EVP_SignUpdate(&ctx, (u_char *)vp, 12);
EVP_SignUpdate(&ctx, vp->ptr, sizeof(struct autokey));
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
- vp->siglen = htonl(sign_siglen);
+ vp->siglen = htonl(len);
peer->flags |= FLAG_ASSOC;
}
}
-#ifdef DEBUG
- if (debug)
- printf("make_keys: %d %08x %08x ts %u fs %u poll %d\n",
+ DPRINTF(1, ("make_keys: %d %08x %08x ts %u fs %u poll %d\n",
peer->keynumber, keyid, cookie, ntohl(vp->tstamp),
- ntohl(vp->fstamp), peer->hpoll);
-#endif
+ ntohl(vp->fstamp), peer->hpoll));
return (XEVNT_OK);
}
// HMS: Why pkt[1] instead of ep->associd ?
associd = (associd_t)ntohl(pkt[1]);
rval = XEVNT_OK;
-#ifdef DEBUG
- if (debug)
- printf(
- "crypto_recv: flags 0x%x ext offset %d len %u code 0x%x associd %d\n",
+ DPRINTF(1, ("crypto_recv: flags 0x%x ext offset %d len %u code 0x%x associd %d\n",
peer->crypto, authlen, len, code >> 16,
- associd);
-#endif
+ associd));
/*
* Check version number and field length. If bad,
rval = XEVNT_LEN;
break;
}
-#ifdef DEBUG
- if (debug)
- printf(
- "crypto_recv: ident host 0x%x %d server 0x%x %d\n",
+ DPRINTF(1, ("crypto_recv: ident host 0x%x %d server 0x%x %d\n",
crypto_flags, peer->associd, fstamp,
- peer->assoc);
-#endif
+ peer->assoc));
temp32 = crypto_flags & CRYPTO_FLAG_MASK;
/*
peer->assoc, peer->subject,
OBJ_nid2ln(temp32));
record_crypto_stats(&peer->srcadr, statstr);
-#ifdef DEBUG
- if (debug)
- printf("crypto_recv: %s\n", statstr);
-#endif
+ DPRINTF(1, ("crypto_recv: %s\n", statstr));
break;
/*
OBJ_nid2ln(temp32), temp32,
ntohl(ep->fstamp));
record_crypto_stats(&peer->srcadr, statstr);
-#ifdef DEBUG
- if (debug)
- printf("crypto_recv: %s\n", statstr);
-#endif
+ DPRINTF(1, ("crypto_recv: %s\n", statstr));
break;
/*
snprintf(statstr, sizeof(statstr), "iff %s fs %u",
peer->issuer, ntohl(ep->fstamp));
record_crypto_stats(&peer->srcadr, statstr);
-#ifdef DEBUG
- if (debug)
- printf("crypto_recv: %s\n", statstr);
-#endif
+ DPRINTF(1, ("crypto_recv: %s\n", statstr));
break;
/*
snprintf(statstr, sizeof(statstr), "gq %s fs %u",
peer->issuer, ntohl(ep->fstamp));
record_crypto_stats(&peer->srcadr, statstr);
-#ifdef DEBUG
- if (debug)
- printf("crypto_recv: %s\n", statstr);
-#endif
+ DPRINTF(1, ("crypto_recv: %s\n", statstr));
break;
/*
snprintf(statstr, sizeof(statstr), "mv %s fs %u",
peer->issuer, ntohl(ep->fstamp));
record_crypto_stats(&peer->srcadr, statstr);
-#ifdef DEBUG
- if (debug)
- printf("crypto_recv: %s\n", statstr);
-#endif
+ DPRINTF(1, ("crypto_recv: %s\n", statstr));
break;
"cook %x ts %u fs %u", peer->pcookie,
ntohl(ep->tstamp), ntohl(ep->fstamp));
record_crypto_stats(&peer->srcadr, statstr);
-#ifdef DEBUG
- if (debug)
- printf("crypto_recv: %s\n", statstr);
-#endif
+ DPRINTF(1, ("crypto_recv: %s\n", statstr));
break;
/*
bp->key, ntohl(ep->tstamp),
ntohl(ep->fstamp));
record_crypto_stats(&peer->srcadr, statstr);
-#ifdef DEBUG
- if (debug)
- printf("crypto_recv: %s\n", statstr);
-#endif
+ DPRINTF(1, ("crypto_recv: %s\n", statstr));
break;
/*
OBJ_nid2ln(temp32), temp32,
ntohl(ep->fstamp));
record_crypto_stats(&peer->srcadr, statstr);
-#ifdef DEBUG
- if (debug)
- printf("crypto_recv: %s\n", statstr);
-#endif
+ DPRINTF(1, ("crypto_recv: %s\n", statstr));
break;
/*
