files have changed.
Correct comment, clarify configure --help text re: --with-autokey.
Display KoD refid as text in recently added message.
Correct OpenSSL usage in Autokey code to avoid warnings about
discarding const qualifiers with OpenSSL 3.
Avoid clang warning "a function declaration without a prototype is
deprecated in all versions of C".
Abort configure if --enable-crypto-rand given & unavailable.
improve --help output for --enable-c99-snprintf.
Add configure --enable-verbose-ssl to trace SSL detection.
Silence warnings about dropping const qualifier by making a copy
of OpenSSL key data before modifying it in ntp-keygen.
Display KoD refid as text in recently added message.
Add build test coverage for --disable-saveconfig to flock-build script.
bk: 65b8babcBi-wM_TKFu6ADxmywSjoCw
* [Bug 3846] Use -Wno-format-truncation by default. <hart@ntp.org>
* [Bug 3845] accelerate pool clock_sync when IPv6 has only link-local access.
<hart@ntp.org>
-* [Bug 3842] Windows ntpd ppsapi DLL load failure crashes. <hart@ntp.org>
+* [Bug 3842] Windows ntpd PPSAPI DLL load failure crashes. <hart@ntp.org>
* [Bug 3841] 4.2.8p17 build break w/ gcc 12 -Wformat-security without -Wformat
Need to remove --Wformat-security when removing -Wformat to
silence numerous libopts warnings. <hart@ntp.org>
* Correct missing arg for %s printf specifier in
send_blocking_resp_internal(). <hart@ntp.org>
* Suppress OpenSSL 3 deprecation warning clutter. <hart@ntp.org>
+* Correct OpenSSL usage in Autokey code to avoid warnings about
+ discarding const qualifiers with OpenSSL 3. <hart@ntp.org>
+* Display KoD refid as text in recently added message. <hart@ntp.org>
+* Avoid running checkHtmlFileDates script repeatedly when no html/*.html
+ files have changed. <hart@ntp.org>
+* Abort configure if --enable-crypto-rand given & unavailable. <hart@ntp.org>
+* Add configure --enable-verbose-ssl to trace SSL detection. <hart@ntp.org>
+* Add build test coverage for --disable-saveconfig to flock-build script.
+ <hart@ntp.org>
---
(4.2.8p17) 2023/06/06 Released by Harlan Stenn <stenn@ntp.org>
Miroslav Lichvar and Matt for rapid testing and identifying the
problem. <hart@ntp.org>
* Add tests/libntp/digests.c to catch regressions reading keys file or with
- symmetric authentication digest output.
+ symmetric authentication digest output. <hart@ntp.org>
---
(4.2.8p16) 2023/05/31 Released by Harlan Stenn <stenn@ntp.org>
@sleep 1
@touch $@
-html/.datecheck: FRC.html
+$(srcdir)/html/.datecheck: $(srcdir)/html/*.html
cd $(srcdir)/html && \
../scripts/build/checkHtmlFileDates
NTP_CRYPTO_RAND
-# if we are using OpenSSL (--with-crypto), by default Autokey is enabled
+# if we are building Autokey (--with-autokey), by default Autokey is enabled
AC_ARG_ENABLE(
[autokey],
AS_HELP_STRING(
esac
;;
esac
-AC_MSG_CHECKING([if we want NTP Autokey protocol support])
+AC_MSG_CHECKING([if NTP Autokey protocol will be supported])
AC_MSG_RESULT([$ntp_autokey])
AC_SUBST([MAKE_CHECK_LAYOUT])
case "1" in
0)
ssh $i "cd $c_d ; ./build $SIG $PARSE $STD $BUILD_ARGS" &
- ssh $i "cd $c_d ; ./build $SIG $PARSE $STD --disable-debugging $BUILD_ARGS" &
+ ssh $i "cd $c_d ; ./build $SIG $PARSE $STD --disable-debugging --disable-saveconfig $BUILD_ARGS" &
ssh $i "cd $c_d ; ./build $SIG $PARSE $STD --without-crypto --enable-c99-snprintf $BUILD_ARGS" &
ssh $i "cd $c_d ; ./build $SIG $STD --disable-all-clocks --disable-autokey --without-sntp --disable-thread-support $BUILD_ARGS" &
;;
case $FB_FIRSTONLY in
'0')
- ./build $SIG $PARSE $STD --disable-debugging $BUILD_ARGS &
+ ./build $SIG $PARSE $STD --disable-debugging --disable-saveconfig $BUILD_ARGS &
COUNT=\`expr \$COUNT + 1\`
echo \`date -u '+%H:%M:%S'\` $i started build \$COUNT of 4
}
-/* Convert a refid & stratum to a string */
+/*
+ * Convert a refid & stratum to a string. If stratum is negative and the
+ * refid consists entirely of graphic chars, up to an optional
+ * terminating zero, display as text similar to stratum 0 & 1.
