcount < len)
-	{
-		int readlen, wantread;
-		unsigned char readbuf[4096];
-		if (!already_blocked && !prngd)
-		{
-			int res;
-			struct timeval timeout;
-			fd_set read_fds;
-
- 			timeout.tv_sec  = 2;
- 			timeout.tv_usec = 0;
-
-			FD_ZERO(&read_fds);
-			FD_SET(readfd, &read_fds);
-			res = select(readfd + 1, &read_fds, NULL, NULL, &timeout);
-			if (res == 0)
-			{
-				dropbear_log(LOG_WARNING, "Warning: Reading the randomness source '%s' seems to have blocked.\nYou may need to find a better entropy source.", filename);
-				already_blocked = 1;
-			}
-		}
-
-		if (len == 0)
-		{
-			wantread = sizeof(readbuf);
-		} 
-		else
-		{
-			wantread = MIN(sizeof(readbuf), len-readcount);
-		}
-
-#ifdef DROPBEAR_PRNGD_SOCKET
-		if (prngd)
-		{
-			char egdcmd[2];
-			egdcmd[0] = 0x02;	/* blocking read */
-			egdcmd[1] = (unsigned char)wantread;
-			if (write(readfd, egdcmd, 2) < 0)
-			{
-				dropbear_exit("Can't send command to egd");
-			}
-		}
-#endif
-
-		readlen = read(readfd, readbuf, wantread);
-		if (readlen <= 0) {
-			if (readlen < 0 && errno == EINTR) {
-				continue;
-			}
-			if (readlen == 0 && len == 0)
-			{
-				/* whole file was read as requested */
-				break;
-			}
-			goto out;
-		}
-		sha1_process(hs, readbuf, readlen);
-		readcount += readlen;
-	}
-	ret = DROPBEAR_SUCCESS;
-out:
-	close(readfd);
-	return ret;
-}
-
-void addrandom(char * buf, unsigned int len)
-{
-	hash_state hs;
-
-	/* hash in the new seed data */
-	sha1_init(&hs);
-	/* existing state (zeroes on startup) */
-	sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
-
-	/* new */
-	sha1_process(&hs, buf, len);
-	sha1_done(&hs, hashpool);
-}
-
-static void write_urandom()
-{
-#ifndef DROPBEAR_PRNGD_SOCKET
-	/* This is opportunistic, don't worry about failure */
-	unsigned char buf[INIT_SEED_SIZE];
-	FILE *f = fopen(DROPBEAR_URANDOM_DEV, "w");
-	if (!f) {
-		return;
-	}
-	genrandom(buf, sizeof(buf));
-	fwrite(buf, sizeof(buf), 1, f);
-	fclose(f);
-#endif
-}
-
-/* Initialise the prng from /dev/urandom or prngd. This function can
- * be called multiple times */
-void seedrandom() {
-		
-	hash_state hs;
-
-	pid_t pid;
-	struct timeval tv;
-	clock_t clockval;
-
-	/* hash in the new seed data */
-	sha1_init(&hs);
-	/* existing state */
-	sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
-
-#ifdef DROPBEAR_PRNGD_SOCKET
-	if (process_file(&hs, DROPBEAR_PRNGD_SOCKET, INIT_SEED_SIZE, 1) 
-			!= DROPBEAR_SUCCESS) {
-		dropbear_exit("Failure reading random device %s", 
-				DROPBEAR_PRNGD_SOCKET);
-	}
-#else
-	/* non-blocking random source (probably /dev/urandom) */
-	if (process_file(&hs, DROPBEAR_URANDOM_DEV, INIT_SEED_SIZE, 0) 
-			!= DROPBEAR_SUCCESS) {
-		dropbear_exit("Failure reading random device %s", 
-				DROPBEAR_URANDOM_DEV);
-	}
-#endif
-
-	/* A few other sources to fall back on. 
-	 * Add more here for other platforms */
-#ifdef __linux__
-	/* Seems to be a reasonable source of entropy from timers. Possibly hard
-	 * for even local attackers to reproduce */
-	process_file(&hs, "/proc/timer_list", 0, 0);
-	/* Might help on systems with wireless */
-	process_file(&hs, "/proc/interrupts", 0, 0);
-
-	process_file(&hs, "/proc/loadavg", 0, 0);
-	process_file(&hs, "/proc/sys/kernel/random/entropy_avail", 0, 0);
-
-	/* Mostly network visible but useful in some situations.
-	 * Limit size to avoid slowdowns on systems with lots of routes */
-	process_file(&hs, "/proc/net/netstat", 4096, 0);
-	process_file(&hs, "/proc/net/dev", 4096, 0);
-	process_file(&hs, "/proc/net/tcp", 4096, 0);
-	/* Also includes interface lo */
-	process_file(&hs, "/proc/net/rt_cache", 4096, 0);
-	process_file(&hs, "/proc/vmstat", 0, 0);
-#endif
-
-	pid = getpid();
-	sha1_process(&hs, (void*)&pid, sizeof(pid));
-
-	/* gettimeofday() doesn't completely fill out struct timeval on 
-	   OS X (10.8.3), avoid valgrind warnings by clearing it first */
-	memset(&tv, 0x0, sizeof(tv));
-	gettimeofday(&tv, NULL);
-	sha1_process(&hs, (void*)&tv, sizeof(tv));
-
-	clockval = clock();
-	sha1_process(&hs, (void*)&clockval, sizeof(clockval));
-
-	/* When a private key is read by the client or server it will
-	 * be added to the hashpool - see runopts.c */
-
-	sha1_done(&hs, hashpool);
-
-	counter = 0;
-	donerandinit = 1;
-
-	/* Feed it all back into /dev/urandom - this might help if Dropbear
-	 * is running from inetd and gets new state each time */
-	write_urandom();
-}
-
-/* return len bytes of pseudo-random data */
-void genrandom(unsigned char* buf, unsigned int len) {
-
-	hash_state hs;
-	unsigned char hash[SHA1_HASH_SIZE];
-	unsigned int copylen;
-
-	if (!donerandinit) {
-		dropbear_exit("seedrandom not done");
-	}
-
-	while (len > 0) {
-		sha1_init(&hs);
-		sha1_process(&hs, (void*)hashpool, sizeof(hashpool));
-		sha1_process(&hs, (void*)&counter, sizeof(counter));
-		sha1_done(&hs, hash);
-
-		counter++;
-		if (counter > MAX_COUNTER) {
-			seedrandom();
-		}
-
-		copylen = MIN(len, SHA1_HASH_SIZE);
-		memcpy(buf, hash, copylen);
-		len -= copylen;
-		buf += copylen;
-	}
-	m_burn(hash, sizeof(hash));
-}
-
-/* Generates a random mp_int. 
- * max is a *mp_int specifying an upper bound.
- * rand must be an initialised *mp_int for the result.
- * the result rand satisfies:  0 < rand < max 
- * */
-void gen_random_mpint(mp_int *max, mp_int *rand) {
-
-	unsigned char *randbuf = NULL;
-	unsigned int len = 0;
-	const unsigned char masks[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
-
-	const int size_bits = mp_count_bits(max);
-
-	len = size_bits / 8;
-	if ((size_bits % 8) != 0) {
-		len += 1;
-	}
-
-	randbuf = (unsigned char*)m_malloc(len);
-	do {
-		genrandom(randbuf, len);
-		/* Mask out the unrequired bits - mp_read_unsigned_bin expects
-		 * MSB first.*/
-		randbuf[0] &= masks[size_bits % 8];
-
-		bytes_to_mp(rand, randbuf, len);
-
-		/* keep regenerating until we get one satisfying
-		 * 0 < rand < max    */
-	} while (mp_cmp(rand, max) != MP_LT);
-	m_burn(randbuf, len);
-	m_free(randbuf);
-}
--- a/random.h	Thu Nov 14 22:03:30 2013 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-/*
- * Dropbear - a SSH2 server
- * 
- * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
-
-#ifndef _RANDOM_H_
-#define _RANDOM_H_
-
-#include "includes.h"
-
-void seedrandom();
-void genrandom(unsigned char* buf, unsigned int len);
-void addrandom(char * buf, unsigned int len);
-void gen_random_mpint(mp_int *max, mp_int *rand);
-
-#endif /* _RANDOM_H_ */
--- a/rsa.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/rsa.c	Thu Nov 14 22:05:47 2013 +0800
@@ -34,7 +34,7 @@
 #include "rsa.h"
 #include "buffer.h"
 #include "ssh.h"
-#include "random.h"
+#include "dbrandom.h"
 
