From: Dave Hart Date: Tue, 30 Jan 2024 09:00:44 +0000 (+0000) Subject: Avoid running checkHtmlFileDates script repeatedly when no html/*.html X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30eb409737bbb4ed59953a07b723ee28fe666783;p=thirdparty%2Fntp.git Avoid running checkHtmlFileDates script repeatedly when no html/*.html files have changed. Correct comment, clarify configure --help text re: --with-autokey. Display KoD refid as text in recently added message. Correct OpenSSL usage in Autokey code to avoid warnings about discarding const qualifiers with OpenSSL 3. Avoid clang warning "a function declaration without a prototype is deprecated in all versions of C". Abort configure if --enable-crypto-rand given & unavailable. improve --help output for --enable-c99-snprintf. Add configure --enable-verbose-ssl to trace SSL detection. Silence warnings about dropping const qualifier by making a copy of OpenSSL key data before modifying it in ntp-keygen. Display KoD refid as text in recently added message. Add build test coverage for --disable-saveconfig to flock-build script. bk: 65b8babcBi-wM_TKFu6ADxmywSjoCw --- diff --git a/ChangeLog b/ChangeLog index 53e08a76c..a1218268f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,7 +36,7 @@ * [Bug 3846] Use -Wno-format-truncation by default. * [Bug 3845] accelerate pool clock_sync when IPv6 has only link-local access. -* [Bug 3842] Windows ntpd ppsapi DLL load failure crashes. +* [Bug 3842] Windows ntpd PPSAPI DLL load failure crashes. * [Bug 3841] 4.2.8p17 build break w/ gcc 12 -Wformat-security without -Wformat Need to remove --Wformat-security when removing -Wformat to silence numerous libopts warnings. @@ -77,6 +77,15 @@ * Correct missing arg for %s printf specifier in send_blocking_resp_internal(). * Suppress OpenSSL 3 deprecation warning clutter. +* Correct OpenSSL usage in Autokey code to avoid warnings about + discarding const qualifiers with OpenSSL 3. +* Display KoD refid as text in recently added message. +* Avoid running checkHtmlFileDates script repeatedly when no html/*.html + files have changed. +* Abort configure if --enable-crypto-rand given & unavailable. +* Add configure --enable-verbose-ssl to trace SSL detection. +* Add build test coverage for --disable-saveconfig to flock-build script. + --- (4.2.8p17) 2023/06/06 Released by Harlan Stenn @@ -90,7 +99,7 @@ Miroslav Lichvar and Matt for rapid testing and identifying the problem. * Add tests/libntp/digests.c to catch regressions reading keys file or with - symmetric authentication digest output. + symmetric authentication digest output. --- (4.2.8p16) 2023/05/31 Released by Harlan Stenn diff --git a/Makefile.am b/Makefile.am index 688851c7a..14cf90b34 100644 --- a/Makefile.am +++ b/Makefile.am @@ -83,7 +83,7 @@ BUILT_SOURCES = \ @sleep 1 @touch $@ -html/.datecheck: FRC.html +$(srcdir)/html/.datecheck: $(srcdir)/html/*.html cd $(srcdir)/html && \ ../scripts/build/checkHtmlFileDates diff --git a/configure.ac b/configure.ac index bfb7f7bac..7362ec6cd 100644 --- a/configure.ac +++ b/configure.ac @@ -3020,7 +3020,7 @@ AC_MSG_RESULT([$ans]) NTP_CRYPTO_RAND -# if we are using OpenSSL (--with-crypto), by default Autokey is enabled +# if we are building Autokey (--with-autokey), by default Autokey is enabled AC_ARG_ENABLE( [autokey], AS_HELP_STRING( @@ -3046,7 +3046,7 @@ case "$ntp_autokey" in esac ;; esac -AC_MSG_CHECKING([if we want NTP Autokey protocol support]) +AC_MSG_CHECKING([if NTP Autokey protocol