+ */
const char *
refid_str(
u_int32 refid,
int stratum
-)
+ )
{
char * text;
size_t tlen;
char * cp;
-
+ int printable;
+
/*
* ntpd can have stratum = 0 and refid 127.0.0.1 in orphan mode.
* https://bugs.ntp.org/3854. Mirror the refid logic in timer().
*/
- if (LOOPBACKADR_N == refid) {
- if (stratum <= 1) {
- return ".ORPH.";
- }
- } else if (stratum > 1) {
- return numtoa(refid);
+ if (0 == stratum && LOOPBACKADR_N == refid) {
+ return ".ORPH.";
}
- LIB_GETBUF(text);
- text[0] = '.';
- /* What if any non-NUL char is not printable? */
- memcpy(&text[1], &refid, sizeof(refid));
- text[1 + sizeof(refid)] = '\0';
- tlen = strlen(text);
- text[tlen] = '.';
- text[tlen + 1] = '\0';
-
- /*
- * Now make sure the contents are 'graphic'.
- *
- * This refid is expected to be up to 4 ascii graphics.
- * If any character is not a graphic, replace it with a '?'.
- * This will at least alert the viewer of a problem.
- */
- for (cp = text + 1; *cp; ++cp) {
- if (!isgraph((int)*cp)) {
- *cp = '?';
+ printable = FALSE;
+ if (stratum < 2) {
+ text = lib_getbuf();
+ text[0] = '.';
+ memcpy(&text[1], &refid, sizeof(refid));
+ text[1 + sizeof(refid)] = '\0';
+ tlen = strlen(text);
+ text[tlen] = '.';
+ text[tlen + 1] = '\0';
+ /*
+ * Now make sure the contents are 'graphic'.
+ *
+ * This refid is expected to be up to 4 printable ASCII.
+ * isgraph() is similar to isprint() but excludes space.
+ * If any character is not graphic, replace it with a '?'.
+ * This will at least alert the viewer of a problem.
+ */
+ for (cp = text + 1; '\0' != *cp; ++cp) {
+ if (!isgraph((int)*cp)) {
+ printable = FALSE;
+ *cp = '?';
+ }
+ }
+ if ( (stratum < 0 && printable)
+ || stratum < 2) {
+ return text;
}
}
-
- return text;
+ return numtoa(refid);
}
* errors.
