size_t len, n;
const char *name, **seen;
struct hstate *hstate = arg;
- const char *cp;
/* m is MD obj, from is name or alias, to is base name for alias */
- if (!m || !from || to)
+ if (!m || !from || to) {
return; /* Ignore aliases */
+ }
/* Discard MACs that NTP won't accept. */
/* Keep this consistent with keytype_from_text() in ssl_init.c. */
- if (EVP_MD_size(m) > (MAX_MAC_LEN - sizeof(keyid_t)))
+ if (EVP_MD_size(m) > MAX_MDG_LEN) {
return;
+ }
name = EVP_MD_name(m);
-
- /* Lowercase names aren't accepted by keytype_from_text in ssl_init.c */
-
- for (cp = name; *cp; cp++)
- if (islower((unsigned char)*cp))
- return;
-
- len = (cp - name) + 1;
+ len = strlen(name) + 1;
/* There are duplicates. Discard if name has been seen. */
for (seen = hstate->seen; *seen; seen++)
- if (!strcmp(*seen, name))
+ if (!strcasecmp(*seen, name))
return;
n = (seen - hstate->seen) + 2;
/* No - end of list */
if (!delim && !last_nl) {
delim = list + len;
- } else
+ } else {
/* New line and no delim or before delim? */
if (last_nl && (!delim || last_nl < delim)) {
delim = last_nl;
}
+ }
/* Found insertion point where CMAC before entry? */
if (strncmp(CMAC, point, delim - point) < 0) {
-# This unit test ntp.keys file has hard-coded the current set
-# of OpenSSL-supported digest algorithms. It needs to be updated
-# after newer algorithms are available. The current list can be
+# This unit test ntp.keys file has hard-coded the union of sets
+# of OpenSSL-supported digest algorithms we've come across. It
+# needs to be updated as algorithms are observed. A list can be
# obtained with:
#
# ntpq -c "help keytype"
#
-# tests/libntp/digest.c similarly hardcodes the list of digests
-# to test.
+# tests/libntp/digests.c similarly hardcodes the list of digests
+# to test. This file must be kept in sync with it.
#
# Each digest is tested twice with keyids separated by 50 for
# plaintext and hex-encoded keys.
+#
1 AES128CMAC X~A=%NWlo]p$dGq,S3M9
2 MD4 oV'8?f+J5`_EOvW!B,R`
5 RIPEMD160 I89p}f6QopwC\LwHBm;e
6 SHA1 A;H=E;.m4N%t%EeJ90[d
7 SHAKE128 |HxLoa,mzG<"y>^TI_(1
- 8 MD5 306+^SHLV5{"v7W`U3aY # unused so far
- 9 MD5 lGyKZgsI_Pi"y"8JAT98 # unused
-10 MD5 2:VO]Q5u%/b&}.<P?T~9 # unused
+ 8 DSA 306+^SHLV5{"v7W`U3aY
+ 9 DSA-SHA lGyKZgsI_Pi"y"8JAT98
+10 SHA 2:VO]Q5u%/b&}.<P?T~9
51 AES128CMAC d0cd9f3ee181769ca7cccaada09f093c5fe8e628
52 MD4 7080bc47eea6b379b2ff841805a144fb4a241a16
55 RIPEMD160 6028ec169bfbe55ab61ffa7baa34b482020f0619
56 SHA1 17d96a86eb9b9075f33e1c0a08bb2bb61e916e33
57 SHAKE128 70da1a91030eb91836c1cf76cf67ddfd6b96fa91
-58 SHA1 7ce5deea7569d7423d5e1b497c8eb3bfeff852d5 # unused so far
-59 SHA1 9fd568e8f371deae54a65bc50b52bbe1f6529589 # unused
-60 SHA1 ce85046978a4df8366e102c4f1267399bbc25737 # unused
+58 DSA 7ce5deea7569d7423d5e1b497c8eb3bfeff852d5
+59 DSA-SHA 9fd568e8f371deae54a65bc50b52bbe1f6529589
+60 SHA ce85046978a4df8366e102c4f1267399bbc25737
0xaa, 0xa6, 0xcd, 0x76
};
u_char expectedB[MAX_MAC_LEN] =
