From: Harlan Stenn <stenn@ntp.org>
Date: Sat, 14 Nov 2009 12:23:50 +0000 (-0500)
Subject: Changes from Dave Mills
X-Git-Tag: NTP_4_2_5P245_RC~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=11ed912c39ae51ec5be2aa1e7e37698044c59f0f;p=thirdparty%2Fntp.git

Changes from Dave Mills

bk: 4afea15652IhL9qadvumjAiOMdrrHQ
---

diff --git a/ChangeLog b/ChangeLog
index 320d1a3bd..40b0f1330 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+* Cleanup from Dave Mills.
 * [Bug 1343] sntp illegal C does not compile on Solaris 7.
 * [Bug 1381] Version .deps generated include file dependencies to allow
   known dependency-breaking changes to force .deps to be cleaned,
diff --git a/html/authopt.html b/html/authopt.html
index 2909193ad..d2cb974b1 100644
--- a/html/authopt.html
+++ b/html/authopt.html
@@ -23,7 +23,7 @@
 <p>Our resident cryptographer; now you see him, now you don't.</p>
 
 <p>Last update: 
-			<!-- #BeginDate format:En2m -->11-Nov-2009  5:48<!-- #EndDate -->
+			<!-- #BeginDate format:En2m -->13-Nov-2009  0:37<!-- #EndDate -->
 UTC</p>
 <br clear="left">
 
@@ -109,7 +109,10 @@ UTC</p>
 	ID and key type to authenticate NTP packets. If an NTP packet includes a
 	message authentication code (MAC), consisting of a key ID and message digest,
 	it is accepted only if the key ID matches a trusted key and the message digest
-	is verified with this key.</p>
+	is verified with this key. Note that for historic reasons the message digest
+	algorithm is not consistent with RFC-1828. The digest is computed directly
+	from the concatenation of the key string followed by the packet contents
+	with the exception of the MAC itself.</p>
  
 <p>Keys and related information are specified in a keys file, usually called <tt>ntp.keys</tt>,
 	which must be distributed and stored using secure means beyond the scope
@@ -371,9 +374,7 @@ UTC</p>
 	participants in an Autokey subnet must use the same algorithm. Note that
 	the Autokey message digest algorithm is separate and distinct form the symmetric
 	key message digest algorithms. Note: If compliance with FIPS 140-2 is required,
-	the algorithm must be ether <tt>SHA</tt> or <tt>SHA1</tt>. [Note that, while
-	<tt>MD4</tt> is included in the OpenSSL documentation, it is not available in the
-	current library.]</dd>
+	the algorithm must be ether <tt>SHA</tt> or <tt>SHA1</tt>.</dd>
 
 <dt><tt>host <i>name</i></tt></dt>
 <dd>Specifies the string used when constructing the names for the host, sign
diff --git a/html/keygen.html b/html/keygen.html
index f94d7c75e..2b47e579e 100644
--- a/html/keygen.html
+++ b/html/keygen.html
@@ -17,7 +17,7 @@
 <p>Alice holds the key.</p>
 
 <p>Last update: 
-	<!-- #BeginDate format:En2m -->11-Nov-2009  20:03<!-- #EndDate -->
+	<!-- #BeginDate format:En2m -->13-Nov-2009  0:44<!-- #EndDate -->
 </p>
 <br clear="left">
 