*/
if (vallen == (u_int)EVP_PKEY_size(host_pkey)) {
- RSA *rsa = EVP_PKEY_get0_RSA(host_pkey);
+ RSA *rsa = EVP_PKEY_get1_RSA(host_pkey);
u_int32 *cookiebuf = malloc(RSA_size(rsa));
if (!cookiebuf) {
rval = XEVNT_CKY;
cookie = ntohl(*cookiebuf);
free(cookiebuf);
}
+ RSA_free(rsa);
} else {
rval = XEVNT_CKY;
break;
)
{
EVP_PKEY *pkey; /* public key */
+ RSA* rsa; /* public key */
EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp; /* NTP timestamp */
u_int32 temp32;
vp->ptr = emalloc(vallen);
puch = vp->ptr;
temp32 = htonl(*cookie);
- if (RSA_public_encrypt(4, (u_char *)&temp32, puch,
- EVP_PKEY_get0_RSA(pkey), RSA_PKCS1_OAEP_PADDING) <= 0) {
+ rsa = EVP_PKEY_get1_RSA(pkey);
+ if (RSA_public_encrypt(4, (u_char *)&temp32, puch, rsa,
+ RSA_PKCS1_OAEP_PADDING) <= 0) {
msyslog(LOG_ERR, "crypto_encrypt: %s",
ERR_error_string(ERR_get_error(), NULL));
free(vp->ptr);
return (XEVNT_CKY);
}
EVP_PKEY_free(pkey);
+ pkey = NULL;
+ RSA_free(rsa);
+ rsa = NULL;
if (tstamp == 0)
return (XEVNT_OK);
* Returns NTP seconds if in synch, 0 otherwise
*/
tstamp_t
-crypto_time()
+crypto_time(void)
{
l_fp tstamp; /* NTP time */
/*
- * bigdig() - compute a BIGNUM MD5 hash of a BIGNUM number.
+ * bighash() - compute a BIGNUM MD5 hash of a BIGNUM number.
*
* Returns void (no errors)
*/
struct value *vp /* value pointer */
)
{
- DSA *dsa; /* IFF parameters */
- BN_CTX *bctx; /* BIGNUM context */
- EVP_MD_CTX *ctx; /* signature context */
- tstamp_t tstamp;
- u_int len;
- const BIGNUM *q;
+ const DSA *dsa; /* IFF parameters */
+ BN_CTX *bctx; /* BIGNUM context */
+ EVP_MD_CTX *ctx; /* signature context */
+ tstamp_t tstamp;
+ u_int len;
+ const BIGNUM *q;
/*
* The identity parameters must have correct format and content.
struct value *vp /* value pointer */
)
{
- DSA *dsa; /* IFF parameters */
+ int retv; /* return value */
+ const DSA *dsa; /* IFF parameters */
DSA_SIG *sdsa; /* DSA signature context fake */
BN_CTX *bctx; /* BIGNUM context */
EVP_MD_CTX *ctx; /* signature context */
msyslog(LOG_NOTICE, "crypto_bob: scheme unavailable");
return (XEVNT_ID);
}
+
+ /* Initialize pointers that may need freeing in cleanup. */
+ sdsa = NULL;
+
dsa = EVP_PKEY_get0_DSA(iffkey_info->pkey);
DSA_get0_pqg(dsa, &p, &q, &g);
DSA_get0_key(dsa, NULL, &priv_key);
if (len == 0) {
msyslog(LOG_ERR, "crypto_bob: %s",
ERR_error_string(ERR_get_error(), NULL));
- DSA_SIG_free(sdsa);
- return (XEVNT_ERR);
+ retv = XEVNT_ERR;
+ goto cleanup;
}
if (len > MAX_VALLEN) {
msyslog(LOG_ERR, "crypto_bob: signature is too big: %u",
len);
- DSA_SIG_free(sdsa);
- return (XEVNT_LEN);
+ retv = XEVNT_ERR;
+ goto cleanup;
}
- memset(vp, 0, sizeof(struct value));
+ ZERO(*vp);
tstamp = crypto_time();
vp->tstamp = htonl(tstamp);
vp->fstamp = htonl(iffkey_info->fstamp);
