CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys 

Upstream-Status: Backport [Debian]

Signed-off-by: Armin Kuster <akuster808@gmail.com>

Index: ntp-4.2.6p5/include/ntp_random.h
===================================================================
--- ntp-4.2.6p5.orig/include/ntp_random.h
+++ ntp-4.2.6p5/include/ntp_random.h
@@ -1,6 +1,9 @@
 
 #include <ntp_types.h>
 
+void ntp_crypto_srandom(void);
+int ntp_crypto_random_buf(void *buf, size_t nbytes);
+
 long ntp_random (void);
 void ntp_srandom (unsigned long);
 void ntp_srandomdev (void);
Index: ntp-4.2.6p5/libntp/ntp_random.c
===================================================================
--- ntp-4.2.6p5.orig/libntp/ntp_random.c
+++ ntp-4.2.6p5/libntp/ntp_random.c
@@ -481,3 +481,74 @@ ntp_random( void )
 	}
 	return(i);
 }
+
+/*
+ * Crypto-quality random number functions
+ *
+ * Author: Harlan Stenn, 2014
+ *
+ * This file is Copyright (c) 2014 by Network Time Foundation.
+ * BSD terms apply: see the file COPYRIGHT in the distribution root for details.
+ */
+
+#ifdef OPENSSL
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+int crypto_rand_init = 0;
+#endif
+
+/*
+ * ntp_crypto_srandom:
+ *
+ * Initialize the random number generator, if needed by the underlying
+ * crypto random number generation mechanism.
+ */
+
+void
+ntp_crypto_srandom(
+	void
+	)
+{
+#ifdef OPENSSL
+	if (!crypto_rand_init) {
+		RAND_poll();
+		crypto_rand_init = 1;
+	}
+#else
+   /* No initialization needed for arc4random() */
+#endif
+}
+
+/*
+ * ntp_crypto_random_buf:
+ *
+ * Returns 0 on success, -1 on error.
+ */
+int
+ntp_crypto_random_buf(
+	void *buf,
+	size_t nbytes
+	)
+{
+#ifdef OPENSSL
+	int rc;
+
+	rc = RAND_bytes(buf, nbytes);
+	if (1 != rc) {
+		unsigned long err;
+		char *err_str;
+
+		err = ERR_get_error();
+		err_str = ERR_error_string(err, NULL);
+		/* XXX: Log the error */
+
+		return -1;
+	}
+	return 0;
+#else
+   arc4random_buf(buf, nbytes);
+   return 0;
+#endif
+}
+
Index: ntp-4.2.6p5/util/ntp-keygen.c
===================================================================
--- ntp-4.2.6p5.orig/util/ntp-keygen.c
+++ ntp-4.2.6p5/util/ntp-keygen.c
@@ -261,6 +261,8 @@ main(
 	ssl_check_version();
 #endif /* OPENSSL */
 
+	ntp_crypto_srandom();
+
 	/*
 	 * Process options, initialize host name and timestamp.
 	 */
@@ -727,7 +729,14 @@ gen_md5(
 			int temp;
 
 			while (1) {
-				temp = ntp_random() & 0xff;
+				int rc;
+
+				rc = ntp_crypto_random_buf(&temp, 1);
+				if (-1 == rc) {
+					fprintf(stderr, "ntp_crypto_random_buf() failed.\n");
+					exit (-1);
+				}
+				temp &= 0xff;
 				if (temp == '#')
 					continue;