add --disable-autokey to flock-build -no-refclocks flavor.
bk: 4c448427kmyvrz1mfyhOdbC1vN2Inw
+* [Bug 1588] finish configure --disable-autokey implementation.
(4.2.7p40) 2010/07/12 Released by Harlan Stenn <stenn@ntp.org>
* [Bug 1395] ease ntpdate elimination with ntpd -w/--wait-sync
* [Bug 1396] allow servers on ntpd command line like ntpdate
[autokey],
AS_HELP_STRING(
[--enable-autokey],
- [+ Experimental disabling of NTP Autokey protocol]
+ [+ support NTP Autokey protocol]
),
[ntp_autokey=$enableval],
[ntp_autokey=$ntp_openssl]
case "1" in
0)
ssh $i "cd $c_d ; ./build $SIG $PARSE $STD $BUILD_ARGS" &
+ ssh $i "cd $c_d ; ./build $SIG $PARSE $STD --disable-debugging $BUILD_ARGS" &
ssh $i "cd $c_d ; ./build $SIG $PARSE $STD --without-crypto $BUILD_ARGS" &
- ssh $i "cd $c_d ; ./build $SIG $STD --disable-all-clocks $BUILD_ARGS" &
+ ssh $i "cd $c_d ; ./build $SIG $STD --disable-all-clocks --disable-autokey $BUILD_ARGS" &
;;
1)
cat > .flockbuild-$i-$SIG <<-ENDQUOT
echo \`date -u '+%H:%M:%S'\` $i started build \$COUNT of 4
[ 0 -lt \`expr \$COUNT % $PARALLEL_BUILDS\` ] || wait
- ./build $SIG $STD --disable-all-clocks $BUILD_ARGS &
+ ./build $SIG $STD --disable-all-clocks --disable-autokey $BUILD_ARGS &
COUNT=\`expr \$COUNT + 1\`
echo \`date -u '+%H:%M:%S'\` $i started build \$COUNT of 4
#include <ntp_types.h>
#include <ntp_lists.h>
#include <ntp_stdlib.h>
-#ifdef OPENSSL
#include <ntp_crypto.h>
-#endif /* OPENSSL */
#include <ntp_random.h>
#include <ntp_net.h>
* Variables used by authenticated client
*/
keyid_t keyid; /* current key ID */
-#ifdef OPENSSL
+#ifdef AUTOKEY
#define clear_to_zero opcode
u_int32 opcode; /* last request opcode */
associd_t assoc; /* peer association ID */
int keynumber; /* current key number */
struct value encrypt; /* send encrypt values */
struct value sndval; /* send autokey values */
-#else /* OPENSSL */
+#else /* !AUTOKEY follows */
#define clear_to_zero status
-#endif /* OPENSSL */
+#endif /* !AUTOKEY */
/*
* Ephemeral state variables
* octets. But, to handle humungus certificates, the bank must
* be broke.
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
u_int32 exten[NTP_MAXEXTEN / 4]; /* max extension field */
-#else /* OPENSSL */
+#else /* !AUTOKEY follows */
u_int32 exten[1]; /* misused */
-#endif /* OPENSSL */
+#endif /* !AUTOKEY */
u_char mac[MAX_MAC_LEN]; /* mac */
};
/*
* System variables we understand
*/
-#define CS_LEAP 1
-#define CS_STRATUM 2
-#define CS_PRECISION 3
-#define CS_ROOTDELAY 4
+#define CS_LEAP 1
+#define CS_STRATUM 2
+#define CS_PRECISION 3
+#define CS_ROOTDELAY 4
#define CS_ROOTDISPERSION 5
-#define CS_REFID 6
-#define CS_REFTIME 7
-#define CS_POLL 8
-#define CS_PEERID 9
-#define CS_OFFSET 10
-#define CS_DRIFT 11
-#define CS_JITTER 12
-#define CS_ERROR 13
-#define CS_CLOCK 14
-#define CS_PROCESSOR 15
-#define CS_SYSTEM 16
-#define CS_VERSION 17
-#define CS_STABIL 18
-#define CS_VARLIST 19
-#define CS_TAI 20
-#define CS_LEAPTAB 21
-#define CS_LEAPEND 22
-#define CS_RATE 23
-#define CS_MRU_ENABLED 24
-#define CS_MRU_DEPTH 25
-#define CS_MRU_DEEPEST 26
-#define CS_MRU_MINDEPTH 27
-#define CS_MRU_MAXAGE 28
-#define CS_MRU_MAXDEPTH 29
-#define CS_MRU_MEM 30
-#define CS_MRU_MAXMEM 31
-#define CS_SS_UPTIME 32
-#define CS_SS_RESET 33
-#define CS_SS_RECEIVED 34
-#define CS_SS_THISVER 35
-#define CS_SS_OLDVER 36
-#define CS_SS_BADFORMAT 37
-#define CS_SS_BADAUTH 38
-#define CS_SS_DECLINED 39
-#define CS_SS_RESTRICTED 40
-#define CS_SS_LIMITED 41
-#define CS_SS_KODSENT 42
-#define CS_SS_PROCESSED 43
-#define CS_MAX_NOSSL CS_SS_PROCESSED
-#ifdef OPENSSL
-#define CS_FLAGS (1 + CS_MAX_NOSSL)
-#define CS_HOST (2 + CS_MAX_NOSSL)
-#define CS_PUBLIC (3 + CS_MAX_NOSSL)
-#define CS_CERTIF (4 + CS_MAX_NOSSL)
-#define CS_SIGNATURE (5 + CS_MAX_NOSSL)
-#define CS_REVTIME (6 + CS_MAX_NOSSL)
-#define CS_GROUP (7 + CS_MAX_NOSSL)
-#define CS_DIGEST (8 + CS_MAX_NOSSL)
-#define CS_MAXCODE CS_DIGEST
-#else
-#define CS_MAXCODE CS_MAX_NOSSL
-#endif /* OPENSSL */
+#define CS_REFID 6
+#define CS_REFTIME 7
+#define CS_POLL 8
+#define CS_PEERID 9
+#define CS_OFFSET 10
+#define CS_DRIFT 11
+#define CS_JITTER 12
+#define CS_ERROR 13
+#define CS_CLOCK 14
+#define CS_PROCESSOR 15
+#define CS_SYSTEM 16
+#define CS_VERSION 17
+#define CS_STABIL 18
+#define CS_VARLIST 19
+#define CS_TAI 20
+#define CS_LEAPTAB 21
+#define CS_LEAPEND 22
+#define CS_RATE 23
+#define CS_MRU_ENABLED 24
+#define CS_MRU_DEPTH 25
+#define CS_MRU_DEEPEST 26
+#define CS_MRU_MINDEPTH 27
+#define CS_MRU_MAXAGE 28
+#define CS_MRU_MAXDEPTH 29
+#define CS_MRU_MEM 30
+#define CS_MRU_MAXMEM 31
+#define CS_SS_UPTIME 32
+#define CS_SS_RESET 33
+#define CS_SS_RECEIVED 34
+#define CS_SS_THISVER 35
+#define CS_SS_OLDVER 36
+#define CS_SS_BADFORMAT 37
+#define CS_SS_BADAUTH 38
+#define CS_SS_DECLINED 39
+#define CS_SS_RESTRICTED 40
+#define CS_SS_LIMITED 41
+#define CS_SS_KODSENT 42
+#define CS_SS_PROCESSED 43
+#define CS_MAX_NOAUTOKEY CS_SS_PROCESSED
+#ifdef AUTOKEY
+#define CS_FLAGS (1 + CS_MAX_NOAUTOKEY)
+#define CS_HOST (2 + CS_MAX_NOAUTOKEY)
+#define CS_PUBLIC (3 + CS_MAX_NOAUTOKEY)
+#define CS_CERTIF (4 + CS_MAX_NOAUTOKEY)
+#define CS_SIGNATURE (5 + CS_MAX_NOAUTOKEY)
+#define CS_REVTIME (6 + CS_MAX_NOAUTOKEY)
+#define CS_GROUP (7 + CS_MAX_NOAUTOKEY)
+#define CS_DIGEST (8 + CS_MAX_NOAUTOKEY)
+#define CS_MAXCODE CS_DIGEST
+#else /* !AUTOKEY follows */
+#define CS_MAXCODE CS_MAX_NOAUTOKEY
+#endif /* !AUTOKEY */
/*
* Peer variables we understand
*/
-#define CP_CONFIG 1
-#define CP_AUTHENABLE 2
-#define CP_AUTHENTIC 3
-#define CP_SRCADR 4
-#define CP_SRCPORT 5
-#define CP_DSTADR 6
-#define CP_DSTPORT 7
-#define CP_LEAP 8
-#define CP_HMODE 9
-#define CP_STRATUM 10
-#define CP_PPOLL 11
-#define CP_HPOLL 12
-#define CP_PRECISION 13
-#define CP_ROOTDELAY 14
+#define CP_CONFIG 1
+#define CP_AUTHENABLE 2
+#define CP_AUTHENTIC 3
+#define CP_SRCADR 4
+#define CP_SRCPORT 5
+#define CP_DSTADR 6
+#define CP_DSTPORT 7
+#define CP_LEAP 8
+#define CP_HMODE 9
+#define CP_STRATUM 10
