From: Dave Hart Date: Mon, 19 Jul 2010 16:58:15 +0000 (+0000) Subject: [Bug 1588] finish configure --disable-autokey implementation, X-Git-Tag: NTP_4_2_7P47~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5cdb1caa6e5344183b6ab273c7a70fd8f43c8d33;p=thirdparty%2Fntp.git [Bug 1588] finish configure --disable-autokey implementation, add --disable-autokey to flock-build -no-refclocks flavor. bk: 4c448427kmyvrz1mfyhOdbC1vN2Inw --- diff --git a/ChangeLog b/ChangeLog index f2885606c..900df0a74 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,4 @@ +* [Bug 1588] finish configure --disable-autokey implementation. (4.2.7p40) 2010/07/12 Released by Harlan Stenn * [Bug 1395] ease ntpdate elimination with ntpd -w/--wait-sync * [Bug 1396] allow servers on ntpd command line like ntpdate diff --git a/configure.ac b/configure.ac index 313e4bb3c..0a4e838c3 100644 --- a/configure.ac +++ b/configure.ac @@ -3251,7 +3251,7 @@ AC_ARG_ENABLE( [autokey], AS_HELP_STRING( [--enable-autokey], - [+ Experimental disabling of NTP Autokey protocol] + [+ support NTP Autokey protocol] ), [ntp_autokey=$enableval], [ntp_autokey=$ntp_openssl] diff --git a/flock-build b/flock-build index 1756cc4a0..83dadea53 100755 --- a/flock-build +++ b/flock-build @@ -76,8 +76,9 @@ do case "1" in 0) ssh $i "cd $c_d ; ./build $SIG $PARSE $STD $BUILD_ARGS" & + ssh $i "cd $c_d ; ./build $SIG $PARSE $STD --disable-debugging $BUILD_ARGS" & ssh $i "cd $c_d ; ./build $SIG $PARSE $STD --without-crypto $BUILD_ARGS" & - ssh $i "cd $c_d ; ./build $SIG $STD --disable-all-clocks $BUILD_ARGS" & + ssh $i "cd $c_d ; ./build $SIG $STD --disable-all-clocks --disable-autokey $BUILD_ARGS" & ;; 1) cat > .flockbuild-$i-$SIG <<-ENDQUOT @@ -110,7 +111,7 @@ do echo \`date -u '+%H:%M:%S'\` $i started build \$COUNT of 4 [ 0 -lt \`expr \$COUNT % $PARALLEL_BUILDS\` ] || wait - ./build $SIG $STD --disable-all-clocks $BUILD_ARGS & + ./build $SIG $STD --disable-all-clocks --disable-autokey $BUILD_ARGS & COUNT=\`expr \$COUNT + 1\` echo \`date -u '+%H:%M:%S'\` $i started build \$COUNT of 4 diff --git a/include/ntp.h b/include/ntp.h index 5d6ac934e..d4a051aea 100644 --- a/include/ntp.h +++ b/include/ntp.h @@ -11,9 +11,7 @@ #include #include #include -#ifdef OPENSSL #include -#endif /* OPENSSL */ #include #include @@ -297,7 +295,7 @@ struct peer { * Variables used by authenticated client */ keyid_t keyid; /* current key ID */ -#ifdef OPENSSL +#ifdef AUTOKEY #define clear_to_zero opcode u_int32 opcode; /* last request opcode */ associd_t assoc; /* peer association ID */ @@ -325,9 +323,9 @@ struct peer { int keynumber; /* current key number */ struct value encrypt; /* send encrypt values */ struct value sndval; /* send autokey values */ -#else /* OPENSSL */ +#else /* !AUTOKEY follows */ #define clear_to_zero status -#endif /* OPENSSL */ +#endif /* !AUTOKEY */ /* * Ephemeral state variables @@ -558,11 +556,11 @@ struct pkt { * octets. But, to handle humungus certificates, the bank must * be broke. */ -#ifdef OPENSSL +#ifdef AUTOKEY u_int32 exten[NTP_MAXEXTEN / 4]; /* max extension field */ -#else /* OPENSSL */ +#else /* !AUTOKEY follows */ u_int32 exten[1]; /* misused */ -#endif /* OPENSSL */ +#endif /* !AUTOKEY */ u_char mac[MAX_MAC_LEN]; /* mac */ }; diff --git a/include/ntp_control.h b/include/ntp_control.h index 3b0156b30..0e94a58c3 100644 --- a/include/ntp_control.h +++ b/include/ntp_control.h @@ -149,121 +149,122 @@ struct ntp_control { /* * System variables we understand */ -#define CS_LEAP 1 -#define CS_STRATUM 2 -#define CS_PRECISION 3 -#define CS_ROOTDELAY 4 +#define CS_LEAP 1 +#define CS_STRATUM 2 +#define CS_PRECISION 3 +#define CS_ROOTDELAY 4 #define CS_ROOTDISPERSION 5 -#define CS_REFID 6 -#define CS_REFTIME 7 -#define CS_POLL 8 -#define CS_PEERID 9 -#define CS_OFFSET 10 -#define CS_DRIFT 11 -#define CS_JITTER 12 -#define CS_ERROR 13 -#define CS_CLOCK 14 -#define CS_PROCESSOR 15 -#define CS_SYSTEM 16 -#define CS_VERSION 17 -#define CS_STABIL 18 -#define CS_VARLIST 19 -#define CS_TAI 20 -#define CS_LEAPTAB 21 -#define CS_LEAPEND 22 -#define CS_RATE 23 -#define CS_MRU_ENABLED 24 -#define CS_MRU_DEPTH 25 -#define CS_MRU_DEEPEST 26 -#define CS_MRU_MINDEPTH 27 -#define CS_MRU_MAXAGE 28 -#define CS_MRU_MAXDEPTH 29 -#define CS_MRU_MEM 30 -#define CS_MRU_MAXMEM 31 -#define CS_SS_UPTIME 32 -#define CS_SS_RESET 33 -#define CS_SS_RECEIVED 34 -#define CS_SS_THISVER 35 -#define CS_SS_OLDVER 36 -#define CS_SS_BADFORMAT 37 -#define CS_SS_BADAUTH 38 -#define CS_SS_DECLINED 39 -#define CS_SS_RESTRICTED 40 -#define CS_SS_LIMITED 41 -#define CS_SS_KODSENT 42 -#define CS_SS_PROCESSED 43 -#define CS_MAX_NOSSL CS_SS_PROCESSED -#ifdef OPENSSL -#define CS_FLAGS (1 + CS_MAX_NOSSL) -#define CS_HOST (2 + CS_MAX_NOSSL) -#define CS_PUBLIC (3 + CS_MAX_NOSSL) -#define CS_CERTIF (4 + CS_MAX_NOSSL) -#define CS_SIGNATURE (5 + CS_MAX_NOSSL) -#define CS_REVTIME (6 + CS_MAX_NOSSL) -#define CS_GROUP (7 + CS_MAX_NOSSL) -#define CS_DIGEST (8 + CS_MAX_NOSSL) -#define CS_MAXCODE CS_DIGEST -#else -#define CS_MAXCODE CS_MAX_NOSSL -#endif /* OPENSSL */ +#define CS_REFID 6 +#define CS_REFTIME 7 +#define CS_POLL 8 +#define CS_PEERID 9 +#define CS_OFFSET 10 +#define CS_DRIFT 11 +#define CS_JITTER 12 +#define CS_ERROR 13 +#define CS_CLOCK 14 +#define CS_PROCESSOR 15 +#define CS_SYSTEM 16 +#define CS_VERSION 17 +#define CS_STABIL 18 +#define CS_VARLIST 19 +#define CS_TAI 20 +#define CS_LEAPTAB 21 +#define CS_LEAPEND 22 +#define CS_RATE 23 +#define CS_MRU_ENABLED 24 +#define CS_MRU_DEPTH 25 +#define CS_MRU_DEEPEST 26 +#define CS_MRU_MINDEPTH 27 +#define CS_MRU_MAXAGE 28 +#define CS_MRU_MAXDEPTH 29 +#define CS_MRU_MEM 30 +#define CS_MRU_MAXMEM 31 +#define CS_SS_UPTIME 32 +#define CS_SS_RESET 33 +#define CS_SS_RECEIVED 34 +#define CS_SS_THISVER 35 +#define CS_SS_OLDVER 36 +#define CS_SS_BADFORMAT 37 +#define CS_SS_BADAUTH 38 +#define CS_SS_DECLINED 39 +#define CS_SS_RESTRICTED 40 +#define CS_SS_LIMITED 41 +#define CS_SS_KODSENT 42 +#define CS_SS_PROCESSED 43 +#define CS_MAX_NOAUTOKEY CS_SS_PROCESSED +#ifdef AUTOKEY +#define CS_FLAGS (1 + CS_MAX_NOAUTOKEY) +#define CS_HOST (2 + CS_MAX_NOAUTOKEY) +#define CS_PUBLIC (3 + CS_MAX_NOAUTOKEY) +#define CS_CERTIF (4 + CS_MAX_NOAUTOKEY) +#define CS_SIGNATURE (5 + CS_MAX_NOAUTOKEY) +#define CS_REVTIME (6 + CS_MAX_NOAUTOKEY) +#define CS_GROUP (7 + CS_MAX_NOAUTOKEY) +#define CS_DIGEST (8 + CS_MAX_NOAUTOKEY) +#define CS_MAXCODE CS_DIGEST +#else /* !AUTOKEY follows */ +#define CS_MAXCODE CS_MAX_NOAUTOKEY +#endif /* !AUTOKEY */ /* * Peer variables we understand */ -#define CP_CONFIG 1 -#define CP_AUTHENABLE 2 -#define CP_AUTHENTIC 3 -#define CP_SRCADR 4 -#define CP_SRCPORT 5 -#define CP_DSTADR 6 -#define CP_DSTPORT 7 -#define CP_LEAP 8 -#define CP_HMODE 9 -#define CP_STRATUM 10 -#define CP_PPOLL 11 -#define CP_HPOLL 12 -#define CP_PRECISION 13 -#define CP_ROOTDELAY 14 +#define CP_CONFIG 1 +#define CP_AUTHENABLE 2 +#define CP_AUTHENTIC 3 +#define CP_SRCADR 4 +#define CP_SRCPORT 5 +#define CP_DSTADR 6 +#define CP_DSTPORT 7 +#define CP_LEAP 8 +#define CP_HMODE 9 +#define CP_STRATUM 10 +#define CP_PPOLL 11 +#define CP_HPOLL 12 +#define CP_PRECISION 13 +#define CP_ROOTDELAY 14 #define CP_ROOTDISPERSION 15 -#define CP_REFID 16 -#define CP_REFTIME 17 -#define CP_ORG 18 -#define CP_REC 19 -#define CP_XMT 20 -#define CP_REACH 21 -#define CP_UNREACH 