Crypto cleanup from Dave Mills

bk: 49f3a4ae3h-ovZmMjcVxwunkJ09j5g

diff --git a/ChangeLog b/ChangeLog
index 22d16f4903f311641c7987773578b0e424d806c2..f960b6c5c0315f916b628e8f7deda48b8d61cac7 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+* Crypto cleanup from Dave Mills.
 (4.2.5p166) 2009/04/25 Released by Harlan Stenn <stenn@ntp.org>
 * [Bug 1165] Clean up small memory leaks in the  config file parser
 * Correct logconfig keyword declaration to MULTIPLE_ARG

diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c
index 43211b3317d874fef1411229287c4c38af80c7f2..38dcb02024780d97262378f782248576c81d399a 100644 (file)
--- a/ntpd/ntp_crypto.c
+++ b/ntpd/ntp_crypto.c
@@ -354,12 +354,10 @@ make_keylist(
                EVP_SignInit(&ctx, sign_digest);
                EVP_SignUpdate(&ctx, (u_char *)vp, 12);
                EVP_SignUpdate(&ctx, vp->ptr, sizeof(struct autokey));
-               if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey))
+               if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
                        vp->siglen = htonl(len);
-               else
-                       msyslog(LOG_ERR, "make_keys: %s",
-                           ERR_error_string(ERR_get_error(), NULL));
-               peer->flags |= FLAG_ASSOC;
+                       peer->flags |= FLAG_ASSOC;
+               }
        }
 #ifdef DEBUG
        if (debug)
@@ -2922,8 +2920,8 @@ crypto_mv(
  * remains valid until its expiration. 
  *
  * Returns
- * XEVNT_CRT   bad or missing certificate
  * XEVNT_OK    success
+ * XEVNT_CRT   bad or missing certificate
  * XEVNT_PER   host certificate expired
  * XEVNT_PUB   bad or missing public key
  * XEVNT_VFY   certificate not verified

diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
index 3b4972ab16f45599fb23005d2f31b4d8086384e5..398743af89b9057a7f5103c38b9d003c1f98e50b 100644 (file)
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -322,8 +322,9 @@ receive(
        int     rval;                   /* cookie snatcher */
        keyid_t pkeyid = 0, tkeyid = 0; /* key IDs */
 #endif /* OPENSSL */
-
+#ifdef WINTIME
        static unsigned char zero_key[16];
+#endif /* WINTIME */
 
        /*
         * Monitor the packet and get restrictions. Note that the packet
@@ -1202,22 +1203,25 @@ receive(
                }
                peer->flash |= TEST8;
                rval = crypto_recv(peer, rbufp);
-               if (rval == XEVNT_OK)
+               if (rval == XEVNT_OK) {
                        peer->unreach = 0;
-               if (rval != XEVNT_OK) {
-                       report_event(PEVNT_RESTART, peer,
-                           "crypto");
-                       peer_clear(peer, "CRYP");
-                       peer->flash |= TEST9;           /* bad crypt */
-                       if (peer->flags & FLAG_PREEMPT)
-                               unpeer(peer);
+               } else {
+                       if (rval == XEVNT_ERR) {
+                               report_event(PEVNT_RESTART, peer,
+                                   "crypto");
+                               peer_clear(peer, "CRYP");
+                               peer->flash |= TEST9;   /* bad crypt */
+                               if (peer->flags & FLAG_PREEMPT)
+                                       unpeer(peer);
+                       }
                        return;
+               }
 
                /*
                 * If server mode, verify the receive key ID matches
                 * the transmit key ID.
                 */
-               } else if (hismode == MODE_SERVER) {
+               if (hismode == MODE_SERVER) {
                        if (skeyid == peer->keyid)
                                peer->flash &= ~TEST8;
 
@@ -2971,7 +2975,8 @@ peer_xmit(
                        else if (!(peer->crypto & CRYPTO_FLAG_AUTO))
                                exten = crypto_args(peer, CRYPTO_AUTO,
                                    peer->assoc, NULL);
-                       else if (peer->flags & FLAG_ASSOC)
+                       else if (peer->flags & FLAG_ASSOC &&
+                           peer->crypto & CRYPTO_FLAG_SIGN)
                                exten = crypto_args(peer, CRYPTO_AUTO |
                                    CRYPTO_RESP, peer->assoc, NULL);