+#define CP_PPOLL 11
+#define CP_HPOLL 12
+#define CP_PRECISION 13
+#define CP_ROOTDELAY 14
#define CP_ROOTDISPERSION 15
-#define CP_REFID 16
-#define CP_REFTIME 17
-#define CP_ORG 18
-#define CP_REC 19
-#define CP_XMT 20
-#define CP_REACH 21
-#define CP_UNREACH 22
-#define CP_TIMER 23
-#define CP_DELAY 24
-#define CP_OFFSET 25
-#define CP_JITTER 26
-#define CP_DISPERSION 27
-#define CP_KEYID 28
-#define CP_FILTDELAY 29
-#define CP_FILTOFFSET 30
-#define CP_PMODE 31
-#define CP_RECEIVED 32
-#define CP_SENT 33
-#define CP_FILTERROR 34
-#define CP_FLASH 35
-#define CP_TTL 36
-#define CP_VARLIST 37
-#define CP_IN 38
-#define CP_OUT 39
-#define CP_RATE 40
-#define CP_BIAS 41
-#define CP_SRCHOST 42
-#ifdef OPENSSL
-#define CP_FLAGS 43
-#define CP_HOST 44
-#define CP_VALID 45
-#define CP_INITSEQ 46
-#define CP_INITKEY 47
-#define CP_INITTSP 48
-#define CP_SIGNATURE 49
-#define CP_MAXCODE CP_SIGNATURE
-#else
-#define CP_MAXCODE CP_SRCHOST
-#endif /* OPENSSL */
+#define CP_REFID 16
+#define CP_REFTIME 17
+#define CP_ORG 18
+#define CP_REC 19
+#define CP_XMT 20
+#define CP_REACH 21
+#define CP_UNREACH 22
+#define CP_TIMER 23
+#define CP_DELAY 24
+#define CP_OFFSET 25
+#define CP_JITTER 26
+#define CP_DISPERSION 27
+#define CP_KEYID 28
+#define CP_FILTDELAY 29
+#define CP_FILTOFFSET 30
+#define CP_PMODE 31
+#define CP_RECEIVED 32
+#define CP_SENT 33
+#define CP_FILTERROR 34
+#define CP_FLASH 35
+#define CP_TTL 36
+#define CP_VARLIST 37
+#define CP_IN 38
+#define CP_OUT 39
+#define CP_RATE 40
+#define CP_BIAS 41
+#define CP_SRCHOST 42
+#define CP_MAX_NOAUTOKEY CP_SRCHOST
+#ifdef AUTOKEY
+#define CP_FLAGS (1 + CP_MAX_NOAUTOKEY)
+#define CP_HOST (2 + CP_MAX_NOAUTOKEY)
+#define CP_VALID (3 + CP_MAX_NOAUTOKEY)
+#define CP_INITSEQ (4 + CP_MAX_NOAUTOKEY)
+#define CP_INITKEY (5 + CP_MAX_NOAUTOKEY)
+#define CP_INITTSP (6 + CP_MAX_NOAUTOKEY)
+#define CP_SIGNATURE (7 + CP_MAX_NOAUTOKEY)
+#define CP_MAXCODE CP_SIGNATURE
+#else /* !AUTOKEY follows */
+#define CP_MAXCODE CP_MAX_NOAUTOKEY
+#endif /* !AUTOKEY */
/*
* Clock variables we understand
#define NTP_CRYPTO_H
/*
- * Configuration codes (also needed for parser without OPENSSL)
+ * Configuration codes (also needed for parser without AUTOKEY)
*/
#define CRYPTO_CONF_NONE 0 /* nothing doing */
#define CRYPTO_CONF_PRIV 1 /* host keys file name */
#define CRYPTO_CONF_IDENT 9 /* specify identity scheme */
#define CRYPTO_CONF_NID 10 /* specify digest name */
-#ifdef OPENSSL
+#ifdef AUTOKEY
+#ifndef OPENSSL
+#error AUTOKEY should be defined only if OPENSSL is.
+invalidsyntax: AUTOKEY should be defined only if OPENSSL is.
+#endif
+
#include "openssl/evp.h"
+
/*
* The following bits are set by the CRYPTO_ASSOC message from
* the server and are not modified by the client.
extern struct value hostval; /* host name/value */
extern struct cert_info *cinfo; /* host certificate information */
extern struct value tai_leap; /* leapseconds table */
-#else /* ! OPENSSL follows */
-#ifdef AUTOKEY
-#error AUTOKEY should be defined only if OPENSSL is.
-invalidsyntax: AUTOKEY should be defined only if OPENSSL is.
-#endif
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
#endif /* NTP_CRYPTO_H */
*
* Use the system MD5 if available, otherwise libisc's.
*/
-#if defined HAVE_MD5_H && defined HAVE_MD5INIT
-# include <md5.h>
-#else
-# include "isc/md5.h"
- typedef isc_md5_t MD5_CTX;
-# define MD5Init(c) isc_md5_init(c)
-# define MD5Update(c, p, s) isc_md5_update(c, p, s)
-# define MD5Final(d, c) isc_md5_final((c), (d)) /* swapped */
-#endif
+#ifndef NTP_MD5_H
+#define NTP_MD5_H
+#ifdef OPENSSL
+# include "openssl/evp.h"
+#else /* !OPENSSL follows */
/*
* Provide OpenSSL-alike MD5 API if we're not using OpenSSL
*/
-#ifndef OPENSSL
+# if defined HAVE_MD5_H && defined HAVE_MD5INIT
+# include <md5.h>
+# else
+# include "isc/md5.h"
+ typedef isc_md5_t MD5_CTX;
+# define MD5Init(c) isc_md5_init(c)
+# define MD5Update(c, p, s) isc_md5_update(c, p, s)
+# define MD5Final(d, c) isc_md5_final((c), (d)) /* swapped */
+# endif
+
typedef MD5_CTX EVP_MD_CTX;
# define EVP_get_digestbynid(t) NULL
# define EVP_DigestInit(c, dt) MD5Init(c)
MD5Final((d), (c)); \
*(pdl) = 16; \
} while (0)
-#endif
+# endif /* !OPENSSL */
+#endif /* NTP_MD5_H */
extern struct peer *findmanycastpeer(struct recvbuf *);
/* ntp_crypto.c */
-#ifdef OPENSSL
+#ifdef AUTOKEY
extern int crypto_recv (struct peer *, struct recvbuf *);
extern int crypto_xmit (struct peer *, struct pkt *,
struct recvbuf *, int,
extern char *mvpar_file;
extern EVP_PKEY *mvpar_pkey;
extern struct value tai_leap;
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/* ntp_proto.c */
extern void transmit (struct peer *);
extern volatile int interface_interval;
extern u_long worker_idle_timer; /* next check current_time */
extern u_long orphwait; /* orphan wait time */
-#ifdef OPENSSL
+#ifdef AUTOKEY
extern char *sys_hostname; /* host name */
extern char *sys_groupname; /* group name */
extern char *group_name; /* group name */
extern u_long sys_revoke; /* keys revoke timeout */
extern u_long sys_automax; /* session key timeout */
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/* ntp_util.c */
extern void init_util (void);
#include "ntp_string.h"
#include "ntp_stdlib.h"
#include "ntp.h"
-#ifdef OPENSSL
-# include "openssl/evp.h"
-#else
-# include "ntp_md5.h" /* provides clone of OpenSSL MD5 API */
-#endif
+#include "ntp_md5.h" /* provides OpenSSL digest API */
/*
* MD5authencrypt - generate message digest
#ifdef OPENSSL
#include "openssl/objects.h"
-#endif /* OPENSSL */
+#include "openssl/evp.h"
+#endif /* OPENSSL */
/* Forwards */
static char *nexttok (char **);
* Space past white space
*/
while (*cp == ' ' || *cp == '\t')
- cp++;
+ cp++;
/*
* Save this and space to end of token
starttok = cp;
while (*cp != '\0' && *cp != '\n' && *cp != ' '
&& *cp != '\t' && *cp != '#')
- cp++;
+ cp++;
/*
* If token length is zero return an error, else set end of
* token to zero and return start.