22 -#define CP_TIMER 23 -#define CP_DELAY 24 -#define CP_OFFSET 25 -#define CP_JITTER 26 -#define CP_DISPERSION 27 -#define CP_KEYID 28 -#define CP_FILTDELAY 29 -#define CP_FILTOFFSET 30 -#define CP_PMODE 31 -#define CP_RECEIVED 32 -#define CP_SENT 33 -#define CP_FILTERROR 34 -#define CP_FLASH 35 -#define CP_TTL 36 -#define CP_VARLIST 37 -#define CP_IN 38 -#define CP_OUT 39 -#define CP_RATE 40 -#define CP_BIAS 41 -#define CP_SRCHOST 42 -#ifdef OPENSSL -#define CP_FLAGS 43 -#define CP_HOST 44 -#define CP_VALID 45 -#define CP_INITSEQ 46 -#define CP_INITKEY 47 -#define CP_INITTSP 48 -#define CP_SIGNATURE 49 -#define CP_MAXCODE CP_SIGNATURE -#else -#define CP_MAXCODE CP_SRCHOST -#endif /* OPENSSL */ +#define CP_REFID 16 +#define CP_REFTIME 17 +#define CP_ORG 18 +#define CP_REC 19 +#define CP_XMT 20 +#define CP_REACH 21 +#define CP_UNREACH 22 +#define CP_TIMER 23 +#define CP_DELAY 24 +#define CP_OFFSET 25 +#define CP_JITTER 26 +#define CP_DISPERSION 27 +#define CP_KEYID 28 +#define CP_FILTDELAY 29 +#define CP_FILTOFFSET 30 +#define CP_PMODE 31 +#define CP_RECEIVED 32 +#define CP_SENT 33 +#define CP_FILTERROR 34 +#define CP_FLASH 35 +#define CP_TTL 36 +#define CP_VARLIST 37 +#define CP_IN 38 +#define CP_OUT 39 +#define CP_RATE 40 +#define CP_BIAS 41 +#define CP_SRCHOST 42 +#define CP_MAX_NOAUTOKEY CP_SRCHOST +#ifdef AUTOKEY +#define CP_FLAGS (1 + CP_MAX_NOAUTOKEY) +#define CP_HOST (2 + CP_MAX_NOAUTOKEY) +#define CP_VALID (3 + CP_MAX_NOAUTOKEY) +#define CP_INITSEQ (4 + CP_MAX_NOAUTOKEY) +#define CP_INITKEY (5 + CP_MAX_NOAUTOKEY) +#define CP_INITTSP (6 + CP_MAX_NOAUTOKEY) +#define CP_SIGNATURE (7 + CP_MAX_NOAUTOKEY) +#define CP_MAXCODE CP_SIGNATURE +#else /* !AUTOKEY follows */ +#define CP_MAXCODE CP_MAX_NOAUTOKEY +#endif /* !AUTOKEY */ /* * Clock variables we understand diff --git a/include/ntp_crypto.h b/include/ntp_crypto.h index 501174d54..5d8dbdb26 100644 --- a/include/ntp_crypto.h +++ b/include/ntp_crypto.h @@ -5,7 +5,7 @@ #define NTP_CRYPTO_H /* - * Configuration codes (also needed for parser without OPENSSL) + * Configuration codes (also needed for parser without AUTOKEY) */ #define CRYPTO_CONF_NONE 0 /* nothing doing */ #define CRYPTO_CONF_PRIV 1 /* host keys file name */ @@ -19,9 +19,15 @@ #define CRYPTO_CONF_IDENT 9 /* specify identity scheme */ #define CRYPTO_CONF_NID 10 /* specify digest name */ -#ifdef OPENSSL +#ifdef AUTOKEY +#ifndef OPENSSL +#error AUTOKEY should be defined only if OPENSSL is. +invalidsyntax: AUTOKEY should be defined only if OPENSSL is. +#endif + #include "openssl/evp.h" + /* * The following bits are set by the CRYPTO_ASSOC message from * the server and are not modified by the client. @@ -179,10 +185,5 @@ extern int crypto_nid; /* digest nid */ extern struct value hostval; /* host name/value */ extern struct cert_info *cinfo; /* host certificate information */ extern struct value tai_leap; /* leapseconds table */ -#else /* ! OPENSSL follows */ -#ifdef AUTOKEY -#error AUTOKEY should be defined only if OPENSSL is. -invalidsyntax: AUTOKEY should be defined only if OPENSSL is. -#endif -#endif /* OPENSSL */ +#endif /* AUTOKEY */ #endif /* NTP_CRYPTO_H */ diff --git a/include/ntp_md5.h b/include/ntp_md5.h index 458962fda..7cb36f89e 100644 --- a/include/ntp_md5.h +++ b/include/ntp_md5.h @@ -3,20 +3,25 @@ * * Use the system MD5 if available, otherwise libisc's. */ -#if defined HAVE_MD5_H && defined HAVE_MD5INIT -# include -#else -# include "isc/md5.h" - typedef isc_md5_t MD5_CTX; -# define MD5Init(c) isc_md5_init(c) -# define MD5Update(c, p, s) isc_md5_update(c, p, s) -# define MD5Final(d, c) isc_md5_final((c), (d)) /* swapped */ -#endif +#ifndef NTP_MD5_H +#define NTP_MD5_H +#ifdef OPENSSL +# include "openssl/evp.h" +#else /* !OPENSSL follows */ /* * Provide OpenSSL-alike MD5 API if we're not using OpenSSL */ -#ifndef OPENSSL +# if defined HAVE_MD5_H && defined HAVE_MD5INIT +# include +# else +# include "isc/md5.h" + typedef isc_md5_t MD5_CTX; +# define MD5Init(c) isc_md5_init(c) +# define MD5Update(c, p, s) isc_md5_update(c, p, s) +# define MD5Final(d, c) isc_md5_final((c), (d)) /* swapped */ +# endif + typedef MD5_CTX EVP_MD_CTX; # define EVP_get_digestbynid(t) NULL # define EVP_DigestInit(c, dt) MD5Init(c) @@ -26,4 +31,5 @@ MD5Final((d), (c)); \ *(pdl) = 16; \ } while (0) -#endif +# endif /* !OPENSSL */ +#endif /* NTP_MD5_H */ diff --git a/include/ntpd.h b/include/ntpd.h index 091efec99..107714b70 100644 --- a/include/ntpd.h +++ b/include/ntpd.h @@ -200,7 +200,7 @@ extern int score_all (struct peer *); extern struct peer *findmanycastpeer(struct recvbuf *); /* ntp_crypto.c */ -#ifdef OPENSSL +#ifdef AUTOKEY extern int crypto_recv (struct peer *, struct recvbuf *); extern int crypto_xmit (struct peer *, struct pkt *, struct recvbuf *, int, @@ -223,7 +223,7 @@ extern EVP_PKEY *gqpar_pkey; extern char *mvpar_file; extern EVP_PKEY *mvpar_pkey; extern struct value tai_leap; -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* ntp_proto.c */ extern void transmit (struct peer *); @@ -278,13 +278,13 @@ extern void timer_interfacetimeout (u_long); extern volatile int interface_interval; extern u_long worker_idle_timer; /* next check current_time */ extern u_long orphwait; /* orphan wait time */ -#ifdef OPENSSL +#ifdef AUTOKEY extern char *sys_hostname; /* host name */ extern char *sys_groupname; /* group name */ extern char *group_name; /* group name */ extern u_long sys_revoke; /* keys revoke timeout */ extern u_long sys_automax; /* session key timeout */ -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* ntp_util.c */ extern void init_util (void); diff --git a/libntp/a_md5encrypt.c b/libntp/a_md5encrypt.c index 05c109a9f..dc23fce38 100644 --- a/libntp/a_md5encrypt.c +++ b/libntp/a_md5encrypt.c @@ -9,11 +9,7 @@ #include "ntp_string.h" #include "ntp_stdlib.h" #include "ntp.h" -#ifdef OPENSSL -# include "openssl/evp.h" -#else -# include "ntp_md5.h" /* provides clone of OpenSSL MD5 API */ -#endif +#include "ntp_md5.h" /* provides OpenSSL digest API */ /* * MD5authencrypt - generate message digest diff --git a/libntp/authreadkeys.c b/libntp/authreadkeys.c index 063515ee0..192dd25d3 100644 --- a/libntp/authreadkeys.c +++ b/libntp/authreadkeys.c @@ -12,7 +12,8 @@ #ifdef OPENSSL #include "openssl/objects.h" -#endif /* OPENSSL */ +#include "openssl/evp.h" +#endif /* OPENSSL */ /* Forwards */ static char *nexttok (char **); @@ -34,7 +35,7 @@ nexttok( * Space past white space */ while (*cp == ' ' || *cp == '\t') - cp++; + cp++; /* * Save this and space to end of token @@ -42,19 +43,19 @@ nexttok( starttok = cp; while (*cp != '\0' && *cp != '\n' && *cp != ' ' && *cp != '\t' && *cp != '#') - cp++; + cp++; /* * If token length is zero return an error, else set end of * token to zero and return start. */ if (starttok == cp) - return (NULL); + return NULL; if (*cp == ' ' || *cp == '\t') - *cp++ = '\0'; + *cp++ = '\0'; else - *cp = '\0'; + *cp = '\0'; *str = cp; return starttok; @@ -147,7 +148,7 @@ authreadkeys( "authreadkeys: no algorithm for key %d", keyno); continue; } -#else /* OPENSSL */ +#else /* !OPENSSL follows */ /* * The key type is unused, but is required to be 'M' or @@ -159,7 +160,7 @@ authreadkeys( continue; } keytype = KEY_TYPE_MD5; -#endif /* OPENSSL */ +#endif /* !OPENSSL */ /* * Finally, get key and insert it. If it is longer than 20 