ntohl(ep->pkt[0]), ntohl(ep->pkt[1]),
ntohl(ep->pkt[2]), ntohl(ep->fstamp));
record_crypto_stats(&peer->srcadr, statstr);
-#ifdef DEBUG
- if (debug)
- printf("crypto_recv: %s\n", statstr);
-#endif
+ DPRINTF(1, ("crypto_recv: %s\n", statstr));
break;
/*
"%04x %d %02x %s", htonl(ep->opcode),
associd, rval, eventstr(rval));
record_crypto_stats(&peer->srcadr, statstr);
-#ifdef DEBUG
- if (debug)
- printf("crypto_recv: %s\n", statstr);
-#endif
+ DPRINTF(1, ("crypto_recv: %s\n", statstr));
return (rval);
}
authlen += (len + 3) / 4 * 4;
"%04x %d %02x %s", opcode, associd, rval,
eventstr(rval));
record_crypto_stats(srcadr_sin, statstr);
-#ifdef DEBUG
- if (debug)
- printf("crypto_xmit: %s\n", statstr);
-#endif
+ DPRINTF(1, ("crypto_xmit: %s\n", statstr));
if (!(opcode & CRYPTO_RESP))
return (0);
}
-#ifdef DEBUG
- if (debug)
- printf(
- "crypto_xmit: flags 0x%x offset %d len %d code 0x%x associd %d\n",
- crypto_flags, start, len, opcode >> 16, associd);
-#endif
+ DPRINTF(1, ("crypto_xmit: flags 0x%x offset %d len %d code 0x%x associd %d\n",
+ crypto_flags, start, len, opcode >> 16, associd));
return (len);
}
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, vallen);
if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey))
- vp->siglen = htonl(sign_siglen);
+ vp->siglen = htonl(vallen);
return (XEVNT_OK);
}
EVP_SignUpdate(&ctx, (u_char *)&pubkey, 12);
EVP_SignUpdate(&ctx, pubkey.ptr, ntohl(pubkey.vallen));
if (EVP_SignFinal(&ctx, pubkey.sig, &len, sign_pkey))
- pubkey.siglen = htonl(sign_siglen);
+ pubkey.siglen = htonl(len);
}
/*
EVP_SignUpdate(&ctx, cp->cert.ptr,
ntohl(cp->cert.vallen));
if (EVP_SignFinal(&ctx, cp->cert.sig, &len, sign_pkey))
- cp->cert.siglen = htonl(sign_siglen);
+ cp->cert.siglen = htonl(len);
}
/*
*/
leapsec_frame(&leap_data);
if ( ! memcmp(&leap_data.ebase, &leap_data.ttime, sizeof(vint64))) {
- time_t now = time(NULL);
+ time_t now = time(NULL);
uint32_t nowntp = (uint32_t)now + JAN_1970;
leapsec_query(&leap_data, nowntp, &now);
}
snprintf(statstr, sizeof(statstr), "signature update ts %u",
ntohl(hostval.tstamp));
record_crypto_stats(NULL, statstr);
-#ifdef DEBUG
- if (debug)
- printf("crypto_update: %s\n", statstr);
-#endif
+ DPRINTF(1, ("crypto_update: %s\n", statstr));
}
+/*
+ * crypto_update_taichange - eventually trigger crypto_update
+ *
+ * This is called when a change in 'sys_tai' is detected. This will
+ * happen shortly after a leap second is detected, but unhappily also
+ * early after system start; also, the crypto stuff might be unused and
+ * an unguarded call to crypto_update() causes a crash.
+ *
+ * This function makes sure that there already *is* a valid crypto block
+ * for the use with autokey, and only calls 'crypto_update()' if it can
+ * succeed.
+ *
+ * Returns void (no errors)
+ */
+void
+crypto_update_taichange(void)
+{
+ static const u_int len = 3 * sizeof(u_int32);
+
+ /* check if the signing digest algo is available */
+ if (sign_digest == NULL || sign_pkey == NULL)
+ return;
+
+ /* check size of TAI extension block */
+ if (tai_leap.ptr == NULL || ntohl(tai_leap.vallen) != len)
+ return;
+
+ /* crypto_update should at least not crash here! */
+ crypto_update();
+}
/*
* value_free - free value structure components.