*/
if (starttok == cp)
- return (NULL);
+ return NULL;
if (*cp == ' ' || *cp == '\t')
- *cp++ = '\0';
+ *cp++ = '\0';
else
- *cp = '\0';
+ *cp = '\0';
*str = cp;
return starttok;
"authreadkeys: no algorithm for key %d", keyno);
continue;
}
-#else /* OPENSSL */
+#else /* !OPENSSL follows */
/*
* The key type is unused, but is required to be 'M' or
continue;
}
keytype = KEY_TYPE_MD5;
-#endif /* OPENSSL */
+#endif /* !OPENSSL */
/*
* Finally, get key and insert it. If it is longer than 20
#ifdef OPENSSL
#include "openssl/err.h"
#include "openssl/rand.h"
+#include "openssl/evp.h"
int ssl_init_done;
{ -1, "" }
};
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* Crypto events (cryp)
*/
{ XEVNT_ERR & ~CRPT_EVENT, "protocol_error" },
{ -1, "" }
};
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/* Forwards */
static const char *getcode (int, struct codestring *);
{
if (num & PEER_EVENT)
return (getcode(num & ~PEER_EVENT, peer_codes));
-#ifdef OPENSSL
+#ifdef AUTOKEY
else if (num & CRPT_EVENT)
return (getcode(num & ~CRPT_EVENT, crypto_codes));
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
else
return (getcode(num, sys_codes));
}
/* ints */
case T_Calldelay:
-#ifdef OPENSSL
+#ifdef AUTOKEY
case T_Automax:
#endif
fprintf(df, "%s %d\n",
ntp_u_int16_t ulast;
ntp_u_int16_t u;
struct attr_val *my_val;
-#ifdef OPENSSL
+#ifdef AUTOKEY
int item;
#endif
/* Crypto Command */
-#ifdef OPENSSL
+#ifdef AUTOKEY
item = -1; /* quiet warning */
my_val = queue_head(ptree->auth.crypto_cmd_list);
while (my_val != NULL) {
crypto_config(item, my_val->value.s);
my_val = next_node(my_val);
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/* Keysdir Command */
if (ptree->auth.keysdir) {
ntp_signd_socket = estrdup(ptree->auth.ntp_signd_socket);
}
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (ptree->auth.cryptosw && !cryptosw) {
crypto_setup();
cryptosw = 1;
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/* Keys Command */
if (ptree->auth.keys)
}
}
-#ifdef OPENSSL
+#ifdef AUTOKEY
/* crypto revoke command */
if (ptree->auth.revoke)
sys_revoke = ptree->auth.revoke;
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
}
break;
case T_Automax:
-#ifdef OPENSSL
+#ifdef AUTOKEY
sys_automax = curr_var->value.i;
#endif
break;
#include "ntp_config.h"
#include "ntp_crypto.h"
#include "ntp_assert.h"
+#include "ntp_md5.h" /* provides OpenSSL digest API */
#include <stdio.h>
#include <ctype.h>
#endif
#include <arpa/inet.h>
-#ifdef OPENSSL
-# include "openssl/evp.h"
-#else
-# include "ntp_md5.h" /* provides clone of OpenSSL MD5 API */
-#endif
-
/*
* Structure to hold request procedure information
{ CS_SS_LIMITED, RO, "ss_limited" }, /* 41 */
{ CS_SS_KODSENT, RO, "ss_kodsent" }, /* 42 */
{ CS_SS_PROCESSED, RO, "ss_processed" }, /* 43 */
-#ifdef OPENSSL
+#ifdef AUTOKEY
{ CS_FLAGS, RO, "flags" }, /* 44 */
{ CS_HOST, RO, "host" }, /* 45 */
{ CS_PUBLIC, RO, "update" }, /* 46 */
{ CS_REVTIME, RO, "until" }, /* 49 */
{ CS_GROUP, RO, "group" }, /* 50 */
{ CS_DIGEST, RO, "digest" }, /* 51 */
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
{ 0, EOV, "" } /* 44/52 */
};
-static struct ctl_var *ext_sys_var = (struct ctl_var *)0;
+static struct ctl_var *ext_sys_var = NULL;
/*
* System variables we print by default (in fuzzball order,
CS_TAI,
CS_LEAPTAB,
CS_LEAPEND,
-#ifdef OPENSSL
+#ifdef AUTOKEY
CS_HOST,
CS_GROUP,
CS_FLAGS,
CS_SIGNATURE,
CS_PUBLIC,
CS_CERTIF,
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
0
};
{ CP_RATE, RO, "headway" }, /* 40 */
{ CP_BIAS, RO, "bias" }, /* 41 */
{ CP_SRCHOST, RO, "srchost" }, /* 42 */
-#ifdef OPENSSL
+#ifdef AUTOKEY
{ CP_FLAGS, RO, "flags" }, /* 43 */
{ CP_HOST, RO, "host" }, /* 44 */
{ CP_VALID, RO, "valid" }, /* 45 */
{ CP_INITKEY, RO, "initkey" }, /* 47 */
{ CP_INITTSP, RO, "timestamp" }, /* 48 */
{ CP_SIGNATURE, RO, "signature" }, /* 49 */
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
{ 0, EOV, "" } /* 43/50 */
};
CP_FILTDELAY,
CP_FILTOFFSET,
CP_FILTERROR,
-#ifdef OPENSSL
+#ifdef AUTOKEY
CP_HOST,
CP_FLAGS,
CP_SIGNATURE,
CP_VALID,
CP_INITSEQ,
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
0
};
{
l_fp tmp;
char str[256];
+ char buf[CTL_MAX_DATA_LEN];
u_int u;
double kb;
-#ifdef OPENSSL
+ char *s, *t, *be;
+ const char *ss;
+ int i;
+ struct ctl_var *k;
+#ifdef AUTOKEY
struct cert_info *cp;
char cbuf[256];
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
switch (varid) {
- case CS_LEAP:
+ case CS_LEAP:
ctl_putuint(sys_var[CS_LEAP].text, sys_leap);
break;
- case CS_STRATUM:
+ case CS_STRATUM:
ctl_putuint(sys_var[CS_STRATUM].text, sys_stratum);
break;
- case CS_PRECISION:
+ case CS_PRECISION:
ctl_putint(sys_var[CS_PRECISION].text, sys_precision);
break;
- case CS_ROOTDELAY:
+ case CS_ROOTDELAY:
ctl_putdbl(sys_var[CS_ROOTDELAY].text, sys_rootdelay *
1e3);
break;
- case CS_ROOTDISPERSION:
+ case CS_ROOTDISPERSION:
ctl_putdbl(sys_var[CS_ROOTDISPERSION].text,
sys_rootdisp * 1e3);
break;
- case CS_REFID:
+ case CS_REFID:
if (sys_stratum > 1 && sys_stratum < STRATUM_UNSPEC)
ctl_putadr(sys_var[CS_REFID].text, sys_refid, NULL);
else
(char *)&sys_refid);
break;
- case CS_REFTIME:
+ case CS_REFTIME:
ctl_putts(sys_var[CS_REFTIME].text, &sys_reftime);
break;
- case CS_POLL:
+ case CS_POLL:
ctl_putuint(sys_var[CS_POLL].text, sys_poll);
break;
- case CS_PEERID:
+ case CS_PEERID:
if (sys_peer == NULL)
ctl_putuint(sys_var[CS_PEERID].text, 0);
else
sys_peer->associd);
break;
- case CS_OFFSET:
+ case CS_OFFSET:
ctl_putdbl(sys_var[CS_OFFSET].text, last_offset * 1e3);
break;
- case CS_DRIFT:
+ case CS_DRIFT:
ctl_putdbl(sys_var[CS_DRIFT].text, drift_comp * 1e6);
break;
- case CS_JITTER:
+ case CS_JITTER:
ctl_putdbl(sys_var[CS_JITTER].text, sys_jitter * 1e3);
break;
- case CS_ERROR:
+ case CS_ERROR:
ctl_putdbl(sys_var[CS_ERROR].text, clock_jitter * 1e3);
break;
- case CS_CLOCK:
+ case CS_CLOCK:
get_systime(&tmp);
ctl_putts(sys_var[CS_CLOCK].text, &tmp);
break;
- case CS_PROCESSOR:
+ case CS_PROCESSOR:
#ifndef HAVE_UNAME
ctl_putstr(sys_var[CS_PROCESSOR].text, str_processor,
sizeof(str_processor) - 1);
#endif /* HAVE_UNAME */
break;
- case CS_SYSTEM:
+ case CS_SYSTEM:
#ifndef HAVE_UNAME
ctl_putstr(sys_var[CS_SYSTEM].text, str_system,
sizeof(str_system) - 1);
#endif /* HAVE_UNAME */
break;
- case CS_VERSION:
+ case CS_VERSION:
ctl_putstr(sys_var[CS_VERSION].text, Version,
strlen(Version));
break;
- case CS_STABIL:
+ case CS_STABIL:
ctl_putdbl(sys_var[CS_STABIL].text, clock_stability *
1e6);
break;
- case CS_VARLIST:
- {
- char buf[CTL_MAX_DATA_LEN];
- register char *s, *t, *be;
- register const char *ss;
- register int i;
- register struct ctl_var *k;
-
- s = buf;
- be = buf + sizeof(buf);
- if (s + strlen(sys_var[CS_VARLIST].text) + 4 > be)
- break; /* really long var name */
+ case CS_VARLIST:
+ s = buf;
+ be = buf + sizeof(buf);
+ if (s + strlen(sys_var[CS_VARLIST].text) + 4 > be)
+ break; /* really long var name */
- snprintf(s, sizeof(buf), "%s=\"",
- sys_var[CS_VARLIST].text);
- s += strlen(s);
- t = s;
- for (k = sys_var; !(EOV & k->flags); k++) {
- if (PADDING & k->flags)
- continue;
- i = strlen(k->text);
- if (s + i + 1 >= be)
- break;
+ snprintf(s, sizeof(buf), "%s=\"",
+ sys_var[CS_VARLIST].text);
+ s += strlen(s);
+ t = s;
+ for (k = sys_var; !(EOV & k->flags); k++) {
+ if (PADDING & k->flags)
+ continue;
+ i = strlen(k->text);
+ if (s + i + 1 >= be)
+ break;
- if (s != t)
- *s++ = ',';
- memcpy(s, k->text, i);
- s += i;
- }
+ if (s != t)
+ *s++ = ',';
+ memcpy(s, k->text, i);
+ s += i;
+ }
- for (k = ext_sys_var; k && !(EOV & k->flags);
- k++) {
- if (PADDING & k->flags)
- continue;
+ for (k = ext_sys_var; k && !(EOV & k->flags); k++) {
+ if (PADDING & k->flags)
+ continue;
- ss = k->text;
- if (!ss)
- continue;
+ ss = k->text;
+ if (NULL == ss)
+ continue;
- while (*ss && *ss != '=')
- ss++;
- i = ss - k->text;
- if (s + i + 1 >= be)
- break;
+ while (*ss != '\0' && *ss != '=')
+ ss++;
+ i = ss - k->text;
+ if (s + i + 1 >= be)
+ break;
- if (s != t)
- *s++ = ',';
- memcpy(s, k->text,
- (unsigned)i);
- s += i;
- }
- if (s+2 >= be)
- break;
+ if (s != t)
+ *s++ = ',';
+ memcpy(s, k->text, (unsigned)i);
+ s += i;
+ }
+ if (s + 2 >= be)
+ break;
- *s++ = '"';
- *s = '\0';
+ *s++ = '"';
+ *s = '\0';
- ctl_putdata(buf, (unsigned)( s - buf ),
- 0);
- }
- break;
+ ctl_putdata(buf, (unsigned)(s - buf), 0);
+ break;
- case CS_TAI:
+ case CS_TAI:
if (sys_tai > 0)
ctl_putuint(sys_var[CS_TAI].text, sys_tai);
break;
- case CS_LEAPTAB:
+ case CS_LEAPTAB:
if (leap_sec > 0)
ctl_putfs(sys_var[CS_LEAPTAB].text,
leap_sec);
break;
- case CS_LEAPEND:
+ case CS_LEAPEND:
if (leap_expire > 0)
ctl_putfs(sys_var[CS_LEAPEND].text,
leap_expire);
break;
- case CS_RATE:
+ case CS_RATE:
ctl_putuint(sys_var[CS_RATE].text, ntp_minpoll);
break;
- case CS_MRU_ENABLED:
+ case CS_MRU_ENABLED:
ctl_puthex(sys_var[varid].text, mon_enabled);
break;
- case CS_MRU_DEPTH:
+ case CS_MRU_DEPTH:
ctl_putuint(sys_var[varid].text, mru_entries);
break;
- case CS_MRU_MEM:
+ case CS_MRU_MEM:
kb = mru_entries * (sizeof(mon_entry) / 1024.);
u = (u_int)kb;
if (kb - u >= 0.5)
ctl_putuint(sys_var[varid].text, u);
break;
- case CS_MRU_DEEPEST:
+ case CS_MRU_DEEPEST:
ctl_putuint(sys_var[varid].text, mru_peakentries);
break;
- case CS_MRU_MINDEPTH:
+ case CS_MRU_MINDEPTH:
ctl_putuint(sys_var[varid].text, mru_mindepth);
break;
- case CS_MRU_MAXAGE:
+ case CS_MRU_MAXAGE:
ctl_putint(sys_var[varid].text, mru_maxage);
break;
- case CS_MRU_MAXDEPTH:
+ case CS_MRU_MAXDEPTH:
ctl_putuint(sys_var[varid].text, mru_maxdepth);
break;
- case CS_MRU_MAXMEM:
+ case CS_MRU_MAXMEM:
kb = mru_maxdepth * (sizeof(mon_entry) / 1024.);
u = (u_int)kb;
if (kb - u >= 0.5)
ctl_putuint(sys_var[varid].text, u);
break;
- case CS_SS_UPTIME:
+ case CS_SS_UPTIME:
ctl_putuint(sys_var[varid].text, current_time);
break;
- case CS_SS_RESET:
+ case CS_SS_RESET:
ctl_putuint(sys_var[varid].text,
current_time - sys_stattime);
break;
- case CS_SS_RECEIVED:
+ case CS_SS_RECEIVED:
ctl_putuint(sys_var[varid].text, sys_received);
break;
- case CS_SS_THISVER:
+ case CS_SS_THISVER:
ctl_putuint(sys_var[varid].text, sys_newversion);
break;
- case CS_SS_OLDVER:
+ case CS_SS_OLDVER:
ctl_putuint(sys_var[varid].text, sys_oldversion);
break;
- case CS_SS_BADFORMAT:
+ case CS_SS_BADFORMAT:
ctl_putuint(sys_var[varid].text, sys_badlength);
break;
- case CS_SS_BADAUTH:
+ case CS_SS_BADAUTH:
ctl_putuint(sys_var[varid].text, sys_badauth);
break;
- case CS_SS_DECLINED:
+ case CS_SS_DECLINED:
ctl_putuint(sys_var[varid].text, sys_declined);
break;
- case CS_SS_RESTRICTED:
+ case CS_SS_RESTRICTED:
ctl_putuint(sys_var[varid].text, sys_restricted);
break;
- case CS_SS_LIMITED:
+ case CS_SS_LIMITED:
ctl_putuint(sys_var[varid].text, sys_limitrejected);
break;
- case CS_SS_KODSENT:
+ case CS_SS_KODSENT:
ctl_putuint(sys_var[varid].text, sys_kodsent);
break;
- case CS_SS_PROCESSED:
+ case CS_SS_PROCESSED:
ctl_putuint(sys_var[varid].text, sys_processed);
break;
-#ifdef OPENSSL
- case CS_FLAGS:
+#ifdef AUTOKEY
+ case CS_FLAGS:
if (crypto_flags)
ctl_puthex(sys_var[CS_FLAGS].text,
crypto_flags);
break;
- case CS_DIGEST:
+ case CS_DIGEST:
if (crypto_flags) {
- strcpy(str, OBJ_nid2ln(crypto_nid));
+ strncpy(str, OBJ_nid2ln(crypto_nid),
+ COUNTOF(str));
+ str[COUNTOF(str) - 1] = '\0';
ctl_putstr(sys_var[CS_DIGEST].text, str,
strlen(str));
}
break;
- case CS_SIGNATURE:
+ case CS_SIGNATURE:
if (crypto_flags) {
const EVP_MD *dp;
dp = EVP_get_digestbynid(crypto_flags >> 16);
- strcpy(str, OBJ_nid2ln(EVP_MD_pkey_type(dp)));
+ strncpy(str, OBJ_nid2ln(EVP_MD_pkey_type(dp)),
+ COUNTOF(str));
+ str[COUNTOF(str) - 1] = '\0';
ctl_putstr(sys_var[CS_SIGNATURE].text, str,
strlen(str));
}
break;
- case CS_HOST:
+ case CS_HOST:
if (sys_hostname != NULL)
ctl_putstr(sys_var[CS_HOST].text, sys_hostname,
strlen(sys_hostname));
break;
- case CS_GROUP:
+ case CS_GROUP:
if (sys_groupname != NULL)
ctl_putstr(sys_var[CS_GROUP].text, sys_groupname,
strlen(sys_groupname));
break;
- case CS_CERTIF:
+ case CS_CERTIF:
for (cp = cinfo; cp != NULL; cp = cp->link) {
snprintf(cbuf, sizeof(cbuf), "%s %s 0x%x",
cp->subject, cp->issuer, cp->flags);
}
break;
- case CS_PUBLIC:
+ case CS_PUBLIC:
if (hostval.tstamp != 0)
ctl_putfs(sys_var[CS_PUBLIC].text,
ntohl(hostval.tstamp));
break;
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
}
}
char *be;
int i;
struct ctl_var *k;
-#ifdef OPENSSL
+#ifdef AUTOKEY
struct autokey *ap;
const EVP_MD *dp;
const char *str;
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
switch (id) {
ctl_putdata(buf, (u_int)(s - buf), 0);
}
break;
-#ifdef OPENSSL
+#ifdef AUTOKEY
case CP_FLAGS:
if (p->crypto)
ctl_puthex(peer_var[id].text, p->crypto);
ctl_putfs(peer_var[CP_INITTSP].text,
ntohl(p->recval.tstamp));
break;
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
}
}
* variables. Don't send crypto strings.
