From: Dave Hart Date: Sat, 7 Nov 2009 19:27:11 +0000 (+0000) Subject: Merge bk://www.ntp.org/ntp-dev X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=34607eda80147f1e44a93dff22e52652903da3e9;p=thirdparty%2Fntp.git Merge bk://www.ntp.org/ntp-dev into shiny.ad.hartbrothers.com:C:/ntp/ntp-dev-vc9-openssl bk: 4af5ca0frUwVO452e-z5VbJsJI9AAw --- 34607eda80147f1e44a93dff22e52652903da3e9 diff --cc ChangeLog index 1d70f1fe7a,3e08967962..8913a986a1 --- a/ChangeLog +++ b/ChangeLog @@@ -1,7 -1,5 +1,9 @@@ + * [Bug 1366] ioctl(TIOCSCTTY, 0) fails on NetBSD *[0-2].* > 3.99.7. + * CID 87 dead code in ntpq.c atoascii(). +(4.2.5p241-RC) 2009/11/07 Released by Harlan Stenn +* html/authopt.html update from Dave Mills. +* Remove unused file from sntp/Makefile.am's distribution list. +* new crypto signature cleanup. (4.2.5p240-RC) 2009/11/05 Released by Harlan Stenn * [Bug 1364] clock_gettime() not detected, need -lrt on Debian 5.0.3. * Provide all of OpenSSL's signature methods for ntp.keys (FIPS 140-2). diff --cc libntp/a_md5encrypt.c index 8d03890748,2a8cb3957d..3874451975 --- a/libntp/a_md5encrypt.c +++ b/libntp/a_md5encrypt.c @@@ -37,12 -40,13 +37,13 @@@ MD5authencrypt #endif /* OPENSSL */ /* - * MD5 with key identifier concatenated with packet. + * Compute digest of key concatenated with packet. Note: the + * key type and digest type have been verified when the key + * was creaded. */ #ifdef OPENSSL - INIT_SSL(NULL); - digest_type = EVP_get_digestbynid(type); - NTP_INSIST(digest_type != NULL); - EVP_DigestInit(&ctx, digest_type); ++ INIT_SSL(); + EVP_DigestInit(&ctx, EVP_get_digestbynid(type)); EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen); EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length); EVP_DigestFinal(&ctx, digest, &len); @@@ -80,12 -85,14 +81,13 @@@ MD5authdecrypt #endif /* OPENSSL */ /* - * MD5 with key identifier concatenated with packet. + * Compute digest of key concatenated with packet. Note: the + * key type and digest type have been verified when the key + * was created. */ #ifdef OPENSSL + INIT_SSL(NULL); - digest_type = EVP_get_digestbynid(type); - NTP_INSIST(digest_type != NULL); - EVP_DigestInit(&ctx, digest_type); + EVP_DigestInit(&ctx, EVP_get_digestbynid(type)); EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen); EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length); EVP_DigestFinal(&ctx, digest, &len); @@@ -96,11 -103,9 +98,11 @@@ MD5Final(digest, &md5); len = 16; #endif /* OPENSSL */ - if ((unsigned)size != len + 4) { - if ((u_int)size != len + 4) ++ if ((u_int)size != len + 4) { + msyslog(LOG_ERR, + "MAC decrypt: MAC length error"); return (0); - + } return (!memcmp(digest, (char *)pkt + length + 4, len)); } @@@ -125,7 -131,10 +128,8 @@@ addr2refid(sockaddr_u *addr return (NSRCADR(addr)); #ifdef OPENSSL - EVP_DigestInit(&ctx, EVP_md5()); - INIT_SSL(NULL); - digest_type = EVP_md5(); - NTP_INSIST(digest_type != NULL); - EVP_DigestInit(&ctx, digest_type); ++ INIT_SSL(); ++ EVP_DigestInit(&ctx, EVP_get_digestbynid(NID_md5)); EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr), sizeof(struct in6_addr)); EVP_DigestFinal(&ctx, digest, &len); diff --cc libntp/authreadkeys.c index f0e0645e19,052cccd21d..9c9ad27295 --- a/libntp/authreadkeys.c +++ b/libntp/authreadkeys.c @@@ -81,14 -81,10 +81,11 @@@ authreadkeys */ fp = fopen(file, "r"); if (fp == NULL) { - msyslog(LOG_ERR, "can't open key file %s: %m", file); + msyslog(LOG_ERR, "authreadkeys: file %s: %m", + file); return (0); } - #ifdef OPENSSL - OpenSSL_add_all_algorithms(); - #endif /* OPENSSL */ - + INIT_SSL(); /* * Remove all existing keys @@@ -171,12 -159,11 +168,13 @@@ * Finally, get key and insert it */ token = nexttok(&line); - if (token == NULL) - msyslog(LOG_ERR, "no key for key %ld", keyno); - else - MD5auth_setkey(keyno, keytype, (u_char *)token, - strlen(token)); + if (token == NULL) { + msyslog(LOG_ERR, + "authreadkeys: no key for key %d", keyno); + continue; + } - MD5auth_setkey(keyno, keytype, token, strlen(token)); ++ MD5auth_setkey(keyno, keytype, (u_char *)token, ++ strlen(token)); } fclose(fp); return (1);