ptr = emalloc(len);
vp->ptr = ptr;
i2d_DSA_SIG(sdsa, &ptr);
- DSA_SIG_free(sdsa);
- if (tstamp == 0)
- return (XEVNT_OK);
+ if (0 == tstamp) {
+ retv = XEVNT_OK;
+ goto cleanup;
+ }
/* XXX: more validation to make sure the sign fits... */
vp->sig = emalloc(sign_siglen);
vp->siglen = htonl(len);
}
EVP_MD_CTX_free(ctx);
- return (XEVNT_OK);
+ retv = XEVNT_OK;
+
+ cleanup:
+ DSA_SIG_free(sdsa);
+ return retv;
}
struct peer *peer /* peer structure pointer */
)
{
- DSA *dsa; /* IFF parameters */
+ const DSA *dsa; /* IFF parameters */
BN_CTX *bctx; /* BIGNUM context */
DSA_SIG *sdsa; /* DSA parameters */
BIGNUM *bn, *bk;
struct value *vp /* value pointer */
)
{
- RSA *rsa; /* GQ parameters */
+ const RSA *rsa; /* GQ parameters */
BN_CTX *bctx; /* BIGNUM context */
EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp;
struct value *vp /* value pointer */
)
{
- RSA *rsa; /* GQ parameters */
+ const RSA *rsa; /* GQ parameters */
DSA_SIG *sdsa; /* DSA parameters */
BN_CTX *bctx; /* BIGNUM context */
EVP_MD_CTX *ctx; /* signature context */
struct peer *peer /* peer structure pointer */
)
{
- RSA *rsa; /* GQ parameters */
+ const RSA *rsa; /* GQ parameters */
BN_CTX *bctx; /* BIGNUM context */
DSA_SIG *sdsa; /* RSA signature context fake */
BIGNUM *y, *v;
struct value *vp /* value pointer */
)
{
- DSA *dsa; /* MV parameters */
+ const DSA *dsa; /* MV parameters */
BN_CTX *bctx; /* BIGNUM context */
EVP_MD_CTX *ctx; /* signature context */
tstamp_t tstamp;
struct value *vp /* value pointer */
)
{
- DSA *dsa; /* MV parameters */
+ const DSA *dsa; /* MV parameters */
DSA *sdsa; /* DSA signature context fake */
BN_CTX *bctx; /* BIGNUM context */
EVP_MD_CTX *ctx; /* signature context */
struct peer *peer /* peer structure pointer */
)
{
- DSA *dsa; /* MV parameters */
+ const DSA *dsa; /* MV parameters */
DSA *sdsa; /* DSA parameters */
BN_CTX *bctx; /* BIGNUM context */
BIGNUM *k, *u, *v;
* set up routing notifications
*/
static void
-init_async_notifications()
+init_async_notifications(void)
{
struct asyncio_reader *reader;
#ifdef HAVE_RTNETLINK
msyslog(LOG_INFO,
"receive: Got KoD %s from %s",
- refid_str(pkt->refid, hisstratum), ntoa(&peer->srcadr));
+ refid_str(pkt->refid, -1), ntoa(&peer->srcadr));
} else if (peer->flip == 0) {
if (0) {
} else if (L_ISZERO(&p_org)) {
* anything until the next 'lex_init_stack()' succeeded.
*/
void
-lex_drop_stack()
+lex_drop_stack(void)
{
lex_stack = drop_stack_do(lex_stack);
}
* in the force-eof mode before this call.
*/
int/*BOOL*/
-lex_flush_stack()
+lex_flush_stack(void)
{
int retv = FALSE;
}
struct FILE_INFO *
-lex_current()
+lex_current(void)
{
/* this became so simple, it could be a macro. But then,
* lex_stack needed to be global...
