From c7ae6947ca5703bf36c1a4ad3414e16fc93539e7 Mon Sep 17 00:00:00 2001
From: jow <jow@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Mon, 27 Oct 2014 11:09:37 +0000
Subject: [PATCH] BB: px5g-standalone: use /dev/urandom to initialize serial
 (#18232)

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r43080

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43083 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/utils/px5g-standalone/Makefile        |  4 +--
 .../px5g-standalone/src/library/x509write.c   | 27 +++++++++++++++++--
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/package/utils/px5g-standalone/Makefile b/package/utils/px5g-standalone/Makefile
index fc5f391..d6843b0 100644
--- a/package/utils/px5g-standalone/Makefile
+++ b/package/utils/px5g-standalone/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org>
+# Copyright (C) 2010-2014 Jo-Philipp Wich <xm@subsignal.org>
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=px5g
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
 PKG_CHECK_FORMAT_SECURITY:=0
diff --git a/package/utils/px5g-standalone/src/library/x509write.c b/package/utils/px5g-standalone/src/library/x509write.c
index fabee20..1091568 100644
--- a/package/utils/px5g-standalone/src/library/x509write.c
+++ b/package/utils/px5g-standalone/src/library/x509write.c
@@ -999,6 +999,26 @@ static int x509write_make_sign(x509_raw *chain, rsa_context *privkey)
                   (unsigned char*)"", 0);
 }
 
+/*
+ * Create a random serial
+ */
+static int get_random_serial(void)
+{
+    int random = 0;
+    FILE *fd;
+
+    fd = fopen("/dev/urandom", "r");
+
+    if (fd) {
+	if (fread(&random, 1, sizeof(random), fd) != sizeof(random))
+            random = 0;
+
+        fclose(fd);
+    }
+
+    return random;
+}
+
 /*
  * Create a self signed certificate
  */
@@ -1020,8 +1040,11 @@ int x509write_create_sign(x509_raw *chain, rsa_context *privkey)
     /*
      *  CertificateSerialNumber  ::=  INTEGER
      */
-    srand((unsigned int) time(NULL));
-    serial = rand();
+    serial = get_random_serial();
+
+    if (serial == 0)
+        return 1;
+
     if ((ret = asn1_add_int(serial, &chain->serial)) != 0)
         return ret;