 #ifdef DROPBEAR_RSA 
 
--- a/svr-agentfwd.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/svr-agentfwd.c	Thu Nov 14 22:05:47 2013 +0800
@@ -37,7 +37,7 @@
 #include "channel.h"
 #include "packet.h"
 #include "buffer.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "listener.h"
 #include "auth.h"
 
--- a/svr-auth.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/svr-auth.c	Thu Nov 14 22:05:47 2013 +0800
@@ -33,7 +33,7 @@
 #include "packet.h"
 #include "auth.h"
 #include "runopts.h"
-#include "random.h"
+#include "dbrandom.h"
 
 static void authclear();
 static int checkusername(unsigned char *username, unsigned int userlen);
--- a/svr-chansession.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/svr-chansession.c	Thu Nov 14 22:05:47 2013 +0800
@@ -32,7 +32,7 @@
 #include "sshpty.h"
 #include "termcodes.h"
 #include "ssh.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "x11fwd.h"
 #include "agentfwd.h"
 #include "runopts.h"
--- a/svr-kex.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/svr-kex.c	Thu Nov 14 22:05:47 2013 +0800
@@ -32,7 +32,7 @@
 #include "ssh.h"
 #include "packet.h"
 #include "bignum.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "runopts.h"
 #include "ecc.h"
 #include "gensignkey.h"
--- a/svr-main.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/svr-main.c	Thu Nov 14 22:05:47 2013 +0800
@@ -28,7 +28,7 @@
 #include "buffer.h"
 #include "signkey.h"
 #include "runopts.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "crypto_desc.h"
 
 static size_t listensockets(int *sock, size_t sockcount, int *maxfd);
--- a/svr-session.c	Thu Nov 14 22:03:30 2013 +0800
+++ b/svr-session.c	Thu Nov 14 22:05:47 2013 +0800
@@ -30,7 +30,7 @@
 #include "buffer.h"
 #include "dss.h"
 #include "ssh.h"
-#include "random.h"
+#include "dbrandom.h"
 #include "kex.h"
 #include "channel.h"
 #include "chansession.h"