struct recvbuf *rbufp
)
{
+ static int quality_average = 0;
+ static int quality_sum = 0;
+ static int quality_polls = 0;
register struct arcunit *up;
struct refclockproc *pp;
struct peer *peer;
char c;
- int i, n, wday, month, flags, status;
+ int i, wday, month, flags, status;
int arc_last_offset;
- static int quality_average = 0;
- static int quality_sum = 0;
- static int quality_polls = 0;
+ #ifdef DEBUG
+ int n;
+ #endif
/*
* Initialize pointers and read the timecode and timestamp
status = pp->a_lastcode[15];
#ifdef DEBUG
if(debug) { printf("arc: status 0x%.2x flags 0x%.2x\n", flags, status); }
-#endif
n = 9;
+#endif
/*
Validate received values at least enough to prevent internal
#! /bin/sh
+#
+# checkHtmlFileDates
+#
+# This script is invoked in html directory when any html/*.html file
+# is newer than html/.datecheck to update the last modified time
+# within the HTML. Each file is compared against the checked-in
+# version is compared to any uncommitted edits and if there are
+# any, scripts/build/updateBEDate is used to update the embedded
+# timestamp. html/.datecheck is not distributed in releases so
+# this will be invoked once building a newly-extracted tarball.
+# 'bk diff' is used to check for modifications so if bk is not
+# on the path there's no need to invoke this repeatedly.
+# Therefore touch .datecheck unconditionally right away.
+#
+touch .datecheck
+
# Do nothing if the directory is not a BK repo,
# or if BK is not even installed.
bk status > /dev/null 2>&1 || exit 0
-for i in `find * -type f -name '*.html' -print | grep -v SCCS/`
+for i in `echo *.html`
do
# echo $i
- set `bk diffs $i | wc -l`
+ set `bk diff --normal $i | wc -l`
lines=$1
case "$lines" in
0) ;;
dnl - Look for RAND_poll and RAND_bytes
dnl - if they exist, define USE_OPENSSL_CRYPTO_RAND
-AC_MSG_CHECKING([if we want to use OpenSSL's crypto random (if available)])
+AC_MSG_CHECKING([if we want to use SSL library's secure random numbers])
AC_ARG_ENABLE(
[openssl-random],
[AS_HELP_STRING(
[--enable-openssl-random],
- [Use OpenSSL's crypto random number functions, if available (default is yes)]
+ [+ Use SSL lib's secure random numbers]
)],
- [ntp_use_openssl_random=$enableval],
- [ntp_use_openssl_random=yes]
+ [ntp_use_openssl_random=$enableval ; ntp_ssl_random_mandatory=$enableval],
+ [ntp_use_openssl_random=yes ; ntp_ssl_random_mandatory=no]
)
AC_MSG_RESULT([$ntp_use_openssl_random])
LIBS="$NTPO_SAVED_LIBS"
case "$ntp_openssl$ntp_use_openssl_random$ac_cv_func_RAND_bytes$ac_cv_func_RAND_poll" in
yesyesyesyes)
- AC_DEFINE([USE_OPENSSL_CRYPTO_RAND], [1], [Use OpenSSL's crypto random functions])
- ;;
- *) ntp_use_openssl_random=no ;;
+ AC_MSG_NOTICE([Using SSL library's secure random number generator])
+ AC_DEFINE([USE_OPENSSL_CRYPTO_RAND], [1], [Use OpenSSL's crypto random functions])
+ ;;
+ *)
+ ntp_use_openssl_random=no
+ AC_MSG_NOTICE([SSL library's secure random number generator unavailable.])
+ case "$ntp_ssl_random_mandatory" in
+ yes)
+ AC_MSG_FAILURE(
+ [No suiteable SSL library was found and ]
+ [--enable-openssl-random was given.. Remove ]
+ [--enable-openssl-random if you wish to build without a ]
+ [cryptographically secure RNG. ]
+ [WARNING: Use of ntp-keygen without a secure RNG may generate ]
+ [keys that are predictable.]
+ )
+ ;;
+ *)
+ AC_MSG_WARN(
+ [WARNING: Use of ntp-keygen without a secure RNG may generate ]
+ [keys that are predictable.]