*/
for (i = 1; i <= CS_MAXCODE; i++) {
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (i > CS_VARLIST)
continue;
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
ctl_putsys(i);
}
} else {
* Dump it all. Later, maybe less.
*/
for (i = 1; i <= CP_MAXCODE; i++) {
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (i > CP_VARLIST)
continue;
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
ctl_putpeer(i, peer);
}
#ifdef REFCLOCK
#include <config.h>
#endif
-#ifdef OPENSSL
+#ifdef AUTOKEY
#include <stdio.h>
#include <sys/types.h>
#include <sys/param.h>
break;
}
}
-# else
+# else /* !AUTOKEY follows */
int ntp_crypto_bs_pubkey;
-# endif /* OPENSSL */
+# endif /* !AUTOKEY */
#include "ntp_stdlib.h"
#include "ntp_control.h"
#include <ntp_random.h>
-#ifdef OPENSSL
-#include "openssl/rand.h"
-#endif /* OPENSSL */
/*
* Table of valid association combinations
u_int hash;
char tbuf[80];
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* If Autokey is requested but not configured, complain loudly.
*/
return (NULL);
}
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* For now only pool associations have a hostname.
if ((MDF_MCAST & cast_flags) && peer->dstadr != NULL)
enable_multicast_if(peer->dstadr, srcadr);
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (key > NTP_MAXKEY)
peer->flags |= FLAG_SKEY;
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
peer->ttl = (u_char)ttl;
peer->keyid = key;
peer->precision = sys_precision;
l_fp p_org; /* origin timestamp */
l_fp p_rec; /* receive timestamp */
l_fp p_xmt; /* transmit timestamp */
-#ifdef OPENSSL
+#ifdef AUTOKEY
struct autokey *ap; /* autokey structure pointer */
int rval; /* cookie snatcher */
keyid_t pkeyid = 0, tkeyid = 0; /* key IDs */
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
#ifdef HAVE_NTP_SIGND
static unsigned char zero_key[16];
#endif /* HAVE_NTP_SIGND */
} else {
restrict_mask &= ~RES_MSSNTP;
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* For autokey modes, generate the session key
* and install in the key cache. Use the socket
}
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Compute the cryptosum. Note a clogging attack may
is_authentic = AUTH_ERROR;
else
is_authentic = AUTH_OK;
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (crypto_flags && skeyid > NTP_MAXKEY)
authtrust(skeyid, 0);
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
#ifdef DEBUG
if (debug)
printf(
return; /* no help */
}
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* Do not respond if Autokey and the opcode is not a
- * CRYPTO_ASSOC response with associationn ID.
+ * CRYPTO_ASSOC response with association ID.
*/
if (crypto_flags && skeyid > NTP_MAXKEY && (opcode &
0xffff0000) != (CRYPTO_ASSOC | CRYPTO_RESP)) {
sys_declined++;
return; /* protocol error */
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Determine whether to execute the initial volley.
*/
if (sys_bdelay != 0) {
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* If a two-way exchange is not possible,
* neither is Autokey.
sys_restricted++;
return; /* no autokey */
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Do not execute the volley. Start out in
sys_restricted++;
return; /* ignore duplicate */
}
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (skeyid > NTP_MAXKEY)
crypto_recv(peer, rbufp);
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
return; /* hooray */
return;
}
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* If the association is configured for Autokey, the packet must
* have a public key ID; if not, the packet must have a
sys_badauth++;
return;
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
peer->received++;
peer->flash &= ~PKT_TEST_MASK;
if (peer->flags & FLAG_XBOGUS) {
unpeer(peer);
return;
}
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (peer->crypto)
peer_clear(peer, "AUTH");
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
return;
/*
unpeer(peer);
return;
}
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (peer->crypto)
peer_clear(peer, "AUTH");
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
return;
}
else
peer->flags &= ~FLAG_AUTHENTIC;
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* More autokey dance. The rules of the cha-cha are as follows:
*
return;
}
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* The dance is complete and the flash bits have been lit. Toss
*/
if ((peer->cast_flags & MDF_BCLNT) && !(peer_unfit(peer) &
TEST11)) {
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (peer->flags & FLAG_SKEY) {
if (!(~peer->crypto & CRYPTO_FLAG_ALL))
peer->hmode = MODE_BCLIENT;
} else {
peer->hmode = MODE_BCLIENT;
}
-#else /* OPENSSL */
+#else /* !AUTOKEY follows */
peer->hmode = MODE_BCLIENT;
-#endif /* OPENSSL */
+#endif /* !AUTOKEY */
}
}
*/
if (sys_leap == LEAP_NOTINSYNC) {
sys_leap = LEAP_NOWARNING;
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (crypto_flags)
crypto_update();
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* If our parent process is waiting for the
* first clock sync, send them home satisfied.
hpoll = max(min(peer->maxpoll, mpoll), peer->minpoll);
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* If during the crypto protocol the poll interval has changed,
* the lifetimes in the key list are probably bogus. Purge the
*/
if ((peer->flags & FLAG_SKEY) && hpoll != peer->hpoll)
key_expire(peer);
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
peer->hpoll = hpoll;
/*
else
peer->nextdate = utemp;
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* If a burst is not in progress and a crypto response message
* is pending, delay 2 s, but only if this is a new interval.
} else {
peer->nextdate = utemp;
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* The ordinary case. If a retry, use minpoll; if unreachable,
{
u_char u;
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* If cryptographic credentials have been acquired, toss them to
* Valhalla. Note that autokeys are ephemeral, in that they are
free(peer->subject);
if (peer->issuer != NULL)
free(peer->issuer);
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Clear all values, including the optional crypto values above.
} else {
peer->nextdate += ntp_random() % peer_associations;
}
-#ifdef OPENSSL
+#ifdef AUTOKEY
peer->refresh = current_time + (1 << NTP_REFRESH);
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
#ifdef DEBUG
if (debug)
printf(
* might not be usable.
*/
sendlen = LEN_PKT_NOMAC;
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (!(peer->flags & FLAG_SKEY) && peer->keyid == 0) {
-#else
+#else /* !AUTOKEY follows */
if (peer->keyid == 0) {
-#endif /* OPENSSL */
+#endif /* !AUTOKEY */
/*
* Transmit a-priori timestamps
* authenticated. If autokey is enabled, fuss with the various
* modes; otherwise, symmetric key cryptography is used.
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (peer->flags & FLAG_SKEY) {
struct exten *exten; /* extension field */
xkeyid, 0, 2);
}
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Transmit a-priori timestamps
return;
}
sendlen += authlen;
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (xkeyid > NTP_MAXKEY)
authtrust(xkeyid, 0);
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
if (sendlen > sizeof(xpkt)) {
msyslog(LOG_ERR, "proto: buffer overflow %u", sendlen);
exit (-1);
}
L_SUB(&xmt_ty, &xmt_tx);
LFPTOD(&xmt_ty, peer->xleave);
-#ifdef OPENSSL
+#ifdef AUTOKEY
#ifdef DEBUG
if (debug)
printf("transmit: at %ld %s->%s mode %d keyid %08x len %d index %d\n",
ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen,
peer->keynumber);
#endif
-#else /* OPENSSL */
+#else /* !AUTOKEY follows */
#ifdef DEBUG
if (debug)
printf("transmit: at %ld %s->%s mode %d keyid %08x len %d\n",
ntoa(&peer->dstadr->sin) : "-",
ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen);
#endif
-#endif /* OPENSSL */
+#endif /* !AUTOKEY */
}
struct pkt *rpkt; /* receive packet structure */
l_fp xmt_tx, xmt_ty;
int sendlen;
-#ifdef OPENSSL
+#ifdef AUTOKEY
u_int32 temp32;
#endif
* value to generate the cookie, which is unique for every
* source-destination-key ID combination.