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
- vp->siglen = htonl(sign_siglen);
+ vp->siglen = htonl(len);
return (XEVNT_OK);
}
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, vallen);
if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey))
- vp->siglen = htonl(sign_siglen);
+ vp->siglen = htonl(vallen);
return (XEVNT_OK);
}
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
- vp->siglen = htonl(sign_siglen);
+ vp->siglen = htonl(len);
return (XEVNT_OK);
}
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
- vp->siglen = htonl(sign_siglen);
+ vp->siglen = htonl(len);
return (XEVNT_OK);
}
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
- vp->siglen = htonl(sign_siglen);
+ vp->siglen = htonl(len);
return (XEVNT_OK);
}
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
- vp->siglen = htonl(sign_siglen);
+ vp->siglen = htonl(len);
return (XEVNT_OK);
}
EVP_SignUpdate(&ctx, (u_char *)vp, 12);
EVP_SignUpdate(&ctx, vp->ptr, len);
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
- vp->siglen = htonl(sign_siglen);
+ vp->siglen = htonl(len);
}
#ifdef DEBUG
if (debug > 1)
ret->flags |= CERT_TRUST;
else if (strcmp(pathbuf, "Private") == 0)
ret->flags |= CERT_PRIV;
-#if DEBUG
- if (debug)
- printf("cert_parse: %s: %s\n",
- OBJ_nid2ln(temp), pathbuf);
-#endif
+ DPRINTF(1, ("cert_parse: %s: %s\n",
+ OBJ_nid2ln(temp), pathbuf));
break;
/*
ret->grpkey = BN_bin2bn(&ext->value->data[2],
ext->value->length - 2, NULL);
/* fall through */
-#if DEBUG
default:
- if (debug)
- printf("cert_parse: %s\n",
- OBJ_nid2ln(temp));
-#endif
+ DPRINTF(1, ("cert_parse: %s\n",
+ OBJ_nid2ln(temp)));
+ break;
}
}
if (strcmp(ret->subject, ret->issuer) == 0) {
snprintf(statstr, sizeof(statstr), "%s mod %d", &linkname[2],
EVP_PKEY_size(pkey) * 8);
record_crypto_stats(addr, statstr);
+
+ DPRINTF(1, ("crypto_key: %s\n", statstr));
#ifdef DEBUG
- if (debug)
- printf("crypto_key: %s\n", statstr);
if (debug > 1) {
if (pkey->type == EVP_PKEY_DSA)
DSA_print_fp(stdout, pkey->pkey.dsa, 0);
snprintf(statstr, sizeof(statstr), "%s 0x%x len %lu",
&linkname[2], ret->flags, len);
record_crypto_stats(NULL, statstr);
-#ifdef DEBUG
- if (debug)
- printf("crypto_cert: %s\n", statstr);
-#endif
+ DPRINTF(1, ("crypto_cert: %s\n", statstr));
return (ret);
}
get_systime(&seed);
RAND_seed(&seed, sizeof(l_fp));
RAND_write_file(randfile);
-#ifdef DEBUG
- if (debug)
- printf(
- "crypto_setup: OpenSSL version %lx random seed file %s bytes read %d\n",
- SSLeay(), randfile, bytes);
-#endif
+ DPRINTF(1, ("crypto_setup: OpenSSL version %lx random seed file %s bytes read %d\n",
+ SSLeay(), randfile, bytes));
}
/*
snprintf(statstr, sizeof(statstr), "setup 0x%x host %s %s",
crypto_flags, hostname, OBJ_nid2ln(cinfo->nid));
record_crypto_stats(NULL, statstr);
-#ifdef DEBUG
- if (debug)
- printf("crypto_setup: %s\n", statstr);
-#endif
+ DPRINTF(1, ("crypto_setup: %s\n", statstr));
}
{
int nid;
-#ifdef DEBUG
- if (debug > 1)
- printf("crypto_config: item %d %s\n", item, cp);
-#endif
+ DPRINTF(1, ("crypto_config: item %d %s\n", item, cp));
+
switch (item) {
/*
projects / thirdparty / ntp.git / commitdiff