+ )
+ esac
esac
+AS_UNSET([ntp_ssl_random_mandatory])
+
]) dnl NTP_CRYPTO_RAND
AC_BEFORE([$0], [HW_FUNC_SNPRINTF])dnl
AC_ARG_ENABLE(
[c99-snprintf],
- [AS_HELP_STRING([--enable-c99-snprintf], [s force replacement])],
+ [AS_HELP_STRING(
+ [--enable-c99-snprintf],
+ [s use replacement printf family]
+ )],
[force_c99_snprintf=$enableval],
[force_c99_snprintf=no]
)
dnl LDFLAGS_NTP OpenSSL runpath flags as needed.
dnl
dnl ####################################################################
-m4_define([NTP_OPENSSL_VERBOSE_MSG],
- [
- dnl Remove dnl prefix from AC_MSG_NOTICE below for debug output.
- dnl Would prefer configure option but I don't know how to hide
- dnl that option from configure --help.
- dnl AC_MSG_NOTICE([$1])
- ])
dnl
AC_DEFUN([NTP_OPENSSL], [
AC_REQUIRE([AC_PROG_SED])dnl
AC_REQUIRE([NTP_PKG_CONFIG])dnl
AC_REQUIRE([NTP_VER_SUFFIX])dnl
+AC_REQUIRE([NTP_OPENSSL_VERBOSE_MSG])dnl
AC_ARG_WITH(
[crypto],
[+ =search likely dirs]
)]
)
+AC_ARG_ENABLE(
+ [verbose-ssl],
+ [AS_HELP_STRING(
+ [--enable-verbose-ssl],
+ [- show crypto lib detection details]
+ )],
+ [],
+ [enable_verbose_ssl=no] dnl default to quiet
+)
ntp_openssl=no
ntp_openssl_from_pkg_config=no
AC_MSG_CHECKING([pkg-config for $pkg])
if $PKG_CONFIG --exists $pkg ; then
ntp_ssl_cppflags="`$PKG_CONFIG --cflags-only-I $pkg`"
- case "$ntp_ssl_incdir" in
+ case "$ntp_ssl_cppflags" in
'')
ntp_ssl_incdir='not needed'
;;
ntp_ssl_cflags="$ntp_ssl_cflags -Wstrict-prototypes"
esac dnl checking for gcc problems with -Werror and -Wstrict-prototypes
-AC_MSG_CHECKING([if we will use crypto])
+AC_MSG_CHECKING([if we will link to ssl library])
AC_MSG_RESULT([$ntp_openssl])
case "$ntp_openssl" in
dnl Adapting our code to the bold new way is not a priority
dnl for us because we do not want to require OpenSSL 3 yet.
dnl The deprecation warnings clutter up the build output
- dnl encouraging the habit of ignoring warninis.
+ dnl encouraging the habit of ignoring warnings.
dnl So, tell it to the hand, OpenSSL deprecation warnings...
AC_DEFINE([OPENSSL_SUPPRESS_DEPRECATED], [1],
[Suppress OpenSSL 3 deprecation warnings])
esac
NTP_OPENSSL_VERBOSE_MSG([OpenSSL final checks:])
-NTP_OPENSSL_VERBOSE_MSG([ntp_openssl: $ntp_openssl])
+NTP_OPENSSL_VERBOSE_MSG([ntp_openssl: $ntp_openssl])
NTP_OPENSSL_VERBOSE_MSG([CPPFLAGS_NTP: ($CPPFLAGS_NTP)])
NTP_OPENSSL_VERBOSE_MSG([CFLAGS_NTP: ($CFLAGS_NTP)])
NTP_OPENSSL_VERBOSE_MSG([LDADD_NTP: ($LDADD_NTP)])
])
dnl end of AC_DEFUN([NTP_OPENSSL])
+dnl
+AC_DEFUN(
+ [NTP_OPENSSL_VERBOSE_MSG],
+ [dnl
+ case "$enable_verbose_ssl" in
+ yes) AC_MSG_NOTICE([$1])
+ esac
+ ]
+)
+dnl
dnl ======================================================================
*/
void
-test_RellezCentury1_1()
+test_RellezCentury1_1(void)
{
/* 1st day of a century */