will be supported]) AC_MSG_RESULT([$ntp_autokey]) AC_SUBST([MAKE_CHECK_LAYOUT]) diff --git a/flock-build b/flock-build index b537ac349..f01c97b6b 100755 --- a/flock-build +++ b/flock-build @@ -80,7 +80,7 @@ do case "1" in 0) ssh $i "cd $c_d ; ./build $SIG $PARSE $STD $BUILD_ARGS" & - ssh $i "cd $c_d ; ./build $SIG $PARSE $STD --disable-debugging $BUILD_ARGS" & + ssh $i "cd $c_d ; ./build $SIG $PARSE $STD --disable-debugging --disable-saveconfig $BUILD_ARGS" & ssh $i "cd $c_d ; ./build $SIG $PARSE $STD --without-crypto --enable-c99-snprintf $BUILD_ARGS" & ssh $i "cd $c_d ; ./build $SIG $STD --disable-all-clocks --disable-autokey --without-sntp --disable-thread-support $BUILD_ARGS" & ;; @@ -103,7 +103,7 @@ do case $FB_FIRSTONLY in '0') - ./build $SIG $PARSE $STD --disable-debugging $BUILD_ARGS & + ./build $SIG $PARSE $STD --disable-debugging --disable-saveconfig $BUILD_ARGS & COUNT=\`expr \$COUNT + 1\` echo \`date -u '+%H:%M:%S'\` $i started build \$COUNT of 4 diff --git a/libntp/numtoa.c b/libntp/numtoa.c index 0b7b5c3ff..ac8978ee5 100644 --- a/libntp/numtoa.c +++ b/libntp/numtoa.c @@ -33,50 +33,57 @@ numtoa( } -/* Convert a refid & stratum to a string */ +/* + * Convert a refid & stratum to a string. If stratum is negative and the + * refid consists entirely of graphic chars, up to an optional + * terminating zero, display as text similar to stratum 0 & 1. + */ const char * refid_str( u_int32 refid, int stratum -) + ) { char * text; size_t tlen; char * cp; - + int printable; + /* * ntpd can have stratum = 0 and refid 127.0.0.1 in orphan mode. * https://bugs.ntp.org/3854. Mirror the refid logic in timer(). */ - if (LOOPBACKADR_N == refid) { - if (stratum <= 1) { - return ".ORPH."; - } - } else if (stratum > 1) { - return numtoa(refid); + if (0 == stratum && LOOPBACKADR_N == refid) { + return ".ORPH."; } - LIB_GETBUF(text); - text[0] = '.'; - /* What if any non-NUL char is not printable? */ - memcpy(&text[1], &refid, sizeof(refid)); - text[1 + sizeof(refid)] = '\0'; - tlen = strlen(text); - text[tlen] = '.'; - text[tlen + 1] = '\0'; - - /* - * Now make sure the contents are 'graphic'. - * - * This refid is expected to be up to 4 ascii graphics. - * If any character is not a graphic, replace it with a '?'. - * This will at least alert the viewer of a problem. - */ - for (cp = text + 1; *cp; ++cp) { - if (!isgraph((int)*cp)) { - *cp = '?'; + printable = FALSE; + if (stratum < 2) { + text = lib_getbuf(); + text[0] = '.'; + memcpy(&text[1], &refid, sizeof(refid)); + text[1 + sizeof(refid)] = '\0'; + tlen = strlen(text); + text[tlen] = '.'; + text[tlen + 1] = '\0'; + /* + * Now make sure the contents are 'graphic'. + * + * This refid is expected to be up to 4 printable ASCII. + * isgraph() is similar to isprint() but excludes space. + * If any character is not graphic, replace it with a '?'. + * This will at least alert the viewer of a problem. + */ + for (cp = text + 1; '\0' != *cp; ++cp) { + if (!isgraph((int)*cp)) { + printable = FALSE; + *cp = '?'; + } + } + if ( (stratum < 0 && printable) + || stratum < 2) { + return text; } } - - return text; + return numtoa(refid); } diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c index f9c71ff31..c3d4328a3 100644 --- a/ntpd/ntp_crypto.c +++ b/ntpd/ntp_crypto.c @@ -834,7 +834,7 @@ crypto_recv( * errors. */ if (vallen == (u_int)EVP_PKEY_size(host_pkey)) { - RSA *rsa = EVP_PKEY_get0_RSA(host_pkey); + RSA *rsa = EVP_PKEY_get1_RSA(host_pkey); u_int32 *cookiebuf = malloc(RSA_size(rsa)); if (!cookiebuf) { rval = XEVNT_CKY; @@ -853,6 +853,7 @@ crypto_recv( cookie = ntohl(*cookiebuf); free(cookiebuf); } + RSA_free(rsa); } else { rval = XEVNT_CKY; break; @@ -1583,6 +1584,7 @@ crypto_encrypt( ) { EVP_PKEY *pkey; /* public key */ + RSA* rsa; /* public key */ EVP_MD_CTX *ctx; /* signature context */ tstamp_t tstamp; /* NTP timestamp */ u_int32 temp32; @@ -1610,8 +1612,9 @@ crypto_encrypt( vp->ptr = emalloc(vallen); puch = vp->ptr; temp32 = htonl(*cookie); - if (RSA_public_encrypt(4, (u_char *)&temp32, puch, - EVP_PKEY_get0_RSA(pkey), RSA_PKCS1_OAEP_PADDING) <= 0) { + rsa = EVP_PKEY_get1_RSA(pkey); + if (RSA_public_encrypt(4, (u_char *)&temp32, puch, rsa, + RSA_PKCS1_OAEP_PADDING) <= 0) { msyslog(LOG_ERR, "crypto_encrypt: %s", ERR_error_string(ERR_get_error(), NULL)); free(vp->ptr); @@ -1619,6 +1622,9 @@ crypto_encrypt( return (XEVNT_CKY); } EVP_PKEY_free(pkey); + pkey = NULL; + RSA_free(rsa); + rsa = NULL; if (tstamp == 0) return (XEVNT_OK); @@ -2003,7 +2009,7 @@ value_free( * Returns NTP seconds if in synch, 0 otherwise */ tstamp_t -crypto_time() +crypto_time(void) { l_fp tstamp; /* NTP time */ @@ -2075,7 +2081,7 @@ asn_to_calendar ( /* - * bigdig() - compute a BIGNUM MD5 hash of a BIGNUM number. + * bighash() - compute a BIGNUM MD5 hash of a BIGNUM number. * * Returns void (no errors) */ @@ -2169,12 +2175,12 @@ crypto_alice( struct value *vp /* value pointer */ ) { - DSA *dsa; /* IFF parameters */ - BN_CTX *bctx; /* BIGNUM context */ - EVP_MD_CTX *ctx; /* signature context */ - tstamp_t tstamp; - u_int len; - const BIGNUM *q; + const DSA *dsa; /* IFF parameters */ + BN_CTX *bctx; /* BIGNUM context */ + EVP_MD_CTX *ctx; /* signature context */ + tstamp_t tstamp; + u_int len; + const BIGNUM *q; /* * The identity parameters must have correct format and content. @@ -2243,7 +2249,8 @@ crypto_bob( struct value *vp /* value pointer */ ) { - DSA *dsa; /* IFF parameters */ + int retv; /* return value */ + const DSA *dsa; /* IFF parameters */ DSA_SIG *sdsa; /* DSA signature context fake */ BN_CTX *bctx; /* BIGNUM context */ EVP_MD_CTX *ctx; /* signature context */ @@ -2262,6 +2269,10 @@ crypto_bob( msyslog(LOG_NOTICE, "crypto_bob: scheme unavailable"); return (XEVNT_ID); } + + /* Initialize pointers that may need freeing in cleanup. */ + sdsa = NULL; + dsa = EVP_PKEY_get0_DSA(iffkey_info->pkey); DSA_get0_pqg(dsa, &p, &q, &g); DSA_get0_key(dsa, NULL, &priv_key); @@ -2306,16 +2317,16 @@ crypto_bob( if (len == 0) { msyslog(LOG_ERR, "crypto_bob: %s", ERR_error_string(ERR_get_error(), NULL)); - DSA_SIG_free(sdsa); - return (XEVNT_ERR); + retv = XEVNT_ERR; + goto cleanup; } if (len > MAX_VALLEN) { msyslog(LOG_ERR, "crypto_bob: signature is too big: %u", len); - DSA_SIG_free(sdsa); - return (XEVNT_LEN); + retv = XEVNT_ERR; + goto cleanup; } - memset(vp, 0, sizeof(struct value)); + ZERO(*vp); tstamp = crypto_time(); vp->tstamp = htonl(tstamp); vp->fstamp = htonl(iffkey_info->fstamp); @@ -2323,9 +2334,10 @@ crypto_bob( ptr = emalloc(len); vp->ptr = ptr; i2d_DSA_SIG(sdsa, &ptr); - DSA_SIG_free(sdsa); - if (tstamp == 0) - return (XEVNT_OK); + if (0 == tstamp) { + retv = XEVNT_OK; + goto cleanup; + } /* XXX: more validation to make sure the sign fits... */ vp->sig = emalloc(sign_siglen); @@ -2338,7 +2350,11 @@ crypto_bob( vp->siglen = htonl(len); } EVP_MD_CTX_free(ctx); - return (XEVNT_OK); + retv = XEVNT_OK; + + cleanup: + DSA_SIG_free(sdsa); + return retv; } @@ -2357,7 +2373,7 @@ crypto_iff( struct peer *peer /* peer structure pointer */ ) { - DSA *dsa; /* IFF parameters */ + const DSA *dsa; /* IFF parameters */ BN_CTX *bctx; /* BIGNUM context */ DSA_SIG *sdsa; /* DSA parameters */ BIGNUM *bn, *bk; @@ -2501,7 +2517,7 @@ crypto_alice2( struct value *vp /* value pointer */ ) { - RSA *rsa; /* GQ parameters */ + const RSA *rsa; /* GQ parameters */ BN_CTX *bctx; /* BIGNUM context */ EVP_MD_CTX *ctx; /* signature context */ tstamp_t tstamp; @@ -2573,7 +2589,7 @@ crypto_bob2( struct value *vp /* value pointer */ ) { - RSA *rsa; /* GQ parameters */ + const RSA *rsa; /* GQ parameters */ DSA_SIG *sdsa; /* DSA parameters */ BN_CTX *bctx; /* BIGNUM context */ EVP_MD_CTX *ctx; /* signature context */ @@ -2680,7 +2696,7 @@ crypto_gq( struct peer *peer /* peer structure pointer */ ) { - RSA *rsa; /* GQ parameters */ + const RSA *rsa; /* GQ parameters */ BN_CTX *bctx; /* BIGNUM context */ DSA_SIG *sdsa; /* RSA signature context fake */ BIGNUM *y, *v; @@ -2845,7 +2861,7 @@ crypto_alice3( struct value *vp /* value pointer */ ) { - DSA *dsa; /* MV parameters */ + const DSA *dsa; /* MV parameters */ BN_CTX *bctx; /* BIGNUM context */ EVP_MD_CTX *ctx; /* signature context */ tstamp_t tstamp; @@ -2916,7 +2932,7 @@ crypto_bob3( struct value *vp /* value pointer */ ) { - DSA *dsa; /* MV parameters */ + const DSA *dsa; /* MV parameters */ DSA *sdsa; /* DSA signature context fake */ BN_CTX *bctx; /* BIGNUM context */ EVP_MD_CTX *ctx; /* signature context */ @@ -3032,7 +3048,7 @@ crypto_mv( struct peer *peer /* peer structure pointer */ ) { - DSA *dsa; /* MV parameters */ + const DSA *dsa; /* MV parameters */ DSA *sdsa; /* DSA parameters */ BN_CTX *bctx; /* BIGNUM context */ BIGNUM *k, *u, *v; diff --git a/ntpd/ntp_io.c b/ntpd/ntp_io.c index e1db13749..5bb357c31 100644 --- a/ntpd/ntp_io.c +++ b/ntpd/ntp_io.c @@ -4950,7 +4950,7 @@ process_routing_msgs(struct asyncio_reader *reader) * set up routing notifications */ static void -init_async_notifications() +init_async_notifications(void) { struct asyncio_reader *reader; #ifdef HAVE_RTNETLINK diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index ca76a6030..35c9a825f 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -2052,7 +2052,7 @@ receive( msyslog(LOG_INFO, "receive: Got KoD %s from %s", - refid_str(pkt->refid, hisstratum), ntoa(&peer->srcadr)); + refid_str(pkt->refid, -1), ntoa(&peer->srcadr)); } else if (peer->flip == 0) { if (0) { } else if (L_ISZERO(&p_org)) { diff --git a/ntpd/ntp_scanner.c b/ntpd/ntp_scanner.c index 5b0b7f088..531d66024 100644 --- a/ntpd/ntp_scanner.c +++ b/ntpd/ntp_scanner.c @@ -320,7 +320,7 @@ lex_init_stack( * anything until the next 'lex_init_stack()' succeeded. */ void -lex_drop_stack() +lex_drop_stack(void) { lex_stack = drop_stack_do(lex_stack); } @@ -334,7 +334,7 @@ lex_drop_stack() * in the force-eof mode before this call. */ int/*BOOL*/ -lex_flush_stack() +lex_flush_stack(void) { int retv = FALSE; @@ -425,7 +425,7 @@ lex_from_file(void) } struct FILE_INFO * -lex_current() +lex_current(void) { /* this became so simple, it could be a macro. But then, * lex_stack needed to be global... diff --git a/ntpd/refclock_arc.c b/ntpd/refclock_arc.c index d2dba54cb..73bb63bc4 100644 --- a/ntpd/refclock_arc.c +++ b/ntpd/refclock_arc.c @@ -870,15 +870,18 @@ arc_receive( struct recvbuf *rbufp ) { + static int quality_average = 0; + static int quality_sum = 0; + static int quality_polls = 0; register struct arcunit *up; struct refclockproc *pp; struct peer *peer; char