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (xkeyid > NTP_MAXKEY) {
keyid_t cookie;
&rbufp->recv_srcadr, xkeyid, cookie, 2);
}
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
get_systime(&xmt_tx);
sendlen += authencrypt(xkeyid, (u_int32 *)&xpkt, sendlen);
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (xkeyid > NTP_MAXKEY)
authtrust(xkeyid, 0);
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, 0, &xpkt, sendlen);
get_systime(&xmt_ty);
L_SUB(&xmt_ty, &xmt_tx);
#endif /* WORKER */
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* key_expire - purge the key list
*/
peer->associd);
#endif
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
if (temp_cp.flags & CONF_FLAG_PREFER)
fl |= FLAG_PREFER;
if (temp_cp.flags & CONF_FLAG_BURST)
- fl |= FLAG_BURST;
+ fl |= FLAG_BURST;
if (temp_cp.flags & CONF_FLAG_IBURST)
- fl |= FLAG_IBURST;
-#ifdef OPENSSL
+ fl |= FLAG_IBURST;
+#ifdef AUTOKEY
if (temp_cp.flags & CONF_FLAG_SKEY)
fl |= FLAG_SKEY;
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
if (client_v6_capable && temp_cp.v6_flag != 0) {
AF(&peeraddr) = AF_INET6;
SOCK_ADDR6(&peeraddr) = temp_cp.peeraddr6;
#include "ntpd.h"
#include "ntp_stdlib.h"
+#if defined(HAVE_IO_COMPLETION_PORT)
+# include "ntp_iocompletionport.h"
+# include "ntp_timer.h"
+#endif
+
#include <stdio.h>
#include <signal.h>
#ifdef HAVE_SYS_SIGNAL_H
# include <unistd.h>
#endif
-#if defined(HAVE_IO_COMPLETION_PORT)
-# include "ntp_iocompletionport.h"
-# include "ntp_timer.h"
-#endif
-
#ifdef KERNEL_PLL
#include "ntp_syscall.h"
#endif /* KERNEL_PLL */
-#ifdef OPENSSL
+#ifdef AUTOKEY
#include <openssl/rand.h>
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/* TC_ERR represents the timer_create() error return value. */
u_long leapsec; /* leapseconds countdown */
u_long worker_idle_timer; /* next check for idle intres */
u_long orphwait; /* orphan wait time */
-#ifdef OPENSSL
+#ifdef AUTOKEY
static u_long revoke_timer; /* keys revoke timer */
static u_long keys_timer; /* session key timer */
u_long sys_revoke = KEY_REVOKE; /* keys revoke timeout (log2 s) */
u_long sys_automax = NTP_AUTOMAX; /* key list timeout (log2 s) */
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Statistics counter for the interested.
current_time > orphwait) {
if (sys_leap == LEAP_NOTINSYNC) {
sys_leap = LEAP_NOWARNING;
-#ifdef OPENSSL
+#ifdef AUTOKEY
if (crypto_flags)
crypto_update();
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
}
sys_stratum = (u_char)sys_orphan;
if (sys_stratum > 1)
huffpuff();
}
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* Garbage collect expired keys.
*/
revoke_timer += 1 << sys_revoke;
RAND_bytes((u_char *)&sys_private, 4);
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Interface update timer
#ifdef DEBUG_TIMING
static FILEGEN timingstats;
#endif
-#ifdef OPENSSL
+#ifdef AUTOKEY
static FILEGEN cryptostats;
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
static char statsdir[MAXPATHLEN] = NTP_VAR;
static FILEGEN peerstats;
filegen_unregister("rawstats");
filegen_unregister("sysstats");
filegen_unregister("protostats");
-#ifdef OPENSSL
+#ifdef AUTOKEY
filegen_unregister("cryptostats");
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
#ifdef DEBUG_TIMING
filegen_unregister("timingstats");
-#endif /* DEBUG_TIMING */
+#endif /* DEBUG_TIMING */
#if defined(_MSC_VER) && defined (_DEBUG)
_CrtCheckMemory();
filegen_register(statsdir, "rawstats", &rawstats);
filegen_register(statsdir, "sysstats", &sysstats);
filegen_register(statsdir, "protostats", &protostats);
-#ifdef OPENSSL
+#ifdef AUTOKEY
filegen_register(statsdir, "cryptostats", &cryptostats);
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
#ifdef DEBUG_TIMING
filegen_register(statsdir, "timingstats", &timingstats);
-#endif /* DEBUG_TIMING */
+#endif /* DEBUG_TIMING */
/*
* register with libntp ntp_set_tod() to call us back
* when time is stepped.
value[value_l - 1]);
if (add_dir_sep)
- snprintf(statsdir, sizeof(statsdir),
- "%s%c", value, DIR_SEP);
+ snprintf(statsdir, sizeof(statsdir),
+ "%s%c", value, DIR_SEP);
else
- snprintf(statsdir, sizeof(statsdir),
- "%s", value);
+ snprintf(statsdir, sizeof(statsdir),
+ "%s", value);
get_systime(&now);
- if(peerstats.prefix == &statsdir[0] &&
+ if (peerstats.prefix == &statsdir[0] &&
peerstats.fp != NULL) {
fclose(peerstats.fp);
peerstats.fp = NULL;
filegen_setup(&peerstats, now.l_ui);
}
- if(loopstats.prefix == &statsdir[0] &&
+ if (loopstats.prefix == &statsdir[0] &&
loopstats.fp != NULL) {
fclose(loopstats.fp);
loopstats.fp = NULL;
filegen_setup(&loopstats, now.l_ui);
}
- if(clockstats.prefix == &statsdir[0] &&
+ if (clockstats.prefix == &statsdir[0] &&
clockstats.fp != NULL) {
fclose(clockstats.fp);
clockstats.fp = NULL;
filegen_setup(&clockstats, now.l_ui);
}
- if(rawstats.prefix == &statsdir[0] &&
+ if (rawstats.prefix == &statsdir[0] &&
rawstats.fp != NULL) {
fclose(rawstats.fp);
rawstats.fp = NULL;
filegen_setup(&rawstats, now.l_ui);
}
- if(sysstats.prefix == &statsdir[0] &&
+ if (sysstats.prefix == &statsdir[0] &&
sysstats.fp != NULL) {
fclose(sysstats.fp);
sysstats.fp = NULL;
filegen_setup(&sysstats, now.l_ui);
}
- if(protostats.prefix == &statsdir[0] &&
+ if (protostats.prefix == &statsdir[0] &&
protostats.fp != NULL) {
fclose(protostats.fp);
protostats.fp = NULL;
filegen_setup(&protostats, now.l_ui);
}
-#ifdef OPENSSL
- if(cryptostats.prefix == &statsdir[0] &&
+#ifdef AUTOKEY
+ if (cryptostats.prefix == &statsdir[0] &&
cryptostats.fp != NULL) {
fclose(cryptostats.fp);
cryptostats.fp = NULL;
filegen_setup(&cryptostats, now.l_ui);
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
#ifdef DEBUG_TIMING
- if(timingstats.prefix == &statsdir[0] &&
+ if (timingstats.prefix == &statsdir[0] &&
timingstats.fp != NULL) {
fclose(timingstats.fp);
timingstats.fp = NULL;
filegen_setup(&timingstats, now.l_ui);
}
-#endif /* DEBUG_TIMING */
+#endif /* DEBUG_TIMING */
}
break;
}
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* record_crypto_stats - write crypto statistics to file
*
fflush(cryptostats.fp);
}
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
#ifdef DEBUG_TIMING
#include "ntp_stdlib.h"
#include "ntp_assert.h"
#include "ntp_lineedit.h"
+#ifdef OPENSSL
+#include "openssl/evp.h"
+#include "openssl/objects.h"
+#endif
#include <ssl_applink.c>
#include "ntpdc-opts.h"
#include "ntp_assert.h"
#include "ntp_lineedit.h"
#include "ntp_debug.h"
+#ifdef OPENSSL
+#include "openssl/evp.h"
+#include "openssl/objects.h"
+#endif
#include <ssl_applink.c>
#include "ntpq-opts.h"
-#if !defined(__NTP_TIMER_H_)
-#define __NTP_TIMER_H_
+#ifndef NTP_TIMER_H
+#define NTP_TIMER_H
extern void timer_clr_stats(void);
-#if defined(SYS_WINNT)
+#ifdef SYS_WINNT
extern HANDLE get_timer_handle(void);
#endif
-
-
-#endif
\ No newline at end of file
+#endif /* NTP_TIMER_H */
#include <ntp_fp.h>
#include <ntp.h>
#include <ntp_stdlib.h>
-#ifdef OPENSSL
-# include "openssl/evp.h"
-#else
-# include <ntp_md5.h> /* provides clone of OpenSSL MD5 API */
-#endif
+#include <ntp_md5.h> /* provides OpenSSL digest API */
#include "utilities.h"
#include "sntp-opts.h"
l_fp reftime;
keyid_t keyid;
-#ifdef OPENSSL
+#ifdef AUTOKEY
#define clear_to_zero opcode
u_int32 opcode; /* last request opcode */
associd_t assoc; /* peer association ID */
int keynumber; /* current key number */
struct value encrypt; /* send encrypt values */
struct value sndval; /* send autokey values */
-#else /* OPENSSL */
+#else /* !AUTOKEY follows */
#define clear_to_zero status
-#endif /* OPENSSL */
+#endif /* !AUTOKEY */
