[ntp] don't generate weak MD5 keys in ntp-keygen (CVE-2014-9294)

Fri Dec 19 18:46:19 UTC 2014

commit 93df8f66aa50b2904118c04069e7478a4fe9ec9a
Author: Miroslav Lichvar <mlichvar at redhat.com>
Date:   Fri Dec 19 19:41:57 2014 +0100

    don't generate weak MD5 keys in ntp-keygen (CVE-2014-9294)

 ntp-4.2.6p5-cve-2014-9294.patch |  108 +++++++++++++++++++++++++++++++++++++++
 ntp.spec                        |    3 +
 2 files changed, 111 insertions(+), 0 deletions(-)
---

diff --git a/ntp-4.2.6p5-cve-2014-9294.patch b/ntp-4.2.6p5-cve-2014-9294.patch
new file mode 100644
index 0000000..808ca11
--- /dev/null
+++ b/ntp-4.2.6p5-cve-2014-9294.patch
@@ -0,0 +1,108 @@
+diff -up ntp-4.2.6p5/include/ntp_random.h.orig ntp-4.2.6p5/include/ntp_random.h
+--- ntp-4.2.6p5/include/ntp_random.h.orig	2009-12-09 08:36:35.000000000 +0100
++++ ntp-4.2.6p5/include/ntp_random.h	2014-12-19 16:01:32.450628801 +0100
+@@ -1,6 +1,9 @@
+ 
+ #include <ntp_types.h>
+ 
++void ntp_crypto_srandom(void);
++int ntp_crypto_random_buf(void *buf, size_t nbytes);
++
+ long ntp_random (void);
+ void ntp_srandom (unsigned long);
+ void ntp_srandomdev (void);
+diff -up ntp-4.2.6p5/libntp/ntp_random.c.orig ntp-4.2.6p5/libntp/ntp_random.c
+--- ntp-4.2.6p5/libntp/ntp_random.c.orig	2009-12-09 08:36:36.000000000 +0100
++++ ntp-4.2.6p5/libntp/ntp_random.c	2014-12-19 16:04:32.069016676 +0100
+@@ -481,3 +481,63 @@ ntp_random( void )
+ 	}
+ 	return(i);
+ }
++
++/*
++ * Crypto-quality random number functions
++ *
++ * Author: Harlan Stenn, 2014
++ *
++ * This file is Copyright (c) 2014 by Network Time Foundation.
++ * BSD terms apply: see the file COPYRIGHT in the distribution root for details.
++ */
++
++#include <openssl/err.h>
++#include <openssl/rand.h>
++
++int crypto_rand_init = 0;
++
++/*
++ * ntp_crypto_srandom:
++ *
++ * Initialize the random number generator, if needed by the underlying
++ * crypto random number generation mechanism.
++ */
++
++void
++ntp_crypto_srandom(
++	void
++	)
++{
++	if (!crypto_rand_init) {
++		RAND_poll();
++		crypto_rand_init = 1;
++	}
++}
++
++/*
++ * ntp_crypto_random_buf:
++ *
++ * Returns 0 on success, -1 on error.
++ */
++int
++ntp_crypto_random_buf(
++	void *buf,
++	size_t nbytes
++	)
++{
++	int rc;
++
++	rc = RAND_bytes(buf, nbytes);
++	if (1 != rc) {
++		unsigned long err;
++		char *err_str;
++
++		err = ERR_get_error();
++		err_str = ERR_error_string(err, NULL);
++		/* XXX: Log the error */
++
++		return -1;
++	}
++	return 0;
++}
++
+diff -up ntp-4.2.6p5/util/ntp-keygen.c.orig ntp-4.2.6p5/util/ntp-keygen.c
+--- ntp-4.2.6p5/util/ntp-keygen.c.orig	2014-12-19 15:27:38.375236349 +0100
++++ ntp-4.2.6p5/util/ntp-keygen.c	2014-12-19 15:58:00.006170042 +0100
+@@ -263,6 +263,8 @@ main(
+ 	ssl_check_version();
+ #endif /* OPENSSL */
+ 
++	ntp_crypto_srandom();
++
+ 	/*
+ 	 * Process options, initialize host name and timestamp.
+ 	 */
+@@ -743,7 +745,14 @@ gen_md5(
+ 			int temp;
+ 
+ 			while (1) {
+-				temp = ntp_random() & 0xff;
++				int rc;
++
++				rc = ntp_crypto_random_buf(&temp, 1);
++				if (-1 == rc) {
++					fprintf(stderr, "ntp_crypto_random_buf() failed.\n");
++					exit (-1);
++				}
++				temp &= 0xff;
+ 				if (temp == '#')
+ 					continue;
+ 
diff --git a/ntp.spec b/ntp.spec
index d13abd6..e618fc3 100644
--- a/ntp.spec
+++ b/ntp.spec
@@ -95,6 +95,8 @@ Patch21: ntp-4.2.6p5-monwarn.patch
 Patch22: ntp-4.2.6p5-testmain.patch
 # ntpbz #1232
 Patch23: ntp-4.2.6p5-nanoshm.patch
+# ntpbz #2666
+Patch24: ntp-4.2.6p5-cve-2014-9294.patch
 
 # handle unknown clock types
 Patch50: ntpstat-0.2-clksrc.patch
@@ -206,6 +208,7 @@ This package contains NTP documentation in HTML format.
 %patch21 -p1 -b .monwarn
 %patch22 -p1 -b .testmain
 %patch23 -p1 -b .nanoshm
+%patch24 -p1 -b .cve-2014-9294
 
 # ntpstat patches
 %patch50 -p1 -b .clksrc