TEST_ASSERT_EQUAL(1901, ntpcal_expand_century( 1, 1, 1, CAL_TUESDAY ));
}
void
-test_RellezCentury3_1()
+test_RellezCentury3_1(void)
{
/* 1st day in March of a century (the tricky point) */
TEST_ASSERT_EQUAL(1901, ntpcal_expand_century( 1, 3, 1, CAL_FRIDAY ));
}
void
-test_RellezYearZero()
+test_RellezYearZero(void)
{
/* the infamous year zero */
TEST_ASSERT_EQUAL(1900, ntpcal_expand_century( 0, 1, 1, CAL_MONDAY ));
*/
void
-setUp()
+setUp(void)
{
ntpcal_set_timefunc(timefunc);
settime(2000, 1, 1, 0, 0, 0);
}
void
-tearDown()
+tearDown(void)
{
ntpcal_set_timefunc(NULL);
#include "unity.h"
-/* Might need to be updated if a new refclock gets this id. */
-static const int UNUSED_REFCLOCK_ID = 250;
-
void setUp(void);
void test_LocalClock(void);
void test_UnknownId(void);
test_LocalClock(void) {
#ifdef REFCLOCK /* clockname() is useless otherwise */
/* We test with a refclock address of type LOCALCLOCK.
- * with id 8
+ * with unit id 8
*/
- u_int32 addr = REFCLOCK_ADDR;
- addr |= REFCLK_LOCALCLOCK << 8;
- addr |= 0x8;
-
+ const u_char unit = 8;
+ u_int32 addr;
+ char expected[100];
sockaddr_u address;
- address.sa4.sin_family = AF_INET;
- address.sa4.sin_addr.s_addr = htonl(addr);
- char stringStart[100]= "";
-
- strcat(stringStart, clockname(REFCLK_LOCALCLOCK));
- strcat(stringStart, "(8)");
+ addr = REFCLOCK_ADDR;
+ addr |= REFCLK_LOCALCLOCK << 8;
+ addr |= unit;
- char * expected = stringStart;
+ AF(&address) = AF_INET;
+ NSRCADR(&address) = htonl(addr);
+ snprintf(expected, sizeof(expected), "%s(%u)",
+ clockname(REFCLK_LOCALCLOCK), unit);
TEST_ASSERT_EQUAL_STRING(expected, refnumtoa(&address));
#else
test_UnknownId(void) {
#ifdef REFCLOCK /* refnumtoa() is useless otherwise */
/* We test with a currently unused refclock ID */
- u_int32 addr = REFCLOCK_ADDR;
+ /* Might need to be updated if a new refclock gets this id. */
+ const u_char UNUSED_REFCLOCK_ID = 250;
+ const u_char unit = 4;
+ u_int32 addr;
+ char expected[100];
+ sockaddr_u address;
+
+ addr = REFCLOCK_ADDR;
addr |= UNUSED_REFCLOCK_ID << 8;
- addr |= 0x4;
+ addr |= unit;
- sockaddr_u address;
- address.sa4.sin_family = AF_INET;
- address.sa4.sin_addr.s_addr = htonl(addr);
-
- char stringStart[100]= "REFCLK(";
- char value[100] ;
- snprintf(value, sizeof(value), "%d", UNUSED_REFCLOCK_ID);
- strcat(stringStart,value);
- strcat(stringStart,",4)");
- char * expected = stringStart;
+ AF(&address) = AF_INET;
+ NSRCADR(&address) = htonl(addr);
+
+ snprintf(expected, sizeof(expected), "REFCLK(%u,%u)",
+ UNUSED_REFCLOCK_ID, unit);
TEST_ASSERT_EQUAL_STRING(expected, refnumtoa(&address));
#else
iffkey++;
if (HAVE_OPT( MV_PARAMS )) {
- mvkey++;
+ mvkey++; /* DLH are these two swapped? */
nkeys = OPT_VALUE_MV_PARAMS;
}
if (HAVE_OPT( MV_KEYS )) {
- mvpar++;