l_fp rec; /* receive time stamp */
l_fp xmt; /* transmit time stamp */
/*
* EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.c)
*
- * It has been AutoGen-ed July 12, 2010 at 10:09:37 AM by AutoGen 5.10
+ * It has been AutoGen-ed July 19, 2010 at 07:43:26 AM by AutoGen 5.10
* From the definitions ntp-keygen-opts.def
* and the template file options
*
/*
* Certificate option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zCertificateText[] =
"certificate scheme";
tSCC zCertificate_NAME[] = "CERTIFICATE";
#define zCertificate_NAME NULL
#define zCertificateText NULL
#define zCertificate_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Debug_Level option description:
/*
* Id_Key option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zId_KeyText[] =
"Write IFF or GQ identity keys";
tSCC zId_Key_NAME[] = "ID_KEY";
#define zId_Key_NAME NULL
#define zId_KeyText NULL
#define zId_Key_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Gq_Params option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zGq_ParamsText[] =
"Generate GQ parameters and keys";
tSCC zGq_Params_NAME[] = "GQ_PARAMS";
#define zGq_Params_NAME NULL
#define zGq_ParamsText NULL
#define zGq_Params_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Host_Key option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zHost_KeyText[] =
"generate RSA host key";
tSCC zHost_Key_NAME[] = "HOST_KEY";
#define zHost_Key_NAME NULL
#define zHost_KeyText NULL
#define zHost_Key_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Iffkey option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zIffkeyText[] =
"generate IFF parameters";
tSCC zIffkey_NAME[] = "IFFKEY";
#define zIffkey_NAME NULL
#define zIffkeyText NULL
#define zIffkey_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Issuer_Name option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zIssuer_NameText[] =
"set issuer name";
tSCC zIssuer_Name_NAME[] = "ISSUER_NAME";
#define zIssuer_Name_NAME NULL
#define zIssuer_NameText NULL
#define zIssuer_Name_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Md5key option description:
/*
* Modulus option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zModulusText[] =
"modulus";
tSCC zModulus_NAME[] = "MODULUS";
#define zModulus_NAME NULL
#define zModulusText NULL
#define zModulus_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Pvt_Cert option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zPvt_CertText[] =
"generate PC private certificate";
tSCC zPvt_Cert_NAME[] = "PVT_CERT";
#define zPvt_Cert_NAME NULL
#define zPvt_CertText NULL
#define zPvt_Cert_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Pvt_Passwd option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zPvt_PasswdText[] =
"output private password";
tSCC zPvt_Passwd_NAME[] = "PVT_PASSWD";
#define zPvt_Passwd_NAME NULL
#define zPvt_PasswdText NULL
#define zPvt_Passwd_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Get_Pvt_Passwd option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zGet_Pvt_PasswdText[] =
"input private password";
tSCC zGet_Pvt_Passwd_NAME[] = "GET_PVT_PASSWD";
#define zGet_Pvt_Passwd_NAME NULL
#define zGet_Pvt_PasswdText NULL
#define zGet_Pvt_Passwd_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Sign_Key option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zSign_KeyText[] =
"generate sign key (RSA or DSA)";
tSCC zSign_Key_NAME[] = "SIGN_KEY";
#define zSign_Key_NAME NULL
#define zSign_KeyText NULL
#define zSign_Key_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Subject_Name option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zSubject_NameText[] =
"set subject name";
tSCC zSubject_Name_NAME[] = "SUBJECT_NAME";
#define zSubject_Name_NAME NULL
#define zSubject_NameText NULL
#define zSubject_Name_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Trusted_Cert option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zTrusted_CertText[] =
"trusted certificate (TC scheme)";
tSCC zTrusted_Cert_NAME[] = "TRUSTED_CERT";
#define zTrusted_Cert_NAME NULL
#define zTrusted_CertText NULL
#define zTrusted_Cert_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Mv_Params option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zMv_ParamsText[] =
"generate <num> MV parameters";
tSCC zMv_Params_NAME[] = "MV_PARAMS";
#define zMv_Params_NAME NULL
#define zMv_ParamsText NULL
#define zMv_Params_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Mv_Keys option description:
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
tSCC zMv_KeysText[] =
"update <num> MV keys";
tSCC zMv_Keys_NAME[] = "MV_KEYS";
#define zMv_Keys_NAME NULL
#define zMv_KeysText NULL
#define zMv_Keys_Name NULL
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Help/More_Help/Version option descriptions:
/*
* Declare option callback procedures
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
static tOptProc doOptModulus;
-#else /* not OPENSSL */
+#else /* not AUTOKEY */
# define doOptModulus NULL
-#endif /* def/not OPENSSL */
-#ifdef OPENSSL
+#endif /* def/not AUTOKEY */
+#ifdef AUTOKEY
extern tOptProc optionNumericVal;
-#else /* not OPENSSL */
+#else /* not AUTOKEY */
# define optionNumericVal NULL
-#endif /* def/not OPENSSL */
-#ifdef OPENSSL
+#endif /* def/not AUTOKEY */
+#ifdef AUTOKEY
extern tOptProc optionNumericVal;
-#else /* not OPENSSL */
+#else /* not AUTOKEY */
# define optionNumericVal NULL
-#endif /* def/not OPENSSL */
+#endif /* def/not AUTOKEY */
#if defined(TEST_NTP_KEYGEN_OPTS)
/*
* Under test, omit argument processing, or call optionStackArg,
If there is no new host key, look for an existing one.\n\
If one is not found, create it.\n";
tSCC zFullVersion[] = NTP_KEYGEN_FULL_VERSION;
-/* extracted from /usr/local/gnu/share/autogen/optcode.tpl near line 495 */
+/* extracted from /usr/local/share/autogen/optcode.tpl near line 495 */
#if defined(ENABLE_NLS)
# define OPTPROC_BASE OPTPROC_TRANSLATE
/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*
- * For the modulus option, when OPENSSL is #define-d.
+ * For the modulus option, when AUTOKEY is #define-d.
*/
-#ifdef OPENSSL
+#ifdef AUTOKEY
static void
doOptModulus(tOptions* pOptions, tOptDesc* pOptDesc)
{
}
pOptDesc->optArg.argInt = val;
}
-#endif /* defined OPENSSL */
-/* extracted from /usr/local/gnu/share/autogen/optmain.tpl near line 109 */
+#endif /* defined AUTOKEY */
+/* extracted from /usr/local/share/autogen/optmain.tpl near line 109 */
#if defined(TEST_NTP_KEYGEN_OPTS) /* TEST MAIN PROCEDURE: */
return res;
}
#endif /* defined TEST_NTP_KEYGEN_OPTS */
-/* extracted from /usr/local/gnu/share/autogen/optcode.tpl near line 627 */
+/* extracted from /usr/local/share/autogen/optcode.tpl near line 627 */
#if ENABLE_NLS
#include <stdio.h>
name = certificate;
arg-type = string;
arg-name = scheme;
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
descrip = "certificate scheme";
doc = <<- _EndOfDoc_
scheme is one of
flag = {
value = e;
name = id-key;
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
descrip = "Write IFF or GQ identity keys";
doc = <<- _EndOfDoc_
Write the IFF or GQ client keys to the standard output. This is
flag = {
value = G;
name = gq-params;
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
descrip = "Generate GQ parameters and keys";
doc = <<- _EndOfDoc_
Generate parameters and keys for the GQ identification scheme,
flag = {
value = H;
name = host-key;
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
descrip = "generate RSA host key";
doc = <<- _EndOfDoc_
Generate new host keys, obsoleting any that may exist.