diff --git a/libntp/ssl_init.c b/libntp/ssl_init.c index 7aa5115b8..db2043ac0 100644 --- a/libntp/ssl_init.c +++ b/libntp/ssl_init.c @@ -15,6 +15,7 @@ #ifdef OPENSSL #include "openssl/err.h" #include "openssl/rand.h" +#include "openssl/evp.h" int ssl_init_done; diff --git a/libntp/statestr.c b/libntp/statestr.c index 618347aed..6edc859fb 100644 --- a/libntp/statestr.c +++ b/libntp/statestr.c @@ -155,7 +155,7 @@ struct codestring peer_codes[] = { { -1, "" } }; -#ifdef OPENSSL +#ifdef AUTOKEY /* * Crypto events (cryp) */ @@ -179,7 +179,7 @@ struct codestring crypto_codes[] = { { XEVNT_ERR & ~CRPT_EVENT, "protocol_error" }, { -1, "" } }; -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* Forwards */ static const char *getcode (int, struct codestring *); @@ -313,10 +313,10 @@ eventstr( { if (num & PEER_EVENT) return (getcode(num & ~PEER_EVENT, peer_codes)); -#ifdef OPENSSL +#ifdef AUTOKEY else if (num & CRPT_EVENT) return (getcode(num & ~CRPT_EVENT, crypto_codes)); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ else return (getcode(num, sys_codes)); } diff --git a/ntpd/ntp_config.c b/ntpd/ntp_config.c index 5a9059d87..9a9bef8d1 100644 --- a/ntpd/ntp_config.c +++ b/ntpd/ntp_config.c @@ -555,7 +555,7 @@ dump_config_tree( /* ints */ case T_Calldelay: -#ifdef OPENSSL +#ifdef AUTOKEY case T_Automax: #endif fprintf(df, "%s %d\n", @@ -1765,12 +1765,12 @@ config_auth( ntp_u_int16_t ulast; ntp_u_int16_t u; struct attr_val *my_val; -#ifdef OPENSSL +#ifdef AUTOKEY int item; #endif /* Crypto Command */ -#ifdef OPENSSL +#ifdef AUTOKEY item = -1; /* quiet warning */ my_val = queue_head(ptree->auth.crypto_cmd_list); while (my_val != NULL) { @@ -1807,7 +1807,7 @@ config_auth( crypto_config(item, my_val->value.s); my_val = next_node(my_val); } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* Keysdir Command */ if (ptree->auth.keysdir) { @@ -1824,12 +1824,12 @@ config_auth( ntp_signd_socket = estrdup(ptree->auth.ntp_signd_socket); } -#ifdef OPENSSL +#ifdef AUTOKEY if (ptree->auth.cryptosw && !cryptosw) { crypto_setup(); cryptosw = 1; } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* Keys Command */ if (ptree->auth.keys) @@ -1859,11 +1859,11 @@ config_auth( } } -#ifdef OPENSSL +#ifdef AUTOKEY /* crypto revoke command */ if (ptree->auth.revoke) sys_revoke = ptree->auth.revoke; -#endif /* OPENSSL */ +#endif /* AUTOKEY */ } @@ -3468,7 +3468,7 @@ config_vars( break; case T_Automax: -#ifdef OPENSSL +#ifdef AUTOKEY sys_automax = curr_var->value.i; #endif break; diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c index c742c97bd..39d17772a 100644 --- a/ntpd/ntp_control.c +++ b/ntpd/ntp_control.c @@ -15,6 +15,7 @@ #include "ntp_config.h" #include "ntp_crypto.h" #include "ntp_assert.h" +#include "ntp_md5.h" /* provides OpenSSL digest API */ #include #include @@ -26,12 +27,6 @@ #endif #include -#ifdef OPENSSL -# include "openssl/evp.h" -#else -# include "ntp_md5.h" /* provides clone of OpenSSL MD5 API */ -#endif - /* * Structure to hold request procedure information @@ -165,7 +160,7 @@ static struct ctl_var sys_var[] = { { CS_SS_LIMITED, RO, "ss_limited" }, /* 41 */ { CS_SS_KODSENT, RO, "ss_kodsent" }, /* 42 */ { CS_SS_PROCESSED, RO, "ss_processed" }, /* 43 */ -#ifdef OPENSSL +#ifdef AUTOKEY { CS_FLAGS, RO, "flags" }, /* 44 */ { CS_HOST, RO, "host" }, /* 45 */ { CS_PUBLIC, RO, "update" }, /* 46 */ @@ -174,11 +169,11 @@ static struct ctl_var sys_var[] = { { CS_REVTIME, RO, "until" }, /* 49 */ { CS_GROUP, RO, "group" }, /* 50 */ { CS_DIGEST, RO, "digest" }, /* 51 */ -#endif /* OPENSSL */ +#endif /* AUTOKEY */ { 0, EOV, "" } /* 44/52 */ }; -static struct ctl_var *ext_sys_var = (struct ctl_var *)0; +static struct ctl_var *ext_sys_var = NULL; /* * System variables we print by default (in fuzzball order, @@ -207,7 +202,7 @@ static u_char def_sys_var[] = { CS_TAI, CS_LEAPTAB, CS_LEAPEND, -#ifdef OPENSSL +#ifdef AUTOKEY CS_HOST, CS_GROUP, CS_FLAGS, @@ -215,7 +210,7 @@ static u_char def_sys_var[] = { CS_SIGNATURE, CS_PUBLIC, CS_CERTIF, -#endif /* OPENSSL */ +#endif /* AUTOKEY */ 0 }; @@ -267,7 +262,7 @@ static struct ctl_var peer_var[] = { { CP_RATE, RO, "headway" }, /* 40 */ { CP_BIAS, RO, "bias" }, /* 41 */ { CP_SRCHOST, RO, "srchost" }, /* 42 */ -#ifdef OPENSSL +#ifdef AUTOKEY { CP_FLAGS, RO, "flags" }, /* 43 */ { CP_HOST, RO, "host" }, /* 44 */ { CP_VALID, RO, "valid" }, /* 45 */ @@ -275,7 +270,7 @@ static struct ctl_var peer_var[] = { { CP_INITKEY, RO, "initkey" }, /* 47 */ { CP_INITTSP, RO, "timestamp" }, /* 48 */ { CP_SIGNATURE, RO, "signature" }, /* 49 */ -#endif /* OPENSSL */ +#endif /* AUTOKEY */ { 0, EOV, "" } /* 43/50 */ }; @@ -318,13 +313,13 @@ static u_char def_peer_var[] = { CP_FILTDELAY, CP_FILTOFFSET, CP_FILTERROR, -#ifdef OPENSSL +#ifdef AUTOKEY CP_HOST, CP_FLAGS, CP_SIGNATURE, CP_VALID, CP_INITSEQ, -#endif /* OPENSSL */ +#endif /* AUTOKEY */ 0 }; @@ -1410,38 +1405,43 @@ ctl_putsys( { l_fp tmp; char str[256]; + char buf[CTL_MAX_DATA_LEN]; u_int u; double kb; -#ifdef OPENSSL + char *s, *t, *be; + const char *ss; + int i; + struct ctl_var *k; +#ifdef AUTOKEY struct cert_info *cp; char cbuf[256]; -#endif /* OPENSSL */ +#endif /* AUTOKEY */ switch (varid) { - case CS_LEAP: + case CS_LEAP: ctl_putuint(sys_var[CS_LEAP].text, sys_leap); break; - case CS_STRATUM: + case CS_STRATUM: ctl_putuint(sys_var[CS_STRATUM].text, sys_stratum); break; - case CS_PRECISION: + case CS_PRECISION: ctl_putint(sys_var[CS_PRECISION].text, sys_precision); break; - case CS_ROOTDELAY: + case CS_ROOTDELAY: ctl_putdbl(sys_var[CS_ROOTDELAY].text, sys_rootdelay * 1e3); break; - case CS_ROOTDISPERSION: + case CS_ROOTDISPERSION: ctl_putdbl(sys_var[CS_ROOTDISPERSION].text, sys_rootdisp * 1e3); break; - case CS_REFID: + case CS_REFID: if (sys_stratum > 1 && sys_stratum < STRATUM_UNSPEC) ctl_putadr(sys_var[CS_REFID].text, sys_refid, NULL); else @@ -1449,15 +1449,15 @@ ctl_putsys( (char *)&sys_refid); break; - case CS_REFTIME: + case CS_REFTIME: ctl_putts(sys_var[CS_REFTIME].text, &sys_reftime); break; - case CS_POLL: + case CS_POLL: ctl_putuint(sys_var[CS_POLL].text, sys_poll); break; - case CS_PEERID: + case CS_PEERID: if (sys_peer == NULL) ctl_putuint(sys_var[CS_PEERID].text, 0); else @@ -1465,28 +1465,28 @@ ctl_putsys( sys_peer->associd); break; - case CS_OFFSET: + case CS_OFFSET: ctl_putdbl(sys_var[CS_OFFSET].text, last_offset * 1e3); break; - case CS_DRIFT: + case CS_DRIFT: ctl_putdbl(sys_var[CS_DRIFT].text, drift_comp * 1e6); break; - case CS_JITTER: + case CS_JITTER: ctl_putdbl(sys_var[CS_JITTER].text, sys_jitter * 1e3); break; - case CS_ERROR: + case CS_ERROR: ctl_putdbl(sys_var[CS_ERROR].text, clock_jitter * 1e3); break; - case CS_CLOCK: + case CS_CLOCK: get_systime(&tmp); ctl_putts(sys_var[CS_CLOCK].text, &tmp); break; - case CS_PROCESSOR: + case CS_PROCESSOR: #ifndef HAVE_UNAME ctl_putstr(sys_var[CS_PROCESSOR].text, str_processor, sizeof(str_processor) - 1); @@ -1496,7 +1496,7 @@ ctl_putsys( #endif /* HAVE_UNAME */ break; - case CS_SYSTEM: + case CS_SYSTEM: #ifndef HAVE_UNAME ctl_putstr(sys_var[CS_SYSTEM].text, str_system, sizeof(str_system) - 1); @@ -1507,108 +1507,97 @@ ctl_putsys( #endif /* HAVE_UNAME */ break; - case CS_VERSION: + case CS_VERSION: ctl_putstr(sys_var[CS_VERSION].text, Version, strlen(Version)); break; - case CS_STABIL: + case CS_STABIL: ctl_putdbl(sys_var[CS_STABIL].text, clock_stability * 1e6); break; - case CS_VARLIST: - { - char buf[CTL_MAX_DATA_LEN]; - register char *s, *t, *be; - register const char *ss; - register int i; - register struct ctl_var *k; - - s = buf; - be = buf + sizeof(buf); - if (s + strlen(sys_var[CS_VARLIST].text) + 4 > be) - break; /* really long var name */ + case CS_VARLIST: + s = buf; + be = buf + sizeof(buf); + if (s + strlen(sys_var[CS_VARLIST].text) + 4 > be) + break; /* really long var name */ - snprintf(s, sizeof(buf), "%s=\"", - sys_var[CS_VARLIST].text); - s += strlen(s); - t = s; - for (k = sys_var; !