libntp/ntp_random.c

   1 /*
   2  * Copyright the NTPsec project contributors
   3  * SPDX-License-Identifier: BSD-2-Clause
   4  */
   5
   6 #include <stdint.h>
   7
   8 #include <openssl/opensslv.h>
   9 #include <openssl/rand.h>
  10
  11 #include "config.h"
  12 #include "ntp.h"
  13
  14 /* NB: RAND_bytes comes from OpenSSL
  15  * Starting in version 1.1.1, it reseeds itself occasionally.
  16  * That may need access to /dev/urandom which may be blocked by chroot jails.
  17  * getrandom(2) is used when available.  It was added to Linux kernel 3.17
  18  * so this won't be a problem on newer Linux systems.
  19  */
  20
  21 void ntp_RAND_bytes(unsigned char *buf, int num) {
  22         int err;
  23         err = RAND_bytes(buf, num);
  24         if (1 != err) {
  25                 msyslog(LOG_ERR, "ERR: RAND_bytes failed");
  26                 exit(1);
  27         }
  28 }
  29
  30 void ntp_RAND_priv_bytes(unsigned char *buf, int num) {
  31         int err;
  32 #if (OPENSSL_VERSION_NUMBER > 0x1010100fL) && !defined(LIBRESSL_VERSION_NUMBER)
  33         err = RAND_priv_bytes(buf, num);
  34 #else
  35         err = RAND_bytes(buf, num);
  36 #endif
  37         if (1 != err) {
  38                 msyslog(LOG_ERR, "ERR: RAND_priv_bytes failed");
  39                 exit(1);
  40         }
  41 }