flag = {
value = I;
name = iffkey;
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
descrip = "generate IFF parameters";
doc = <<- _EndOfDoc_
Generate parameters for the IFF identification scheme, obsoleting
flag = {
value = i;
name = issuer-name;
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
arg-type = string;
arg-name = issuer-name;
descrip = "set issuer name";
arg-type = number;
arg-name = modulus;
arg-range = '256->2048';
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
descrip = "modulus";
doc = <<- _EndOfDoc_
The number of bits in the prime modulus. The default is 512.
flag = {
value = P;
name = pvt-cert;
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
descrip = "generate PC private certificate";
doc = <<- _EndOfDoc_
Generate a private certificate. By default, the program generates
flag = {
value = p;
name = pvt-passwd;
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
arg-type = string;
arg-name = passwd;
descrip = "output private password";
flag = {
value = q;
name = get-pvt-passwd;
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
arg-type = string;
arg-name = passwd;
descrip = "input private password";
name = sign-key;
arg-type = string;
arg-name = sign;
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
descrip = "generate sign key (RSA or DSA)";
doc = <<- _EndOfDoc_
Generate a new sign key of the designated type, obsoleting any
name = subject-name;
arg-type = string;
arg-name = host;
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
descrip = "set subject name";
doc = <<- _EndOfDoc_
Set the issuer name to name. This is used for the issuer field
flag = {
value = T;
name = trusted-cert;
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
descrip = "trusted certificate (TC scheme)";
doc = <<- _EndOfDoc_
Generate a trusted certificate. By default, the program generates
name = mv-params;
arg-type = number;
arg-name = num;
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
descrip = "generate <num> MV parameters";
doc = <<- _EndOfDoc_
Generate parameters and keys for the Mu-Varadharajan (MV)
name = mv-keys;
arg-type = number;
arg-name = num;
- ifdef = OPENSSL;
+ ifdef = AUTOKEY;
descrip = "update <num> MV keys";
};
/*
* EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.h)
*
- * It has been AutoGen-ed July 12, 2010 at 10:09:37 AM by AutoGen 5.10
+ * It has been AutoGen-ed July 19, 2010 at 07:43:25 AM by AutoGen 5.10
* From the definitions ntp-keygen-opts.def
* and the template file options
*
#define VALUE_OPT_ISSUER_NAME 'i'
#define VALUE_OPT_MD5KEY 'M'
#define VALUE_OPT_MODULUS 'm'
-#ifdef OPENSSL
+#ifdef AUTOKEY
#define OPT_VALUE_MODULUS (DESC(MODULUS).optArg.argInt)
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
#define VALUE_OPT_PVT_CERT 'P'
#define VALUE_OPT_PVT_PASSWD 'p'
#define VALUE_OPT_GET_PVT_PASSWD 'q'
#define VALUE_OPT_SUBJECT_NAME 's'
#define VALUE_OPT_TRUSTED_CERT 'T'
#define VALUE_OPT_MV_PARAMS 'V'
-#ifdef OPENSSL
+#ifdef AUTOKEY
#define OPT_VALUE_MV_PARAMS (DESC(MV_PARAMS).optArg.argInt)
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
#define VALUE_OPT_MV_KEYS 'v'
-#ifdef OPENSSL
+#ifdef AUTOKEY
#define OPT_VALUE_MV_KEYS (DESC(MV_KEYS).optArg.argInt)
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
#define VALUE_OPT_HELP '?'
#define VALUE_OPT_MORE_HELP '!'
#define VALUE_OPT_VERSION INDEX_OPT_VERSION
ntp_keygenOptions.pzCurOpt = NULL )
#define START_OPT RESTART_OPT(1)
#define USAGE(c) (*ntp_keygenOptions.pUsageProc)( &ntp_keygenOptions, c )
-/* extracted from /usr/local/gnu/share/autogen/opthead.tpl near line 409 */
+/* extracted from /usr/local/share/autogen/opthead.tpl near line 409 */
/* * * * * *
*
#include "openssl/pem.h"
#include "openssl/x509v3.h"
#include <openssl/objects.h>
-#endif /* OPENSSL */
+#endif /* OPENSSL */
#include <ssl_applink.c>
/*
#define YEAR ((long)60*60*24*365) /* one year in seconds */
#define MAXFILENAME 256 /* max file name length */
#define MAXHOSTNAME 256 /* max host name length */
-#ifdef OPENSSL
+#ifdef AUTOKEY
#define PLEN 512 /* default prime modulus size (bits) */
#define ILEN 256 /* default identity modulus size (bits) */
#define MVMAX 100 /* max MV parameters */
#define BASIC_CONSTRAINTS "critical,CA:TRUE"
#define EXT_KEY_PRIVATE "private"
#define EXT_KEY_TRUST "trustRoot"
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Prototypes
*/
FILE *fheader (const char *, const char *, const char *);
int gen_md5 (char *);
-#ifdef OPENSSL
+#ifdef AUTOKEY
EVP_PKEY *gen_rsa (char *);
EVP_PKEY *gen_dsa (char *);
EVP_PKEY *gen_iffkey (char *);
EVP_PKEY *readkey (char *, char *, u_int *, EVP_PKEY **);
void writekey (char *, char *, u_int *, EVP_PKEY **);
u_long asn2ntp (ASN1_TIME *);
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Program variables
extern char *optarg; /* command line argument */
char *progname;
volatile int debug = 0; /* debug, not de bug */
-#ifdef OPENSSL
+#ifdef AUTOKEY
u_int modulus = PLEN; /* prime modulus size (bits) */
u_int modulus2 = ILEN; /* identity modulus size (bits) */
#endif
char filename[MAXFILENAME + 1]; /* file name */
char *passwd1 = NULL; /* input private key password */
char *passwd2 = NULL; /* output private key password */
-#ifdef OPENSSL
+#ifdef AUTOKEY
long d0, d1, d2, d3; /* callback counters */
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
#ifdef SYS_WINNT
BOOL init_randfile();
{
struct timeval tv; /* initialization vector */
int md5key = 0; /* generate MD5 keys */
-#ifdef OPENSSL
+#ifdef AUTOKEY
X509 *cert = NULL; /* X509 certificate */
X509_EXTENSION *ext; /* X509v3 extension */
EVP_PKEY *pkey_host = NULL; /* host key */
int nid; /* X509 digest/signature scheme */
FILE *fstr = NULL; /* file handle */
#define iffsw HAVE_OPT(ID_KEY)
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
char hostbuf[MAXHOSTNAME + 1];
char groupbuf[MAXHOSTNAME + 1];
#ifdef OPENSSL
ssl_check_version();
fprintf(stderr, "Using OpenSSL version %lx\n", SSLeay());
-#endif /* OPENSSL */
+#endif /* OPENSSL */
/*
* Process options, initialize host name and timestamp.
if (HAVE_OPT( MD5KEY ))
md5key++;
-#ifdef OPENSSL
+#ifdef AUTOKEY
passwd1 = hostbuf;
if (HAVE_OPT( PVT_PASSWD ))
passwd1 = strdup(OPT_ARG( PVT_PASSWD ));
if ((iffkey || gqkey || mvkey) && exten == NULL)
fprintf(stderr,
"Warning: identity files may not be useful with a nontrusted certificate.\n");
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
* Create new unencrypted MD5 keys file if requested. If this
exit (0);
}
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* Create a new encrypted RSA host key file if requested;
* otherwise, look for an existing host key file. If not found,
x509(pkey_sign, ectx, grpkey, exten, hostname);
else
x509(pkey_sign, ectx, grpkey, exten, groupname);
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
exit (0);
}
u_char keystr[MD5SIZE];
u_char hexstr[2 * MD5SIZE + 1];
u_char hex[] = "0123456789abcdef";
-#endif /* OPENSSL */
+#endif /* OPENSSL */
str = fheader("MD5key", id, groupname);
ntp_srandom((u_long)epoch);
fprintf(str, "%2d SHA1 %s # SHA1 key\n", i + MD5KEYS,
hexstr);
}
-#endif /* OPENSSL */
+#endif /* OPENSSL */
fclose(str);
return (1);
}
-#ifdef OPENSSL
+#ifdef AUTOKEY
/*
* readkey - load cryptographic parameters and keys
*
fprintf(stderr, "Invalid %s key type %s\n", id, type);
return (NULL);
}
-#endif /* OPENSSL */
+#endif /* AUTOKEY */
/*
projects / thirdparty / ntp.git / commitdiff