(EOV & k->flags); k++) { - if (PADDING & k->flags) - continue; - i = strlen(k->text); - if (s + i + 1 >= be) - break; + snprintf(s, sizeof(buf), "%s=\"", + sys_var[CS_VARLIST].text); + s += strlen(s); + t = s; + for (k = sys_var; !(EOV & k->flags); k++) { + if (PADDING & k->flags) + continue; + i = strlen(k->text); + if (s + i + 1 >= be) + break; - if (s != t) - *s++ = ','; - memcpy(s, k->text, i); - s += i; - } + if (s != t) + *s++ = ','; + memcpy(s, k->text, i); + s += i; + } - for (k = ext_sys_var; k && !(EOV & k->flags); - k++) { - if (PADDING & k->flags) - continue; + for (k = ext_sys_var; k && !(EOV & k->flags); k++) { + if (PADDING & k->flags) + continue; - ss = k->text; - if (!ss) - continue; + ss = k->text; + if (NULL == ss) + continue; - while (*ss && *ss != '=') - ss++; - i = ss - k->text; - if (s + i + 1 >= be) - break; + while (*ss != '\0' && *ss != '=') + ss++; + i = ss - k->text; + if (s + i + 1 >= be) + break; - if (s != t) - *s++ = ','; - memcpy(s, k->text, - (unsigned)i); - s += i; - } - if (s+2 >= be) - break; + if (s != t) + *s++ = ','; + memcpy(s, k->text, (unsigned)i); + s += i; + } + if (s + 2 >= be) + break; - *s++ = '"'; - *s = '\0'; + *s++ = '"'; + *s = '\0'; - ctl_putdata(buf, (unsigned)( s - buf ), - 0); - } - break; + ctl_putdata(buf, (unsigned)(s - buf), 0); + break; - case CS_TAI: + case CS_TAI: if (sys_tai > 0) ctl_putuint(sys_var[CS_TAI].text, sys_tai); break; - case CS_LEAPTAB: + case CS_LEAPTAB: if (leap_sec > 0) ctl_putfs(sys_var[CS_LEAPTAB].text, leap_sec); break; - case CS_LEAPEND: + case CS_LEAPEND: if (leap_expire > 0) ctl_putfs(sys_var[CS_LEAPEND].text, leap_expire); break; - case CS_RATE: + case CS_RATE: ctl_putuint(sys_var[CS_RATE].text, ntp_minpoll); break; - case CS_MRU_ENABLED: + case CS_MRU_ENABLED: ctl_puthex(sys_var[varid].text, mon_enabled); break; - case CS_MRU_DEPTH: + case CS_MRU_DEPTH: ctl_putuint(sys_var[varid].text, mru_entries); break; - case CS_MRU_MEM: + case CS_MRU_MEM: kb = mru_entries * (sizeof(mon_entry) / 1024.); u = (u_int)kb; if (kb - u >= 0.5) @@ -1616,23 +1605,23 @@ ctl_putsys( ctl_putuint(sys_var[varid].text, u); break; - case CS_MRU_DEEPEST: + case CS_MRU_DEEPEST: ctl_putuint(sys_var[varid].text, mru_peakentries); break; - case CS_MRU_MINDEPTH: + case CS_MRU_MINDEPTH: ctl_putuint(sys_var[varid].text, mru_mindepth); break; - case CS_MRU_MAXAGE: + case CS_MRU_MAXAGE: ctl_putint(sys_var[varid].text, mru_maxage); break; - case CS_MRU_MAXDEPTH: + case CS_MRU_MAXDEPTH: ctl_putuint(sys_var[varid].text, mru_maxdepth); break; - case CS_MRU_MAXMEM: + case CS_MRU_MAXMEM: kb = mru_maxdepth * (sizeof(mon_entry) / 1024.); u = (u_int)kb; if (kb - u >= 0.5) @@ -1640,93 +1629,97 @@ ctl_putsys( ctl_putuint(sys_var[varid].text, u); break; - case CS_SS_UPTIME: + case CS_SS_UPTIME: ctl_putuint(sys_var[varid].text, current_time); break; - case CS_SS_RESET: + case CS_SS_RESET: ctl_putuint(sys_var[varid].text, current_time - sys_stattime); break; - case CS_SS_RECEIVED: + case CS_SS_RECEIVED: ctl_putuint(sys_var[varid].text, sys_received); break; - case CS_SS_THISVER: + case CS_SS_THISVER: ctl_putuint(sys_var[varid].text, sys_newversion); break; - case CS_SS_OLDVER: + case CS_SS_OLDVER: ctl_putuint(sys_var[varid].text, sys_oldversion); break; - case CS_SS_BADFORMAT: + case CS_SS_BADFORMAT: ctl_putuint(sys_var[varid].text, sys_badlength); break; - case CS_SS_BADAUTH: + case CS_SS_BADAUTH: ctl_putuint(sys_var[varid].text, sys_badauth); break; - case CS_SS_DECLINED: + case CS_SS_DECLINED: ctl_putuint(sys_var[varid].text, sys_declined); break; - case CS_SS_RESTRICTED: + case CS_SS_RESTRICTED: ctl_putuint(sys_var[varid].text, sys_restricted); break; - case CS_SS_LIMITED: + case CS_SS_LIMITED: ctl_putuint(sys_var[varid].text, sys_limitrejected); break; - case CS_SS_KODSENT: + case CS_SS_KODSENT: ctl_putuint(sys_var[varid].text, sys_kodsent); break; - case CS_SS_PROCESSED: + case CS_SS_PROCESSED: ctl_putuint(sys_var[varid].text, sys_processed); break; -#ifdef OPENSSL - case CS_FLAGS: +#ifdef AUTOKEY + case CS_FLAGS: if (crypto_flags) ctl_puthex(sys_var[CS_FLAGS].text, crypto_flags); break; - case CS_DIGEST: + case CS_DIGEST: if (crypto_flags) { - strcpy(str, OBJ_nid2ln(crypto_nid)); + strncpy(str, OBJ_nid2ln(crypto_nid), + COUNTOF(str)); + str[COUNTOF(str) - 1] = '\0'; ctl_putstr(sys_var[CS_DIGEST].text, str, strlen(str)); } break; - case CS_SIGNATURE: + case CS_SIGNATURE: if (crypto_flags) { const EVP_MD *dp; dp = EVP_get_digestbynid(crypto_flags >> 16); - strcpy(str, OBJ_nid2ln(EVP_MD_pkey_type(dp))); + strncpy(str, OBJ_nid2ln(EVP_MD_pkey_type(dp)), + COUNTOF(str)); + str[COUNTOF(str) - 1] = '\0'; ctl_putstr(sys_var[CS_SIGNATURE].text, str, strlen(str)); } break; - case CS_HOST: + case CS_HOST: if (sys_hostname != NULL) ctl_putstr(sys_var[CS_HOST].text, sys_hostname, strlen(sys_hostname)); break; - case CS_GROUP: + case CS_GROUP: if (sys_groupname != NULL) ctl_putstr(sys_var[CS_GROUP].text, sys_groupname, strlen(sys_groupname)); break; - case CS_CERTIF: + case CS_CERTIF: for (cp = cinfo; cp != NULL; cp = cp->link) { snprintf(cbuf, sizeof(cbuf), "%s %s 0x%x", cp->subject, cp->issuer, cp->flags); @@ -1736,12 +1729,12 @@ ctl_putsys( } break; - case CS_PUBLIC: + case CS_PUBLIC: if (hostval.tstamp != 0) ctl_putfs(sys_var[CS_PUBLIC].text, ntohl(hostval.tstamp)); break; -#endif /* OPENSSL */ +#endif /* AUTOKEY */ } } @@ -1761,11 +1754,11 @@ ctl_putpeer( char *be; int i; struct ctl_var *k; -#ifdef OPENSSL +#ifdef AUTOKEY struct autokey *ap; const EVP_MD *dp; const char *str; -#endif /* OPENSSL */ +#endif /* AUTOKEY */ switch (id) { @@ -1987,7 +1980,7 @@ ctl_putpeer( ctl_putdata(buf, (u_int)(s - buf), 0); } break; -#ifdef OPENSSL +#ifdef AUTOKEY case CP_FLAGS: if (p->crypto) ctl_puthex(peer_var[id].text, p->crypto); @@ -2019,7 +2012,7 @@ ctl_putpeer( ctl_putfs(peer_var[CP_INITTSP].text, ntohl(p->recval.tstamp)); break; -#endif /* OPENSSL */ +#endif /* AUTOKEY */ } } @@ -3835,10 +3828,10 @@ report_event( * variables. Don't send crypto strings. */ for (i = 1; i <= CS_MAXCODE; i++) { -#ifdef OPENSSL +#ifdef AUTOKEY if (i > CS_VARLIST) continue; -#endif /* OPENSSL */ +#endif /* AUTOKEY */ ctl_putsys(i); } } else { @@ -3850,10 +3843,10 @@ report_event( * Dump it all. Later, maybe less. */ for (i = 1; i <= CP_MAXCODE; i++) { -#ifdef OPENSSL +#ifdef AUTOKEY if (i > CP_VARLIST) continue; -#endif /* OPENSSL */ +#endif /* AUTOKEY */ ctl_putpeer(i, peer); } #ifdef REFCLOCK diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c index b3a013cc2..3930c3498 100644 --- a/ntpd/ntp_crypto.c +++ b/ntpd/ntp_crypto.c @@ -5,7 +5,7 @@ #include #endif -#ifdef OPENSSL +#ifdef AUTOKEY #include #include #include @@ -3925,6 +3925,6 @@ crypto_config( break; } } -# else +# else /* !AUTOKEY follows */ int ntp_crypto_bs_pubkey; -# endif /* OPENSSL */ +# endif /* !AUTOKEY */ diff --git a/ntpd/ntp_peer.c b/ntpd/ntp_peer.c index c6af36065..f496a5fdd 100644 --- a/ntpd/ntp_peer.c +++ b/ntpd/ntp_peer.c @@ -13,9 +13,6 @@ #include "ntp_stdlib.h" #include "ntp_control.h" #include -#ifdef OPENSSL -#include "openssl/rand.h" -#endif /* OPENSSL */ /* * Table of valid association combinations @@ -769,7 +766,7 @@ newpeer( u_int hash; char tbuf[80]; -#ifdef OPENSSL +#ifdef AUTOKEY /* * If Autokey is requested but not configured, complain loudly. */ @@ -782,7 +779,7 @@ newpeer( return (NULL); } } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * For now only pool associations have a hostname. @@ -886,10 +883,10 @@ newpeer( if ((MDF_MCAST & cast_flags) && peer->dstadr != NULL) enable_multicast_if(peer->dstadr, srcadr); -#ifdef OPENSSL +#ifdef AUTOKEY if (key > NTP_MAXKEY) peer->flags |= FLAG_SKEY; -#endif /* OPENSSL */ +#endif /* AUTOKEY */ peer->ttl = (u_char)ttl; peer->keyid = key; peer->precision = sys_precision; diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index 930c24e6b..6af7dbf2e 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -352,11 +352,11 @@ receive( l_fp p_org; /* origin timestamp */ l_fp p_rec; /* receive timestamp */ l_fp p_xmt; /* transmit timestamp */ -#ifdef OPENSSL +#ifdef AUTOKEY struct autokey *ap; /* autokey structure pointer */ int rval; /* cookie snatcher */ keyid_t pkeyid = 0, tkeyid = 0; /* key IDs */ -#endif /* OPENSSL */ +#endif /* AUTOKEY */ #ifdef HAVE_NTP_SIGND static unsigned char zero_key[16]; #endif /* HAVE_NTP_SIGND */ @@ -616,7 +616,7 @@ receive( } else { restrict_mask &= ~RES_MSSNTP; -#ifdef OPENSSL +#ifdef AUTOKEY /* * For autokey modes, generate the session key * and install in the key cache. Use the socket @@ -700,7 +700,7 @@ receive( } } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Compute the cryptosum. Note a clogging attack may @@ -714,10 +714,10 @@ receive( is_authentic = AUTH_ERROR; else is_authentic = AUTH_OK; -#ifdef OPENSSL +#ifdef AUTOKEY if (crypto_flags && skeyid > NTP_MAXKEY) authtrust(skeyid, 0); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ #ifdef DEBUG if (debug) printf( @@ -889,23 +889,23 @@ receive( return; /* no help */ } -#ifdef OPENSSL +#ifdef AUTOKEY /* * Do not respond if Autokey and the opcode is not a - * CRYPTO_ASSOC response with associationn ID. + * CRYPTO_ASSOC response with association ID. */ if (crypto_flags && skeyid > NTP_MAXKEY && (opcode & 0xffff0000) != (CRYPTO_ASSOC | CRYPTO_RESP)) { sys_declined++; return; /* protocol error */ } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Determine whether to execute the initial volley. */ if (sys_bdelay != 0) { -#ifdef OPENSSL +#ifdef AUTOKEY /* * If a two-way exchange is not possible, * neither is Autokey. @@ -914,7 +914,7 @@ receive( sys_restricted++; return; /* no autokey */ } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Do not execute the volley. Start out in @@ -949,10 +949,10 @@ receive( sys_restricted++; return; /* ignore duplicate */ } -#ifdef OPENSSL +#ifdef AUTOKEY if (skeyid > NTP_MAXKEY) crypto_recv(peer, rbufp); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ return; /* hooray */ @@ -1036,7 +1036,7 @@ receive( return; } -#ifdef OPENSSL +#ifdef AUTOKEY /* * If the association is configured for Autokey, the packet must * have a public key ID; if not, the packet must have a @@ -1048,7 +1048,7 @@ receive( sys_badauth++; return; } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ peer->received++; peer->flash &= ~PKT_TEST_MASK; if (peer->flags & FLAG_XBOGUS) { @@ -1149,10 +1149,10 @@ receive( unpeer(peer); return; } -#ifdef OPENSSL +#ifdef AUTOKEY if (peer->crypto) peer_clear(peer, "AUTH"); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ return; /* @@ -1173,10 +1173,10 @@ receive( unpeer(peer); return; } -#ifdef OPENSSL +#ifdef AUTOKEY if (peer->crypto) peer_clear(peer, "AUTH"); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ return; } @@ -1210,7 +1210,7 @@ receive( else peer->flags &= ~FLAG_AUTHENTIC; -#ifdef OPENSSL +#ifdef AUTOKEY /* * More autokey dance. The rules of the cha-cha are as follows: * @@ -1324,7 +1324,7 @@ receive( return; } } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * The dance is complete and the flash bits have been lit. Toss @@ -1656,16 +1656,16 @@ process_packet( */ if ((peer->cast_flags & MDF_BCLNT) && !(peer_unfit(peer) & TEST11)) { -#ifdef OPENSSL +#ifdef AUTOKEY if (peer->flags & FLAG_SKEY) { if (!(~peer->crypto & CRYPTO_FLAG_ALL)) peer->hmode = MODE_BCLIENT; } else { peer->hmode = MODE_BCLIENT; } -#else /* OPENSSL */ +#else /* !AUTOKEY follows */ peer->hmode = MODE_BCLIENT; -#endif /* OPENSSL */ +#endif /* !AUTOKEY */ } } @@ -1771,10 +1771,10 @@ clock_update( */ if (sys_leap == LEAP_NOTINSYNC) { sys_leap = LEAP_NOWARNING; -#ifdef OPENSSL +#ifdef AUTOKEY if (crypto_flags) crypto_update(); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * If our parent process is waiting for the * first clock sync, send them home satisfied. @@ -1871,7 +1871,7 @@ poll_update( hpoll = max(min(peer->maxpoll, mpoll), peer->minpoll); -#ifdef OPENSSL +#ifdef AUTOKEY /* * If during the crypto protocol the poll interval has changed, * the lifetimes in the key list are probably bogus. Purge the @@ -1879,7 +1879,7 @@ poll_update( */ if ((peer->flags & FLAG_SKEY) && hpoll != peer->hpoll) key_expire(peer); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ peer->hpoll = hpoll; /* @@ -1912,7 +1912,7 @@ poll_update( else peer->nextdate = utemp; -#ifdef OPENSSL +#ifdef AUTOKEY /* * If a burst is not in progress and a crypto response message * is pending, delay 2 s, but only if this is a new interval. @@ -1924,7 +1924,7 @@ poll_update( } else { peer->nextdate = utemp; } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * The ordinary case. If a retry, use minpoll; if unreachable, @@ -1982,7 +1982,7 @@ peer_clear( { u_char u; -#ifdef OPENSSL +#ifdef AUTOKEY /* * If cryptographic credentials have been acquired, toss them to * Valhalla. Note that autokeys are ephemeral, in that they are @@ -2005,7 +2005,7 @@ peer_clear( free(peer->subject); if (peer->issuer != NULL) free(peer->issuer); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Clear all values, including the optional crypto values above. @@ -2052,9 +2052,9 @@ peer_clear( } else { peer->nextdate += ntp_random() % peer_associations; } -#ifdef OPENSSL +#ifdef AUTOKEY peer->refresh = current_time + (1 << NTP_REFRESH); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ #ifdef DEBUG if (debug) printf( @@ -2876,11 +2876,11 @@ peer_xmit( * might not be usable. */ sendlen = LEN_PKT_NOMAC; -#ifdef OPENSSL +#ifdef AUTOKEY if (!