ntp_random - please check

Hal Murray hmurray at megapathdsl.net
Fri Jul 6 20:27:30 UTC 2018

The old code was going through a maybe byte-swap.  That seems bogus.  If 
nothing else, it adds a layer of confusion when trying to figure out what the 
code does.  Even if the data is going on the wire and normal data would get 
byte-swapped, there is no need to swap random bits.

Also, it didn't check the return code.  That raises an interesting question.  
What should we do if there isn't enough entropy?

How much entropy is there in a typical system?  Can a malicious user use it 
all up?  Could a busy server run out?

Would somebody please eyeball these changes.  Thanks.

-       unsigned char rnd[sizeof(uint32_t)];
-       RAND_bytes(rnd, sizeof(rnd));
-       return (int32_t)ntp_be32dec(rnd);

+       int err;
+       uint32_t rnd;
+       err = RAND_bytes((unsigned char *)&rnd, sizeof(rnd));
+       if (1 != err) {
+               msyslog(LOG_ERR, "ERR: ntp_random - RAND_bytes failed");
+         exit(1);
+       }
+       return rnd;

These are my opinions.  I hate spam.

More information about the devel mailing list