The NTP daemon and utilities
CentOS Sources
2014-12-20 c054b85192ea340529fc9a659cac7ea6b893b50e
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
diff -up ntp-4.2.6p5/include/ntp_random.h.orig ntp-4.2.6p5/include/ntp_random.h
--- ntp-4.2.6p5/include/ntp_random.h.orig    2009-12-09 08:36:35.000000000 +0100
+++ ntp-4.2.6p5/include/ntp_random.h    2014-12-19 16:01:32.450628801 +0100
@@ -1,6 +1,9 @@
 
 #include <ntp_types.h>
 
+void ntp_crypto_srandom(void);
+int ntp_crypto_random_buf(void *buf, size_t nbytes);
+
 long ntp_random (void);
 void ntp_srandom (unsigned long);
 void ntp_srandomdev (void);
diff -up ntp-4.2.6p5/libntp/ntp_random.c.orig ntp-4.2.6p5/libntp/ntp_random.c
--- ntp-4.2.6p5/libntp/ntp_random.c.orig    2009-12-09 08:36:36.000000000 +0100
+++ ntp-4.2.6p5/libntp/ntp_random.c    2014-12-19 16:04:32.069016676 +0100
@@ -481,3 +481,63 @@ ntp_random( void )
     }
     return(i);
 }
+
+/*
+ * Crypto-quality random number functions
+ *
+ * Author: Harlan Stenn, 2014
+ *
+ * This file is Copyright (c) 2014 by Network Time Foundation.
+ * BSD terms apply: see the file COPYRIGHT in the distribution root for details.
+ */
+
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+int crypto_rand_init = 0;
+
+/*
+ * ntp_crypto_srandom:
+ *
+ * Initialize the random number generator, if needed by the underlying
+ * crypto random number generation mechanism.
+ */
+
+void
+ntp_crypto_srandom(
+    void
+    )
+{
+    if (!crypto_rand_init) {
+        RAND_poll();
+        crypto_rand_init = 1;
+    }
+}
+
+/*
+ * ntp_crypto_random_buf:
+ *
+ * Returns 0 on success, -1 on error.
+ */
+int
+ntp_crypto_random_buf(
+    void *buf,
+    size_t nbytes
+    )
+{
+    int rc;
+
+    rc = RAND_bytes(buf, nbytes);
+    if (1 != rc) {
+        unsigned long err;
+        char *err_str;
+
+        err = ERR_get_error();
+        err_str = ERR_error_string(err, NULL);
+        /* XXX: Log the error */
+
+        return -1;
+    }
+    return 0;
+}
+
diff -up ntp-4.2.6p5/util/ntp-keygen.c.orig ntp-4.2.6p5/util/ntp-keygen.c
--- ntp-4.2.6p5/util/ntp-keygen.c.orig    2014-12-19 15:27:38.375236349 +0100
+++ ntp-4.2.6p5/util/ntp-keygen.c    2014-12-19 15:58:00.006170042 +0100
@@ -263,6 +263,8 @@ main(
     ssl_check_version();
 #endif /* OPENSSL */
 
+    ntp_crypto_srandom();
+
     /*
      * Process options, initialize host name and timestamp.
      */
@@ -743,7 +745,14 @@ gen_md5(
             int temp;
 
             while (1) {
-                temp = ntp_random() & 0xff;
+                int rc;
+
+                rc = ntp_crypto_random_buf(&temp, 1);
+                if (-1 == rc) {
+                    fprintf(stderr, "ntp_crypto_random_buf() failed.\n");
+                    exit (-1);
+                }
+                temp &= 0xff;
                 if (temp == '#')
                     continue;