c; - int i, n, wday, month, flags, status; + int i, wday, month, flags, status; int arc_last_offset; - static int quality_average = 0; - static int quality_sum = 0; - static int quality_polls = 0; + #ifdef DEBUG + int n; + #endif /* * Initialize pointers and read the timecode and timestamp @@ -1182,8 +1185,8 @@ arc_receive( status = pp->a_lastcode[15]; #ifdef DEBUG if(debug) { printf("arc: status 0x%.2x flags 0x%.2x\n", flags, status); } -#endif n = 9; +#endif /* Validate received values at least enough to prevent internal diff --git a/scripts/build/checkHtmlFileDates b/scripts/build/checkHtmlFileDates index db783206a..5eae87f7a 100755 --- a/scripts/build/checkHtmlFileDates +++ b/scripts/build/checkHtmlFileDates @@ -1,13 +1,29 @@ #! /bin/sh +# +# checkHtmlFileDates +# +# This script is invoked in html directory when any html/*.html file +# is newer than html/.datecheck to update the last modified time +# within the HTML. Each file is compared against the checked-in +# version is compared to any uncommitted edits and if there are +# any, scripts/build/updateBEDate is used to update the embedded +# timestamp. html/.datecheck is not distributed in releases so +# this will be invoked once building a newly-extracted tarball. +# 'bk diff' is used to check for modifications so if bk is not +# on the path there's no need to invoke this repeatedly. +# Therefore touch .datecheck unconditionally right away. +# +touch .datecheck + # Do nothing if the directory is not a BK repo, # or if BK is not even installed. bk status > /dev/null 2>&1 || exit 0 -for i in `find * -type f -name '*.html' -print | grep -v SCCS/` +for i in `echo *.html` do # echo $i - set `bk diffs $i | wc -l` + set `bk diff --normal $i | wc -l` lines=$1 case "$lines" in 0) ;; diff --git a/sntp/m4/ntp_crypto_rand.m4 b/sntp/m4/ntp_crypto_rand.m4 index 9d554226f..0341e3845 100644 --- a/sntp/m4/ntp_crypto_rand.m4 +++ b/sntp/m4/ntp_crypto_rand.m4 @@ -25,15 +25,15 @@ dnl if that's not specified: dnl - Look for RAND_poll and RAND_bytes dnl - if they exist, define USE_OPENSSL_CRYPTO_RAND -AC_MSG_CHECKING([if we want to use OpenSSL's crypto random (if available)]) +AC_MSG_CHECKING([if we want to use SSL library's secure random numbers]) AC_ARG_ENABLE( [openssl-random], [AS_HELP_STRING( [--enable-openssl-random], - [Use OpenSSL's crypto random number functions, if available (default is yes)] + [+ Use SSL lib's secure random numbers] )], - [ntp_use_openssl_random=$enableval], - [ntp_use_openssl_random=yes] + [ntp_use_openssl_random=$enableval ; ntp_ssl_random_mandatory=$enableval], + [ntp_use_openssl_random=yes ; ntp_ssl_random_mandatory=no] ) AC_MSG_RESULT([$ntp_use_openssl_random]) @@ -45,10 +45,32 @@ AC_CHECK_FUNCS([RAND_bytes RAND_poll]) LIBS="$NTPO_SAVED_LIBS" case "$ntp_openssl$ntp_use_openssl_random$ac_cv_func_RAND_bytes$ac_cv_func_RAND_poll" in yesyesyesyes) - AC_DEFINE([USE_OPENSSL_CRYPTO_RAND], [1], [Use OpenSSL's crypto random functions]) - ;; - *) ntp_use_openssl_random=no ;; + AC_MSG_NOTICE([Using SSL library's secure random number generator]) + AC_DEFINE([USE_OPENSSL_CRYPTO_RAND], [1], [Use OpenSSL's crypto random functions]) + ;; + *) + ntp_use_openssl_random=no + AC_MSG_NOTICE([SSL library's secure random number generator unavailable.]) + case "$ntp_ssl_random_mandatory" in + yes) + AC_MSG_FAILURE( + [No suiteable SSL library was found and ] + [--enable-openssl-random was given.. Remove ] + [--enable-openssl-random if you wish to build without a ] + [cryptographically secure RNG. ] + [WARNING: Use of ntp-keygen without a secure RNG may generate ] + [keys that are predictable.] + ) + ;; + *) + AC_MSG_WARN( + [WARNING: Use of ntp-keygen without a secure RNG may generate ] + [keys that are predictable.] + ) + esac esac +AS_UNSET([ntp_ssl_random_mandatory]) + ]) dnl NTP_CRYPTO_RAND diff --git a/sntp/m4/ntp_libntp.m4 b/sntp/m4/ntp_libntp.m4 index 39d7c6109..917c83044 100644 --- a/sntp/m4/ntp_libntp.m4 +++ b/sntp/m4/ntp_libntp.m4 @@ -491,7 +491,10 @@ AC_DEFUN([NTP_BEFORE_HW_FUNC_VSNPRINTF], [ AC_BEFORE([$0], [HW_FUNC_SNPRINTF])dnl AC_ARG_ENABLE( [c99-snprintf], - [AS_HELP_STRING([--enable-c99-snprintf], [s force replacement])], + [AS_HELP_STRING( + [--enable-c99-snprintf], + [s use replacement printf family] + )], [force_c99_snprintf=$enableval], [force_c99_snprintf=no] ) diff --git a/sntp/m4/ntp_openssl.m4 b/sntp/m4/ntp_openssl.m4 index 6a2983b50..6718b6dd6 100644 --- a/sntp/m4/ntp_openssl.m4 +++ b/sntp/m4/ntp_openssl.m4 @@ -29,18 +29,12 @@ dnl LDADD_NTP OpenSSL -L and -l flags added as needed. dnl LDFLAGS_NTP OpenSSL runpath flags as needed. dnl dnl #################################################################### -m4_define([NTP_OPENSSL_VERBOSE_MSG], - [ - dnl Remove dnl prefix from AC_MSG_NOTICE below for debug output. - dnl Would prefer configure option but I don't know how to hide - dnl that option from configure --help. - dnl AC_MSG_NOTICE([$1]) - ]) dnl AC_DEFUN([NTP_OPENSSL], [ AC_REQUIRE([AC_PROG_SED])dnl AC_REQUIRE([NTP_PKG_CONFIG])dnl AC_REQUIRE([NTP_VER_SUFFIX])dnl +AC_REQUIRE([NTP_OPENSSL_VERBOSE_MSG])dnl AC_ARG_WITH( [crypto], @@ -70,6 +64,15 @@ AC_ARG_WITH( [+ =search likely dirs] )] ) +AC_ARG_ENABLE( + [verbose-ssl], + [AS_HELP_STRING( + [--enable-verbose-ssl], + [- show crypto lib detection details] + )], + [], + [enable_verbose_ssl=no] dnl default to quiet +) ntp_openssl=no ntp_openssl_from_pkg_config=no @@ -98,7 +101,7 @@ case "$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${wit AC_MSG_CHECKING([pkg-config for $pkg]) if $PKG_CONFIG --exists $pkg ; then ntp_ssl_cppflags="`$PKG_CONFIG --cflags-only-I $pkg`" - case "$ntp_ssl_incdir" in + case "$ntp_ssl_cppflags" in '') ntp_ssl_incdir='not needed' ;; @@ -527,7 +530,7 @@ case "$ntp_openssl:$GCC" in ntp_ssl_cflags="$ntp_ssl_cflags -Wstrict-prototypes" esac dnl checking for gcc problems with -Werror and -Wstrict-prototypes -AC_MSG_CHECKING([if we will use crypto]) +AC_MSG_CHECKING([if we will link to ssl library]) AC_MSG_RESULT([$ntp_openssl]) case "$ntp_openssl" in @@ -539,7 +542,7 @@ case "$ntp_openssl" in dnl Adapting our code to the bold new way is not a priority dnl for us because we do not want to require OpenSSL 3 yet. dnl The deprecation warnings clutter up the build output - dnl encouraging the habit of ignoring warninis. + dnl encouraging the habit of ignoring warnings. dnl So, tell it to the hand, OpenSSL deprecation warnings... AC_DEFINE([OPENSSL_SUPPRESS_DEPRECATED], [1], [Suppress OpenSSL 3 deprecation warnings]) @@ -553,7 +556,7 @@ case "$ntp_openssl" in esac NTP_OPENSSL_VERBOSE_MSG([OpenSSL final checks:]) -NTP_OPENSSL_VERBOSE_MSG([ntp_openssl: $ntp_openssl]) +NTP_OPENSSL_VERBOSE_MSG([ntp_openssl: $ntp_openssl]) NTP_OPENSSL_VERBOSE_MSG([CPPFLAGS_NTP: ($CPPFLAGS_NTP)]) NTP_OPENSSL_VERBOSE_MSG([CFLAGS_NTP: ($CFLAGS_NTP)]) NTP_OPENSSL_VERBOSE_MSG([LDADD_NTP: ($LDADD_NTP)]) @@ -583,4 +586,14 @@ AS_UNSET([ntp_ssl_ldflags]) ]) dnl end of AC_DEFUN([NTP_OPENSSL]) +dnl +AC_DEFUN( + [NTP_OPENSSL_VERBOSE_MSG], + [dnl + case "$enable_verbose_ssl" in + yes) AC_MSG_NOTICE([$1]) + esac + ] +) +dnl dnl ====================================================================== diff --git a/tests/libntp/calendar.c b/tests/libntp/calendar.c index ea24b3ddd..f7d4bee7d 100644 --- a/tests/libntp/calendar.c +++ b/tests/libntp/calendar.c @@ -1015,7 +1015,7 @@ test_CalIMod7(void) */ void -test_RellezCentury1_1() +test_RellezCentury1_1(void) { /* 1st day of a century */ TEST_ASSERT_EQUAL(1901, ntpcal_expand_century( 1, 1, 1, CAL_TUESDAY )); @@ -1029,7 +1029,7 @@ test_RellezCentury1_1() } void -test_RellezCentury3_1() +test_RellezCentury3_1(void) { /* 1st day in March of a century (the tricky point) */ TEST_ASSERT_EQUAL(1901, ntpcal_expand_century( 1, 3, 1, CAL_FRIDAY )); @@ -1043,7 +1043,7 @@ test_RellezCentury3_1() } void -test_RellezYearZero() +test_RellezYearZero(void) { /* the infamous year zero */ TEST_ASSERT_EQUAL(1900, ntpcal_expand_century( 0, 1, 1, CAL_MONDAY )); diff --git a/tests/libntp/clocktime.c b/tests/libntp/clocktime.c index ed2d4b2b1..50934273f 100644 --- a/tests/libntp/clocktime.c +++ b/tests/libntp/clocktime.c @@ -28,7 +28,7 @@ void test_AlwaysInLimit(void); */ void -setUp() +setUp(void) { ntpcal_set_timefunc(timefunc); settime(2000, 1, 1, 0, 0, 0); @@ -37,7 +37,7 @@ setUp() } void -tearDown() +tearDown(void) { ntpcal_set_timefunc(NULL); diff --git a/tests/libntp/refnumtoa.c b/tests/libntp/refnumtoa.c index 9db5fb11d..73b902657 100644 --- a/tests/libntp/refnumtoa.c +++ b/tests/libntp/refnumtoa.c @@ -6,9 +6,6 @@ #include "unity.h" -/* Might need to be updated if a new refclock gets this id. */ -static const int UNUSED_REFCLOCK_ID = 250; - void setUp(void); void test_LocalClock(void); void test_UnknownId(void); @@ -27,22 +24,21 @@ void test_LocalClock(void) { #ifdef REFCLOCK /* clockname() is useless otherwise */ /* We test with a refclock address of type LOCALCLOCK. - * with id 8 + * with unit id 8 */ - u_int32 addr = REFCLOCK_ADDR; - addr |= REFCLK_LOCALCLOCK << 8; - addr |= 0x8; - + const u_char unit = 8; + u_int32 addr; + char expected[100]; sockaddr_u address; - address.sa4.sin_family = AF_INET; - address.sa4.sin_addr.s_addr = htonl(addr); - char stringStart[100]= ""; - - strcat(stringStart, clockname(REFCLK_LOCALCLOCK)); - strcat(stringStart, "(8)"); + addr = REFCLOCK_ADDR; + addr |= REFCLK_LOCALCLOCK << 8; + addr |= unit; - char * expected = stringStart; + AF(&address) = AF_INET; + NSRCADR(&address) = htonl(addr); + snprintf(expected, sizeof(expected), "%s(%u)", + clockname(REFCLK_LOCALCLOCK), unit); TEST_ASSERT_EQUAL_STRING(expected, refnumtoa(&address)); #else @@ -54,20 +50,22 @@ void test_UnknownId(void) { #ifdef REFCLOCK /* refnumtoa() is useless otherwise */ /* We test with a currently unused refclock ID */ - u_int32 addr = REFCLOCK_ADDR; + /* Might need to be updated if a new refclock gets this id. */ + const u_char UNUSED_REFCLOCK_ID = 250; + const u_char unit = 4; + u_int32 addr; + char expected[100]; + sockaddr_u address; + + addr = REFCLOCK_ADDR; addr |= UNUSED_REFCLOCK_ID << 8; - addr |= 0x4; + addr |= unit; - sockaddr_u address; - address.sa4.sin_family = AF_INET; - address.sa4.sin_addr.s_addr = htonl(addr); - - char stringStart[100]= "REFCLK("; - char value[100] ; - snprintf(value, sizeof(value), "%d", UNUSED_REFCLOCK_ID); - strcat(stringStart,value); - strcat(stringStart,",4)"); - char * expected = stringStart; + AF(&address) = AF_INET; + NSRCADR(&address) = htonl(addr); + + snprintf(expected, sizeof(expected), "REFCLK(%u,%u)", + UNUSED_REFCLOCK_ID, unit); TEST_ASSERT_EQUAL_STRING(expected, refnumtoa(&address)); #else diff --git a/util/ntp-keygen.c b/util/ntp-keygen.c index ff9d6cad8..c9c0ff9ef 100644 --- a/util/ntp-keygen.c +++ b/util/ntp-keygen.c @@ -409,11 +409,11 @@ main( iffkey++; if (HAVE_OPT( MV_PARAMS )) { - mvkey++; + mvkey++; /* DLH are these two swapped? */ nkeys = OPT_VALUE_MV_PARAMS; } if (HAVE_OPT( MV_KEYS )) { - mvpar++; + mvpar++; /* not used! */ /* DLH are these two swapped? */ nkeys = OPT_VALUE_MV_KEYS; } @@ -642,12 +642,13 @@ main( } } if (pkey_gqkey != NULL) { - RSA *rsa; - const BIGNUM *q; + RSA *rsa; + const BIGNUM *q; - rsa = EVP_PKEY_get0_RSA(pkey_gqkey); + rsa = EVP_PKEY_get1_RSA(pkey_gqkey); RSA_get0_factors(rsa, NULL, &q); grpkey = BN_bn2hex(q); + RSA_free(rsa); } /* @@ -664,17 +665,19 @@ main( filename); fprintf(stdout, "# %s\n# %s\n", filename, ctime(&epoch)); - /* XXX: This modifies the private key and should probably use a - * copy of it instead. */ - rsa = EVP_PKEY_get0_RSA(pkey_gqkey); + rsa = EVP_PKEY_get1_RSA(pkey_gqkey); RSA_set0_factors(rsa, BN_dup(BN_value_one()), BN_dup(BN_value_one())); pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, rsa); PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); fflush(stdout); - if (debug) + if (debug) { RSA_print_fp(stderr, rsa, 0); + } + EVP_PKEY_free(pkey); + pkey = NULL; + RSA_free(rsa); } /* @@ -689,14 +692,18 @@ main( filename); fprintf(stdout, "# %s\n# %s\n", filename, ctime(&epoch)); - rsa = EVP_PKEY_get0_RSA(pkey_gqkey); + rsa = EVP_PKEY_get1_RSA(pkey_gqkey); pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, rsa); PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, NULL, passwd2); fflush(stdout); - if (debug) + if (debug) { RSA_print_fp(stderr, rsa, 0); + } + EVP_PKEY_free(pkey); + pkey = NULL; + RSA_free(rsa); } /* @@ -730,17 +737,19 @@ main( filename); fprintf(stdout, "# %s\n# %s\n", filename, ctime(&epoch)); - /* XXX: This modifies the private key and should probably use a - * copy of it instead. */ - dsa = EVP_PKEY_get0_DSA(pkey_iffkey); + dsa = EVP_PKEY_get1_DSA(pkey_iffkey); DSA_set0_key(dsa, NULL, BN_dup(BN_value_one())); pkey = EVP_PKEY_new(); EVP_PKEY_assign_DSA(pkey, dsa); PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); fflush(stdout); - if (debug) + if (debug) { DSA_print_fp(stderr, dsa, 0); + } + EVP_PKEY_free(pkey); + pkey = NULL; + DSA_free(dsa); } /* @@ -755,14 +764,18 @@ main( filename); fprintf(stdout, "# %s\n# %s\n", filename, ctime(&epoch)); - dsa = EVP_PKEY_get0_DSA(pkey_iffkey); + dsa = EVP_PKEY_get1_DSA(pkey_iffkey); pkey = EVP_PKEY_new(); EVP_PKEY_assign_DSA(pkey, dsa); PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, NULL, passwd2); fflush(stdout); - if (debug) + if (debug) { DSA_print_fp(stderr, dsa, 0); + } + EVP_PKEY_free(pkey); + pkey = NULL; + DSA_free(dsa); } /* @@ -799,8 +812,9 @@ main( PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); fflush(stdout); - if (debug) + if (debug) { DSA_print_fp(stderr, EVP_PKEY_get0_DSA(pkey), 0); + } } /* @@ -817,8 +831,9 @@ main( PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, NULL, passwd2); fflush(stdout); - if (debug) + if (debug) { DSA_print_fp(stderr, EVP_PKEY_get0_DSA(pkey), 0); + } } /* @@ -830,7 +845,7 @@ main( fprintf(stderr, "Invalid digest/signature combination %s\n", scheme); - exit (-1); + exit (-1); } x509(pkey_sign, ectx, grpkey, exten, certname); #endif /* AUTOKEY */