@@ -62,11 +62,11 @@
 
 <p>When used to generate message digest keys, the program produces a file containing
 	ten pseudo-random printable ASCII strings suitable for the MD5 message digest
-	algorithm. If the OpenSSL library is installed, it produces an additional
-	 ten hex-encoded random bit strings suitable for the SHA1 and other message
-	digest algorithms.  All keys are 160
-	bits in length, but are truncated as necessary for the various message digest
-	algorithms.</p>
+	algorithm included in the distribution. If the OpenSSL library is installed,
+	it produces an additional ten hex-encoded random bit strings suitable for
+	the SHA1 and other message digest algorithms. Printable ASCII keys can have
+	length from one to 20 characters, inclusive. Bit string keys have length
+	20 octets (40 hex characters). All keys are 160 bits in length.</p>
 <p> The file can be edited later with
 	purpose-chosen passwords for the <tt>ntpq</tt> and <tt>ntpdc</tt> programs.
 	Each line of the file contains three fields, first an integer between 1 and
diff --git a/html/miscopt.html b/html/miscopt.html
index f3b52d7f0..800a4f21f 100644
--- a/html/miscopt.html
+++ b/html/miscopt.html
@@ -13,7 +13,7 @@
 		<img src="pic/boom3.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
 		<p>We have three, now looking for more.</p>
 		<p>Last update:
-			<!-- #BeginDate format:En2m -->14-Oct-2009  20:53<!-- #EndDate --> 
+			<!-- #BeginDate format:En2m -->13-Nov-2009  19:08<!-- #EndDate --> 
 			UTC</p>
 		<br clear="left">
 	<h4>Related Links</h4>
@@ -84,9 +84,15 @@
 					<dt><tt>panic <i>panic</i></tt></dt>
 					<dd>Spedifies the panic threshold in seconds with default 1000 s. If set to zero, the panic sanity check is disabled and a clock offset of any value will be accepted.</dd>
 					<dt><tt>step <i>step</i></tt></dt>
-					<dd>Spedifies the step threshold in seconds with default 0.128 s. If set to zero, step adjustments will never occur. Note: The kernel time discipline is disabled if the step threshold is set to zero or greater than the default.</dd>
+					<dd>Spedifies the step threshold in seconds. The default without this command
+						is 0.128 s. If set to zero, step adjustments will never
+						occur. Note: The kernel time discipline is disabled if
+						the step threshold is set to zero or greater than 0.5
+						s.</dd>
 					<dt><tt>stepout <i>stepout</i></tt></dt>
-					<dd>Specifies the stepout threshold in seconds with default 900 s. It If set to zero, popcorn spikes will not be suppressed.</dd>
+					<dd>Specifies the stepout threshold in seconds. The default without this
+						command is 900 s.  If set to zero, popcorn spikes will
+						not be suppressed.</dd>
 			</dl></dd>
 			<dt id="tos"><tt>tos [ beacon <i>beacon</i> | ceiling <i>ceiling</i> | cohort {0 | 1} | floor <i>floor</i> | maxclock <i>maxclock </i>| maxdist <i>maxdist</i> | minclock <i>minclock</i> | mindist <i>mindist </i>| minsane <i>minsane</i> | orphan <i>stratum</i> ]</tt></dt>
 			<dd>This command alters certain system variables used by the the clock selection and clustering algorithms. The default values of these variables have been carefully optimized for a wide range of network speeds and reliability expectations. Very rarely is it necessary to change the default values; but, some folks can't resist twisting the knobs. It can be used to select the quality and quantity of peers used to synchronize the system clock and is most useful in dynamic server discovery schemes. The options are as follows:</dd>
diff --git a/libntp/authreadkeys.c b/libntp/authreadkeys.c
index 91383d715..063515ee0 100644
--- a/libntp/authreadkeys.c
+++ b/libntp/authreadkeys.c
@@ -137,7 +137,7 @@ authreadkeys(
 		 * here and prevent use of inconsistent data later.
 		 */
 		keytype = keytype_from_text(token, NULL);
-		if (keytype == 0 || keytype > 255) {
+		if (keytype == 0) {
 			msyslog(LOG_ERR,
 			    "authreadkeys: invalid type for key %d", keyno);
 			continue;
diff --git a/ntpd/ntp_loopfilter.c b/ntpd/ntp_loopfilter.c
index 639c373ce..1846b552e 100644
--- a/ntpd/ntp_loopfilter.c
+++ b/ntpd/ntp_loopfilter.c
@@ -996,7 +996,7 @@ loop_config(
 	case LOOP_MAX:		/* step threshold (step) */
 		clock_max = freq;
 		if (clock_max == 0 || clock_max > 0.5)
-		kern_enable = 0;
+			kern_enable = 0;
 		break;
 
 	case LOOP_MINSTEP:	/* stepout threshold (stepout) */
diff --git a/ntpd/refclock_local.c b/ntpd/refclock_local.c
index 1776b8af9..d1b28718e 100644
--- a/ntpd/refclock_local.c
+++ b/ntpd/refclock_local.c
@@ -83,15 +83,6 @@ extern u_long current_time;
  */
 extern s_char sys_precision;
 
-#ifdef KERNEL_PLL
-/*
- * Imported from ntp_loopfilter
- */
-extern int pll_control; 	/* kernel pll control */
-extern int kern_enable;		/* kernel pll enabled */
-extern int ext_enable;		/* external clock enable */
-#endif /* KERNEL_PLL */
-
 /*
  * Function prototypes
  */