(peer->flags & FLAG_SKEY) && peer->keyid == 0) { -#else +#else /* !AUTOKEY follows */ if (peer->keyid == 0) { -#endif /* OPENSSL */ +#endif /* !AUTOKEY */ /* * Transmit a-priori timestamps @@ -2941,7 +2941,7 @@ peer_xmit( * authenticated. If autokey is enabled, fuss with the various * modes; otherwise, symmetric key cryptography is used. */ -#ifdef OPENSSL +#ifdef AUTOKEY if (peer->flags & FLAG_SKEY) { struct exten *exten; /* extension field */ @@ -3180,7 +3180,7 @@ peer_xmit( xkeyid, 0, 2); } } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Transmit a-priori timestamps @@ -3212,10 +3212,10 @@ peer_xmit( return; } sendlen += authlen; -#ifdef OPENSSL +#ifdef AUTOKEY if (xkeyid > NTP_MAXKEY) authtrust(xkeyid, 0); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ if (sendlen > sizeof(xpkt)) { msyslog(LOG_ERR, "proto: buffer overflow %u", sendlen); exit (-1); @@ -3239,7 +3239,7 @@ peer_xmit( } L_SUB(&xmt_ty, &xmt_tx); LFPTOD(&xmt_ty, peer->xleave); -#ifdef OPENSSL +#ifdef AUTOKEY #ifdef DEBUG if (debug) printf("transmit: at %ld %s->%s mode %d keyid %08x len %d index %d\n", @@ -3247,7 +3247,7 @@ peer_xmit( ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen, peer->keynumber); #endif -#else /* OPENSSL */ +#else /* !AUTOKEY follows */ #ifdef DEBUG if (debug) printf("transmit: at %ld %s->%s mode %d keyid %08x len %d\n", @@ -3255,7 +3255,7 @@ peer_xmit( ntoa(&peer->dstadr->sin) : "-", ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen); #endif -#endif /* OPENSSL */ +#endif /* !AUTOKEY */ } @@ -3275,7 +3275,7 @@ fast_xmit( struct pkt *rpkt; /* receive packet structure */ l_fp xmt_tx, xmt_ty; int sendlen; -#ifdef OPENSSL +#ifdef AUTOKEY u_int32 temp32; #endif @@ -3365,7 +3365,7 @@ fast_xmit( * value to generate the cookie, which is unique for every * source-destination-key ID combination. */ -#ifdef OPENSSL +#ifdef AUTOKEY if (xkeyid > NTP_MAXKEY) { keyid_t cookie; @@ -3393,13 +3393,13 @@ fast_xmit( &rbufp->recv_srcadr, xkeyid, cookie, 2); } } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ get_systime(&xmt_tx); sendlen += authencrypt(xkeyid, (u_int32 *)&xpkt, sendlen); -#ifdef OPENSSL +#ifdef AUTOKEY if (xkeyid > NTP_MAXKEY) authtrust(xkeyid, 0); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, 0, &xpkt, sendlen); get_systime(&xmt_ty); L_SUB(&xmt_ty, &xmt_tx); @@ -3537,7 +3537,7 @@ pool_name_resolved( #endif /* WORKER */ -#ifdef OPENSSL +#ifdef AUTOKEY /* * key_expire - purge the key list */ @@ -3563,7 +3563,7 @@ key_expire( peer->associd); #endif } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* diff --git a/ntpd/ntp_request.c b/ntpd/ntp_request.c index 6f97080bb..311c05bf1 100644 --- a/ntpd/ntp_request.c +++ b/ntpd/ntp_request.c @@ -1331,13 +1331,13 @@ do_conf( if (temp_cp.flags & CONF_FLAG_PREFER) fl |= FLAG_PREFER; if (temp_cp.flags & CONF_FLAG_BURST) - fl |= FLAG_BURST; + fl |= FLAG_BURST; if (temp_cp.flags & CONF_FLAG_IBURST) - fl |= FLAG_IBURST; -#ifdef OPENSSL + fl |= FLAG_IBURST; +#ifdef AUTOKEY if (temp_cp.flags & CONF_FLAG_SKEY) fl |= FLAG_SKEY; -#endif /* OPENSSL */ +#endif /* AUTOKEY */ if (client_v6_capable && temp_cp.v6_flag != 0) { AF(&peeraddr) = AF_INET6; SOCK_ADDR6(&peeraddr) = temp_cp.peeraddr6; diff --git a/ntpd/ntp_timer.c b/ntpd/ntp_timer.c index 9037d90e5..51502ede0 100644 --- a/ntpd/ntp_timer.c +++ b/ntpd/ntp_timer.c @@ -9,6 +9,11 @@ #include "ntpd.h" #include "ntp_stdlib.h" +#if defined(HAVE_IO_COMPLETION_PORT) +# include "ntp_iocompletionport.h" +# include "ntp_timer.h" +#endif + #include #include #ifdef HAVE_SYS_SIGNAL_H @@ -18,18 +23,13 @@ # include #endif -#if defined(HAVE_IO_COMPLETION_PORT) -# include "ntp_iocompletionport.h" -# include "ntp_timer.h" -#endif - #ifdef KERNEL_PLL #include "ntp_syscall.h" #endif /* KERNEL_PLL */ -#ifdef OPENSSL +#ifdef AUTOKEY #include -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* TC_ERR represents the timer_create() error return value. */ @@ -66,12 +66,12 @@ static u_long huffpuff_timer; /* huff-n'-puff timer */ u_long leapsec; /* leapseconds countdown */ u_long worker_idle_timer; /* next check for idle intres */ u_long orphwait; /* orphan wait time */ -#ifdef OPENSSL +#ifdef AUTOKEY static u_long revoke_timer; /* keys revoke timer */ static u_long keys_timer; /* session key timer */ u_long sys_revoke = KEY_REVOKE; /* keys revoke timeout (log2 s) */ u_long sys_automax = NTP_AUTOMAX; /* key list timeout (log2 s) */ -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Statistics counter for the interested. @@ -308,10 +308,10 @@ timer(void) current_time > orphwait) { if (sys_leap == LEAP_NOTINSYNC) { sys_leap = LEAP_NOWARNING; -#ifdef OPENSSL +#ifdef AUTOKEY if (crypto_flags) crypto_update(); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ } sys_stratum = (u_char)sys_orphan; if (sys_stratum > 1) @@ -361,7 +361,7 @@ timer(void) huffpuff(); } -#ifdef OPENSSL +#ifdef AUTOKEY /* * Garbage collect expired keys. */ @@ -379,7 +379,7 @@ timer(void) revoke_timer += 1 << sys_revoke; RAND_bytes((u_char *)&sys_private, 4); } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Interface update timer diff --git a/ntpd/ntp_util.c b/ntpd/ntp_util.c index 505d4168c..1f671be12 100644 --- a/ntpd/ntp_util.c +++ b/ntpd/ntp_util.c @@ -82,9 +82,9 @@ int drift_file_sw; /* clock update switch */ #ifdef DEBUG_TIMING static FILEGEN timingstats; #endif -#ifdef OPENSSL +#ifdef AUTOKEY static FILEGEN cryptostats; -#endif /* OPENSSL */ +#endif /* AUTOKEY */ static char statsdir[MAXPATHLEN] = NTP_VAR; static FILEGEN peerstats; @@ -147,12 +147,12 @@ uninit_util(void) filegen_unregister("rawstats"); filegen_unregister("sysstats"); filegen_unregister("protostats"); -#ifdef OPENSSL +#ifdef AUTOKEY filegen_unregister("cryptostats"); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ #ifdef DEBUG_TIMING filegen_unregister("timingstats"); -#endif /* DEBUG_TIMING */ +#endif /* DEBUG_TIMING */ #if defined(_MSC_VER) && defined (_DEBUG) _CrtCheckMemory(); @@ -173,12 +173,12 @@ init_util(void) filegen_register(statsdir, "rawstats", &rawstats); filegen_register(statsdir, "sysstats", &sysstats); filegen_register(statsdir, "protostats", &protostats); -#ifdef OPENSSL +#ifdef AUTOKEY filegen_register(statsdir, "cryptostats", &cryptostats); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ #ifdef DEBUG_TIMING filegen_register(statsdir, "timingstats", &timingstats); -#endif /* DEBUG_TIMING */ +#endif /* DEBUG_TIMING */ /* * register with libntp ntp_set_tod() to call us back * when time is stepped. @@ -471,65 +471,65 @@ stats_config( value[value_l - 1]); if (add_dir_sep) - snprintf(statsdir, sizeof(statsdir), - "%s%c", value, DIR_SEP); + snprintf(statsdir, sizeof(statsdir), + "%s%c", value, DIR_SEP); else - snprintf(statsdir, sizeof(statsdir), - "%s", value); + snprintf(statsdir, sizeof(statsdir), + "%s", value); get_systime(&now); - if(peerstats.prefix == &statsdir[0] && + if (peerstats.prefix == &statsdir[0] && peerstats.fp != NULL) { fclose(peerstats.fp); peerstats.fp = NULL; filegen_setup(&peerstats, now.l_ui); } - if(loopstats.prefix == &statsdir[0] && + if (loopstats.prefix == &statsdir[0] && loopstats.fp != NULL) { fclose(loopstats.fp); loopstats.fp = NULL; filegen_setup(&loopstats, now.l_ui); } - if(clockstats.prefix == &statsdir[0] && + if (clockstats.prefix == &statsdir[0] && clockstats.fp != NULL) { fclose(clockstats.fp); clockstats.fp = NULL; filegen_setup(&clockstats, now.l_ui); } - if(rawstats.prefix == &statsdir[0] && + if (rawstats.prefix == &statsdir[0] && rawstats.fp != NULL) { fclose(rawstats.fp); rawstats.fp = NULL; filegen_setup(&rawstats, now.l_ui); } - if(sysstats.prefix == &statsdir[0] && + if (sysstats.prefix == &statsdir[0] && sysstats.fp != NULL) { fclose(sysstats.fp); sysstats.fp = NULL; filegen_setup(&sysstats, now.l_ui); } - if(protostats.prefix == &statsdir[0] && + if (protostats.prefix == &statsdir[0] && protostats.fp != NULL) { fclose(protostats.fp); protostats.fp = NULL; filegen_setup(&protostats, now.l_ui); } -#ifdef OPENSSL - if(cryptostats.prefix == &statsdir[0] && +#ifdef AUTOKEY + if (cryptostats.prefix == &statsdir[0] && cryptostats.fp != NULL) { fclose(cryptostats.fp); cryptostats.fp = NULL; filegen_setup(&cryptostats, now.l_ui); } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ #ifdef DEBUG_TIMING - if(timingstats.prefix == &statsdir[0] && + if (timingstats.prefix == &statsdir[0] && timingstats.fp != NULL) { fclose(timingstats.fp); timingstats.fp = NULL; filegen_setup(&timingstats, now.l_ui); } -#endif /* DEBUG_TIMING */ +#endif /* DEBUG_TIMING */ } break; @@ -810,7 +810,7 @@ record_proto_stats( } -#ifdef OPENSSL +#ifdef AUTOKEY /* * record_crypto_stats - write crypto statistics to file * @@ -846,7 +846,7 @@ record_crypto_stats( fflush(cryptostats.fp); } } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ #ifdef DEBUG_TIMING diff --git a/ntpdc/ntpdc.c b/ntpdc/ntpdc.c index 11a56c395..97a381b76 100644 --- a/ntpdc/ntpdc.c +++ b/ntpdc/ntpdc.c @@ -24,6 +24,10 @@ #include "ntp_stdlib.h" #include "ntp_assert.h" #include "ntp_lineedit.h" +#ifdef OPENSSL +#include "openssl/evp.h" +#include "openssl/objects.h" +#endif #include #include "ntpdc-opts.h" diff --git a/ntpq/ntpq.c b/ntpq/ntpq.c index d44be6b92..1aa6584b2 100644 --- a/ntpq/ntpq.c +++ b/ntpq/ntpq.c @@ -28,6 +28,10 @@ #include "ntp_assert.h" #include "ntp_lineedit.h" #include "ntp_debug.h" +#ifdef OPENSSL +#include "openssl/evp.h" +#include "openssl/objects.h" +#endif #include #include "ntpq-opts.h" diff --git a/ports/winnt/include/ntp_timer.h b/ports/winnt/include/ntp_timer.h index 7649bafd9..a4023b23f 100644 --- a/ports/winnt/include/ntp_timer.h +++ b/ports/winnt/include/ntp_timer.h @@ -1,12 +1,10 @@ -#if !defined(__NTP_TIMER_H_) -#define __NTP_TIMER_H_ +#ifndef NTP_TIMER_H +#define NTP_TIMER_H extern void timer_clr_stats(void); -#if defined(SYS_WINNT) +#ifdef SYS_WINNT extern HANDLE get_timer_handle(void); #endif - - -#endif \ No newline at end of file +#endif /* NTP_TIMER_H */ diff --git a/sntp/crypto.h b/sntp/crypto.h index 5f184b06b..39e0e6b66 100644 --- a/sntp/crypto.h +++ b/sntp/crypto.h @@ -8,11 +8,7 @@ #include #include #include -#ifdef OPENSSL -# include "openssl/evp.h" -#else -# include /* provides clone of OpenSSL MD5 API */ -#endif +#include /* provides OpenSSL digest API */ #include "utilities.h" #include "sntp-opts.h" diff --git a/sntp/networking.h b/sntp/networking.h index d09531b49..24e04fb56 100644 --- a/sntp/networking.h +++ b/sntp/networking.h @@ -71,7 +71,7 @@ struct speer { l_fp reftime; keyid_t keyid; -#ifdef OPENSSL +#ifdef AUTOKEY #define clear_to_zero opcode u_int32 opcode; /* last request opcode */ associd_t assoc; /* peer association ID */ @@ -99,9 +99,9 @@ struct speer { int keynumber; /* current key number */ struct value encrypt; /* send encrypt values */ struct value sndval; /* send autokey values */ -#else /* OPENSSL */ +#else /* !AUTOKEY follows */ #define clear_to_zero status -#endif /* OPENSSL */ +#endif /* !AUTOKEY */ l_fp rec; /* receive time stamp */ l_fp xmt; /* transmit time stamp */ diff --git a/util/ntp-keygen-opts.c b/util/ntp-keygen-opts.c index 2f205fda2..f020a39b2 100644 --- a/util/ntp-keygen-opts.c +++ b/util/ntp-keygen-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.c) * - * It has been AutoGen-ed July 12, 2010 at 10:09:37 AM by AutoGen 5.10 + * It has been AutoGen-ed July 19, 2010 at 07:43:26 AM by AutoGen 5.10 * From the definitions ntp-keygen-opts.def * and the template file options * @@ -71,7 +71,7 @@ extern tUsageProc optionUsage; /* * Certificate option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zCertificateText[] = "certificate scheme"; tSCC zCertificate_NAME[] = "CERTIFICATE"; @@ -84,7 +84,7 @@ tSCC zCertificate_Name[] = "certificate"; #define zCertificate_NAME NULL #define zCertificateText NULL #define zCertificate_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Debug_Level option description: @@ -108,7 +108,7 @@ tSCC zSet_Debug_Level_Name[] = "set-debug-level"; /* * Id_Key option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zId_KeyText[] = "Write IFF or GQ identity keys"; tSCC zId_Key_NAME[] = "ID_KEY"; @@ -120,12 +120,12 @@ tSCC zId_Key_Name[] = "id-key"; #define zId_Key_NAME NULL #define zId_KeyText NULL #define zId_Key_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Gq_Params option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zGq_ParamsText[] = "Generate GQ parameters and keys"; tSCC zGq_Params_NAME[] = "GQ_PARAMS"; @@ -137,12 +137,12 @@ tSCC zGq_Params_Name[] = "gq-params"; #define zGq_Params_NAME NULL #define zGq_ParamsText NULL #define zGq_Params_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Host_Key option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zHost_KeyText[] = "generate RSA host key"; tSCC zHost_Key_NAME[] = "HOST_KEY"; @@ -154,12 +154,12 @@ tSCC zHost_Key_Name[] = "host-key"; #define zHost_Key_NAME NULL #define zHost_KeyText NULL #define zHost_Key_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Iffkey option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zIffkeyText[] = "generate IFF parameters"; tSCC zIffkey_NAME[] = "IFFKEY"; @@ -171,12 +171,12 @@ tSCC zIffkey_Name[] = "iffkey"; #define zIffkey_NAME NULL #define zIffkeyText NULL #define zIffkey_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Issuer_Name option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zIssuer_NameText[] = "set issuer name"; tSCC zIssuer_Name_NAME[] = "ISSUER_NAME"; @@ -189,7 +189,7 @@ tSCC zIssuer_Name_Name[] = "issuer-name"; #define zIssuer_Name_NAME NULL #define zIssuer_NameText NULL #define zIssuer_Name_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Md5key option description: @@ -203,7 +203,7 @@ tSCC zMd5key_Name[] = "md5key"; /* * Modulus option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zModulusText[] = "modulus"; tSCC zModulus_NAME[] = "MODULUS"; @@ -216,12 +216,12 @@ tSCC zModulus_Name[] = "modulus"; #define zModulus_NAME NULL #define zModulusText NULL #define zModulus_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Pvt_Cert option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zPvt_CertText[] = "generate PC private certificate"; tSCC zPvt_Cert_NAME[] = "PVT_CERT"; @@ -233,12 +233,12 @@ tSCC zPvt_Cert_Name[] = "pvt-cert"; #define zPvt_Cert_NAME NULL #define zPvt_CertText NULL #define zPvt_Cert_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Pvt_Passwd option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zPvt_PasswdText[] = "output private password"; tSCC zPvt_Passwd_NAME[] = "PVT_PASSWD"; @@ -251,12 +251,12 @@ tSCC zPvt_Passwd_Name[] = "pvt-passwd"; #define zPvt_Passwd_NAME NULL #define zPvt_PasswdText NULL #define zPvt_Passwd_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Get_Pvt_Passwd option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zGet_Pvt_PasswdText[] = "input private password"; tSCC zGet_Pvt_Passwd_NAME[] = "GET_PVT_PASSWD"; @@ -269,12 +269,12 @@ tSCC zGet_Pvt_Passwd_Name[] = "get-pvt-passwd"; #define zGet_Pvt_Passwd_NAME NULL #define zGet_Pvt_PasswdText NULL #define zGet_Pvt_Passwd_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Sign_Key option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zSign_KeyText[] = "generate sign key (RSA or DSA)"; tSCC