|
 |
2b78f7 |
diff -up ntp-4.2.6p5/include/ntp_random.h.orig ntp-4.2.6p5/include/ntp_random.h
|
|
|
2b78f7 |
--- ntp-4.2.6p5/include/ntp_random.h.orig 2009-12-09 08:36:35.000000000 +0100
|
|
|
2b78f7 |
+++ ntp-4.2.6p5/include/ntp_random.h 2014-12-19 16:01:32.450628801 +0100
|
|
|
2b78f7 |
@@ -1,6 +1,9 @@
|
|
|
2b78f7 |
|
|
|
2b78f7 |
#include <ntp_types.h>
|
|
|
2b78f7 |
|
|
|
2b78f7 |
+void ntp_crypto_srandom(void);
|
|
|
2b78f7 |
+int ntp_crypto_random_buf(void *buf, size_t nbytes);
|
|
|
2b78f7 |
+
|
|
|
2b78f7 |
long ntp_random (void);
|
|
|
2b78f7 |
void ntp_srandom (unsigned long);
|
|
|
2b78f7 |
void ntp_srandomdev (void);
|
|
|
2b78f7 |
diff -up ntp-4.2.6p5/libntp/ntp_random.c.orig ntp-4.2.6p5/libntp/ntp_random.c
|
|
|
2b78f7 |
--- ntp-4.2.6p5/libntp/ntp_random.c.orig 2009-12-09 08:36:36.000000000 +0100
|
|
|
2b78f7 |
+++ ntp-4.2.6p5/libntp/ntp_random.c 2014-12-19 16:04:32.069016676 +0100
|
|
|
2b78f7 |
@@ -481,3 +481,63 @@ ntp_random( void )
|
|
|
2b78f7 |
}
|
|
|
2b78f7 |
return(i);
|
|
|
2b78f7 |
}
|
|
|
2b78f7 |
+
|
|
|
2b78f7 |
+/*
|
|
|
2b78f7 |
+ * Crypto-quality random number functions
|
|
|
2b78f7 |
+ *
|
|
|
2b78f7 |
+ * Author: Harlan Stenn, 2014
|
|
|
2b78f7 |
+ *
|
|
|
2b78f7 |
+ * This file is Copyright (c) 2014 by Network Time Foundation.
|
|
|
2b78f7 |
+ * BSD terms apply: see the file COPYRIGHT in the distribution root for details.
|
|
|
2b78f7 |
+ */
|
|
|
2b78f7 |
+
|
|
|
2b78f7 |
+#include <openssl/err.h>
|
|
|
2b78f7 |
+#include <openssl/rand.h>
|
|
|
2b78f7 |
+
|
|
|
2b78f7 |
+int crypto_rand_init = 0;
|
|
|
2b78f7 |
+
|
|
|
2b78f7 |
+/*
|
|
|
2b78f7 |
+ * ntp_crypto_srandom:
|
|
|
2b78f7 |
+ *
|
|
|
2b78f7 |
+ * Initialize the random number generator, if needed by the underlying
|
|
|
2b78f7 |
+ * crypto random number generation mechanism.
|
|
|
2b78f7 |
+ */
|
|
|
2b78f7 |
+
|
|
|
2b78f7 |
+void
|
|
|
2b78f7 |
+ntp_crypto_srandom(
|
|
|
2b78f7 |
+ void
|
|
|
2b78f7 |
+ )
|
|
|
2b78f7 |
+{
|
|
|
2b78f7 |
+ if (!crypto_rand_init) {
|
|
|
2b78f7 |
+ RAND_poll();
|
|
|
2b78f7 |
+ crypto_rand_init = 1;
|
|
|
2b78f7 |
+ }
|
|
|
2b78f7 |
+}
|
|
|
2b78f7 |
+
|
|
|
2b78f7 |
+/*
|
|
|
2b78f7 |
+ * ntp_crypto_random_buf:
|
|
|
2b78f7 |
+ *
|
|
|
2b78f7 |
+ * Returns 0 on success, -1 on error.
|
|
|
2b78f7 |
+ */
|
|
|
2b78f7 |
+int
|
|
|
2b78f7 |
+ntp_crypto_random_buf(
|
|
|
2b78f7 |
+ void *buf,
|
|
|
2b78f7 |
+ size_t nbytes
|
|
|
2b78f7 |
+ )
|
|
|
2b78f7 |
+{
|
|
|
2b78f7 |
+ int rc;
|
|
|
2b78f7 |
+
|
|
|
2b78f7 |
+ rc = RAND_bytes(buf, nbytes);
|
|
|
2b78f7 |
+ if (1 != rc) {
|
|
|
2b78f7 |
+ unsigned long err;
|
|
|
2b78f7 |
+ char *err_str;
|
|
|
2b78f7 |
+
|
|
|
2b78f7 |
+ err = ERR_get_error();
|
|
|
2b78f7 |
+ err_str = ERR_error_string(err, NULL);
|
|
|
2b78f7 |
+ /* XXX: Log the error */
|
|
|
2b78f7 |
+
|
|
|
2b78f7 |
+ return -1;
|
|
|
2b78f7 |
+ }
|
|
|
2b78f7 |
+ return 0;
|
|
|
2b78f7 |
+}
|
|
|
2b78f7 |
+
|
|
|
2b78f7 |
diff -up ntp-4.2.6p5/util/ntp-keygen.c.orig ntp-4.2.6p5/util/ntp-keygen.c
|
|
|
2b78f7 |
--- ntp-4.2.6p5/util/ntp-keygen.c.orig 2014-12-19 15:27:38.375236349 +0100
|
|
|
2b78f7 |
+++ ntp-4.2.6p5/util/ntp-keygen.c 2014-12-19 15:58:00.006170042 +0100
|
|
|
2b78f7 |
@@ -263,6 +263,8 @@ main(
|
|
|
2b78f7 |
ssl_check_version();
|
|
|
2b78f7 |
#endif /* OPENSSL */
|
|
|
2b78f7 |
|
|
|
2b78f7 |
+ ntp_crypto_srandom();
|
|
|
2b78f7 |
+
|
|
|
2b78f7 |
/*
|
|
|
2b78f7 |
* Process options, initialize host name and timestamp.
|
|
|
2b78f7 |
*/
|
|
|
2b78f7 |
@@ -743,7 +745,14 @@ gen_md5(
|
|
|
2b78f7 |
int temp;
|
|
|
2b78f7 |
|
|
|
2b78f7 |
while (1) {
|
|
|
2b78f7 |
- temp = ntp_random() & 0xff;
|
|
|
2b78f7 |
+ int rc;
|
|
|
2b78f7 |
+
|
|
|
2b78f7 |
+ rc = ntp_crypto_random_buf(&temp, 1);
|
|
|
2b78f7 |
+ if (-1 == rc) {
|
|
|
2b78f7 |
+ fprintf(stderr, "ntp_crypto_random_buf() failed.\n");
|
|
|
2b78f7 |
+ exit (-1);
|
|
|
2b78f7 |
+ }
|
|
|
2b78f7 |
+ temp &= 0xff;
|
|
|
2b78f7 |
if (temp == '#')
|
|
|
2b78f7 |
continue;
|
|
|
2b78f7 |
|