- {
+ {
0, 0, 0, KEYID_B,
0x07, 0x04, 0x63, 0xcc,
0x46, 0xaf, 0xca, 0x00,
}
+#define DSA_KEYID 8
+#undef KEYID_A
+#define KEYID_A DSA_KEYID
+#undef DG_SZ
+#define DG_SZ 20
+#undef KEYID_B
+#define KEYID_B (KEYID_A + HEX_KEYID_OFFSET)
+void test_Digest_DSA(void);
+void test_Digest_DSA(void)
+{
+#ifdef OPENSSL
+ u_char expectedA[MAX_MAC_LEN] =
+ {
+ 0, 0, 0, KEYID_A,
+ 0xaf, 0xa0, 0x1d, 0x0c,
+ 0x92, 0xcb, 0xca, 0x95,
+ 0x0d, 0x57, 0x60, 0x49,
+ 0xe5, 0x28, 0x03, 0xf2,
+ 0x7b, 0x5b, 0xb1, 0x4a
+ };
+ u_char expectedB[MAX_MAC_LEN] =
+ {
+ 0, 0, 0, KEYID_B,
+ 0x77, 0xcd, 0x88, 0xc2,
+ 0xed, 0x5d, 0x57, 0xc5,
+ 0x28, 0x92, 0xf0, 0x21,
+ 0x2b, 0xb9, 0x48, 0xac,
+ 0xfe, 0x9f, 0xf5, 0x1c
+ };
+
+ TEST_ASSERT(setup);
+ TEST_ONE_DIGEST(KEYID_A, DG_SZ, expectedA);
+ TEST_ONE_DIGEST(KEYID_B, DG_SZ, expectedB);
+#else /* ! OPENSSL follows */
+ TEST_IGNORE_MESSAGE("Skipping, no OPENSSL");
+#endif
+}
+
+
+#define DSA_SHA_KEYID 9
+#undef KEYID_A
+#define KEYID_A DSA_SHA_KEYID
+#undef DG_SZ
+#define DG_SZ 20
+#undef KEYID_B
+#define KEYID_B (KEYID_A + HEX_KEYID_OFFSET)
+void test_Digest_DSA_SHA(void);
+void test_Digest_DSA_SHA(void)
+{
+#ifdef OPENSSL
+ u_char expectedA[MAX_MAC_LEN] =
+ {
+ 0, 0, 0, KEYID_A,
+ 0x7c, 0xb5, 0x79, 0xd0,
+ 0xf2, 0xcd, 0x47, 0xc0,
+ 0x21, 0xf3, 0xf5, 0x04,
+ 0x10, 0xc4, 0x59, 0x5c,
+ 0xd9, 0xa4, 0x4f, 0x3b
+ };
+ u_char expectedB[MAX_MAC_LEN] =
+ {
+ 0, 0, 0, KEYID_B,
+ 0xb9, 0xca, 0xa6, 0x8e,
+ 0xd3, 0xcb, 0x94, 0x6a,
+ 0x6d, 0xae, 0xb4, 0xc8,
+ 0x0e, 0xc9, 0xf6, 0xed,
+ 0x58, 0x1a, 0xed, 0x22
+ };
+
+ TEST_ASSERT(setup);
+ TEST_ONE_DIGEST(KEYID_A, DG_SZ, expectedA);
+ TEST_ONE_DIGEST(KEYID_B, DG_SZ, expectedB);
+#else /* ! OPENSSL follows */
+ TEST_IGNORE_MESSAGE("Skipping, no OPENSSL");
+#endif
+}
+
+
+#define SHA_KEYID 10
+#undef KEYID_A
+#define KEYID_A SHA_KEYID
+#undef DG_SZ
+#define DG_SZ 20
+#undef KEYID_B
+#define KEYID_B (KEYID_A + HEX_KEYID_OFFSET)
+void test_Digest_SHA(void);
+void test_Digest_SHA(void)
+{
+#ifdef OPENSSL
+ u_char expectedA[MAX_MAC_LEN] =
+ {
+ 0, 0, 0, KEYID_A,
+ 0xd5, 0xbd, 0xb8, 0x55,
+ 0x9b, 0x9e, 0x5e, 0x8f,
+ 0x1a, 0x3d, 0x99, 0x60,
+ 0xbd, 0x70, 0x0c, 0x5c,
+ 0x68, 0xae, 0xb0, 0xbd
+ };
+ u_char expectedB[MAX_MAC_LEN] =
+ {
+ 0, 0, 0, KEYID_B,
+ 0x63, 0x05, 0x41, 0x45,
+ 0xe9, 0x61, 0x84, 0xe7,
+ 0xc6, 0x94, 0x24, 0xa4,
+ 0x84, 0x76, 0xc7, 0xc9,
+ 0xdd, 0x80, 0x80, 0x89
+ };
+
+ TEST_ASSERT(setup);
+ TEST_ONE_DIGEST(KEYID_A, DG_SZ, expectedA);
+ TEST_ONE_DIGEST(KEYID_B, DG_SZ, expectedB);
+#else /* ! OPENSSL follows */
+ TEST_IGNORE_MESSAGE("Skipping, no OPENSSL");
+#endif
+}
+
+
/*
* Dump a MAC in a form easy to cut and paste into the expected declaration.
*/
dc += snprintf(dump + dc, sizeof(dump) - dc, "digest with key %u { ", keyid);
- for (idx = 0; idx < octets; idx++) {
- if (10 == idx) {
+ for (idx = 4; idx < octets; idx++) {
+ if (14 == idx) {
msyslog(LOG_DEBUG, "%s", dump);
dc = 0;
}
projects / thirdparty / ntp.git / commitdiff