+ mvpar++; /* not used! */ /* DLH are these two swapped? */
nkeys = OPT_VALUE_MV_KEYS;
}
}
}
if (pkey_gqkey != NULL) {
- RSA *rsa;
- const BIGNUM *q;
+ RSA *rsa;
+ const BIGNUM *q;
- rsa = EVP_PKEY_get0_RSA(pkey_gqkey);
+ rsa = EVP_PKEY_get1_RSA(pkey_gqkey);
RSA_get0_factors(rsa, NULL, &q);
grpkey = BN_bn2hex(q);
+ RSA_free(rsa);
}
/*
filename);
fprintf(stdout, "# %s\n# %s\n", filename,
ctime(&epoch));
- /* XXX: This modifies the private key and should probably use a
- * copy of it instead. */
- rsa = EVP_PKEY_get0_RSA(pkey_gqkey);
+ rsa = EVP_PKEY_get1_RSA(pkey_gqkey);
RSA_set0_factors(rsa, BN_dup(BN_value_one()), BN_dup(BN_value_one()));
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0,
NULL, NULL);
fflush(stdout);
- if (debug)
+ if (debug) {
RSA_print_fp(stderr, rsa, 0);
+ }
+ EVP_PKEY_free(pkey);
+ pkey = NULL;
+ RSA_free(rsa);
}
/*
filename);
fprintf(stdout, "# %s\n# %s\n", filename,
ctime(&epoch));
- rsa = EVP_PKEY_get0_RSA(pkey_gqkey);
+ rsa = EVP_PKEY_get1_RSA(pkey_gqkey);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0,
NULL, passwd2);
fflush(stdout);
- if (debug)
+ if (debug) {
RSA_print_fp(stderr, rsa, 0);
+ }
+ EVP_PKEY_free(pkey);
+ pkey = NULL;
+ RSA_free(rsa);
}
/*
filename);
fprintf(stdout, "# %s\n# %s\n", filename,
ctime(&epoch));
- /* XXX: This modifies the private key and should probably use a
- * copy of it instead. */
- dsa = EVP_PKEY_get0_DSA(pkey_iffkey);
+ dsa = EVP_PKEY_get1_DSA(pkey_iffkey);
DSA_set0_key(dsa, NULL, BN_dup(BN_value_one()));
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey, dsa);
PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0,
NULL, NULL);
fflush(stdout);
- if (debug)
+ if (debug) {
DSA_print_fp(stderr, dsa, 0);
+ }
+ EVP_PKEY_free(pkey);
+ pkey = NULL;
+ DSA_free(dsa);
}
/*
filename);
fprintf(stdout, "# %s\n# %s\n", filename,
ctime(&epoch));
- dsa = EVP_PKEY_get0_DSA(pkey_iffkey);
+ dsa = EVP_PKEY_get1_DSA(pkey_iffkey);
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey, dsa);
PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0,
NULL, passwd2);
fflush(stdout);
- if (debug)
+ if (debug) {
DSA_print_fp(stderr, dsa, 0);
+ }
+ EVP_PKEY_free(pkey);
+ pkey = NULL;
+ DSA_free(dsa);
}
/*
PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0,
NULL, NULL);
fflush(stdout);
- if (debug)
+ if (debug) {
DSA_print_fp(stderr, EVP_PKEY_get0_DSA(pkey), 0);
+ }
}
/*
PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0,
NULL, passwd2);
fflush(stdout);
- if (debug)
+ if (debug) {
DSA_print_fp(stderr, EVP_PKEY_get0_DSA(pkey), 0);
+ }
}
/*
fprintf(stderr,
"Invalid digest/signature combination %s\n",
scheme);
- exit (-1);
+ exit (-1);
}
x509(pkey_sign, ectx, grpkey, exten, certname);
#endif /* AUTOKEY */
projects / thirdparty / ntp.git / commitdiff