zSign_Key_NAME[] = "SIGN_KEY"; @@ -287,12 +287,12 @@ tSCC zSign_Key_Name[] = "sign-key"; #define zSign_Key_NAME NULL #define zSign_KeyText NULL #define zSign_Key_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Subject_Name option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zSubject_NameText[] = "set subject name"; tSCC zSubject_Name_NAME[] = "SUBJECT_NAME"; @@ -305,12 +305,12 @@ tSCC zSubject_Name_Name[] = "subject-name"; #define zSubject_Name_NAME NULL #define zSubject_NameText NULL #define zSubject_Name_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Trusted_Cert option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zTrusted_CertText[] = "trusted certificate (TC scheme)"; tSCC zTrusted_Cert_NAME[] = "TRUSTED_CERT"; @@ -322,12 +322,12 @@ tSCC zTrusted_Cert_Name[] = "trusted-cert"; #define zTrusted_Cert_NAME NULL #define zTrusted_CertText NULL #define zTrusted_Cert_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Mv_Params option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zMv_ParamsText[] = "generate MV parameters"; tSCC zMv_Params_NAME[] = "MV_PARAMS"; @@ -340,12 +340,12 @@ tSCC zMv_Params_Name[] = "mv-params"; #define zMv_Params_NAME NULL #define zMv_ParamsText NULL #define zMv_Params_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Mv_Keys option description: */ -#ifdef OPENSSL +#ifdef AUTOKEY tSCC zMv_KeysText[] = "update MV keys"; tSCC zMv_Keys_NAME[] = "MV_KEYS"; @@ -358,7 +358,7 @@ tSCC zMv_Keys_Name[] = "mv-keys"; #define zMv_Keys_NAME NULL #define zMv_KeysText NULL #define zMv_Keys_Name NULL -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Help/More_Help/Version option descriptions: @@ -393,21 +393,21 @@ tSCC zNotLoad_Opts_Pfx[] = "no"; /* * Declare option callback procedures */ -#ifdef OPENSSL +#ifdef AUTOKEY static tOptProc doOptModulus; -#else /* not OPENSSL */ +#else /* not AUTOKEY */ # define doOptModulus NULL -#endif /* def/not OPENSSL */ -#ifdef OPENSSL +#endif /* def/not AUTOKEY */ +#ifdef AUTOKEY extern tOptProc optionNumericVal; -#else /* not OPENSSL */ +#else /* not AUTOKEY */ # define optionNumericVal NULL -#endif /* def/not OPENSSL */ -#ifdef OPENSSL +#endif /* def/not AUTOKEY */ +#ifdef AUTOKEY extern tOptProc optionNumericVal; -#else /* not OPENSSL */ +#else /* not AUTOKEY */ # define optionNumericVal NULL -#endif /* def/not OPENSSL */ +#endif /* def/not AUTOKEY */ #if defined(TEST_NTP_KEYGEN_OPTS) /* * Under test, omit argument processing, or call optionStackArg, @@ -752,7 +752,7 @@ tSCC zDetail[] = "\n\ If there is no new host key, look for an existing one.\n\ If one is not found, create it.\n"; tSCC zFullVersion[] = NTP_KEYGEN_FULL_VERSION; -/* extracted from /usr/local/gnu/share/autogen/optcode.tpl near line 495 */ +/* extracted from /usr/local/share/autogen/optcode.tpl near line 495 */ #if defined(ENABLE_NLS) # define OPTPROC_BASE OPTPROC_TRANSLATE @@ -825,9 +825,9 @@ DESC(DEBUG_LEVEL).optOccCt = atoi( pOptDesc->pzLastArg ); /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * - * For the modulus option, when OPENSSL is #define-d. + * For the modulus option, when AUTOKEY is #define-d. */ -#ifdef OPENSSL +#ifdef AUTOKEY static void doOptModulus(tOptions* pOptions, tOptDesc* pOptDesc) { @@ -873,8 +873,8 @@ doOptModulus(tOptions* pOptions, tOptDesc* pOptDesc) } pOptDesc->optArg.argInt = val; } -#endif /* defined OPENSSL */ -/* extracted from /usr/local/gnu/share/autogen/optmain.tpl near line 109 */ +#endif /* defined AUTOKEY */ +/* extracted from /usr/local/share/autogen/optmain.tpl near line 109 */ #if defined(TEST_NTP_KEYGEN_OPTS) /* TEST MAIN PROCEDURE: */ @@ -889,7 +889,7 @@ main(int argc, char** argv) return res; } #endif /* defined TEST_NTP_KEYGEN_OPTS */ -/* extracted from /usr/local/gnu/share/autogen/optcode.tpl near line 627 */ +/* extracted from /usr/local/share/autogen/optcode.tpl near line 627 */ #if ENABLE_NLS #include diff --git a/util/ntp-keygen-opts.def b/util/ntp-keygen-opts.def index 61cf2721e..af809a66b 100644 --- a/util/ntp-keygen-opts.def +++ b/util/ntp-keygen-opts.def @@ -20,7 +20,7 @@ flag = { name = certificate; arg-type = string; arg-name = scheme; - ifdef = OPENSSL; + ifdef = AUTOKEY; descrip = "certificate scheme"; doc = <<- _EndOfDoc_ scheme is one of @@ -39,7 +39,7 @@ flag = { flag = { value = e; name = id-key; - ifdef = OPENSSL; + ifdef = AUTOKEY; descrip = "Write IFF or GQ identity keys"; doc = <<- _EndOfDoc_ Write the IFF or GQ client keys to the standard output. This is @@ -50,7 +50,7 @@ flag = { flag = { value = G; name = gq-params; - ifdef = OPENSSL; + ifdef = AUTOKEY; descrip = "Generate GQ parameters and keys"; doc = <<- _EndOfDoc_ Generate parameters and keys for the GQ identification scheme, @@ -61,7 +61,7 @@ flag = { flag = { value = H; name = host-key; - ifdef = OPENSSL; + ifdef = AUTOKEY; descrip = "generate RSA host key"; doc = <<- _EndOfDoc_ Generate new host keys, obsoleting any that may exist. @@ -71,7 +71,7 @@ flag = { flag = { value = I; name = iffkey; - ifdef = OPENSSL; + ifdef = AUTOKEY; descrip = "generate IFF parameters"; doc = <<- _EndOfDoc_ Generate parameters for the IFF identification scheme, obsoleting @@ -82,7 +82,7 @@ flag = { flag = { value = i; name = issuer-name; - ifdef = OPENSSL; + ifdef = AUTOKEY; arg-type = string; arg-name = issuer-name; descrip = "set issuer name"; @@ -107,7 +107,7 @@ flag = { arg-type = number; arg-name = modulus; arg-range = '256->2048'; - ifdef = OPENSSL; + ifdef = AUTOKEY; descrip = "modulus"; doc = <<- _EndOfDoc_ The number of bits in the prime modulus. The default is 512. @@ -117,7 +117,7 @@ flag = { flag = { value = P; name = pvt-cert; - ifdef = OPENSSL; + ifdef = AUTOKEY; descrip = "generate PC private certificate"; doc = <<- _EndOfDoc_ Generate a private certificate. By default, the program generates @@ -128,7 +128,7 @@ flag = { flag = { value = p; name = pvt-passwd; - ifdef = OPENSSL; + ifdef = AUTOKEY; arg-type = string; arg-name = passwd; descrip = "output private password"; @@ -141,7 +141,7 @@ flag = { flag = { value = q; name = get-pvt-passwd; - ifdef = OPENSSL; + ifdef = AUTOKEY; arg-type = string; arg-name = passwd; descrip = "input private password"; @@ -155,7 +155,7 @@ flag = { name = sign-key; arg-type = string; arg-name = sign; - ifdef = OPENSSL; + ifdef = AUTOKEY; descrip = "generate sign key (RSA or DSA)"; doc = <<- _EndOfDoc_ Generate a new sign key of the designated type, obsoleting any @@ -169,7 +169,7 @@ flag = { name = subject-name; arg-type = string; arg-name = host; - ifdef = OPENSSL; + ifdef = AUTOKEY; descrip = "set subject name"; doc = <<- _EndOfDoc_ Set the issuer name to name. This is used for the issuer field @@ -180,7 +180,7 @@ flag = { flag = { value = T; name = trusted-cert; - ifdef = OPENSSL; + ifdef = AUTOKEY; descrip = "trusted certificate (TC scheme)"; doc = <<- _EndOfDoc_ Generate a trusted certificate. By default, the program generates @@ -193,7 +193,7 @@ flag = { name = mv-params; arg-type = number; arg-name = num; - ifdef = OPENSSL; + ifdef = AUTOKEY; descrip = "generate MV parameters"; doc = <<- _EndOfDoc_ Generate parameters and keys for the Mu-Varadharajan (MV) @@ -206,7 +206,7 @@ flag = { name = mv-keys; arg-type = number; arg-name = num; - ifdef = OPENSSL; + ifdef = AUTOKEY; descrip = "update MV keys"; }; diff --git a/util/ntp-keygen-opts.h b/util/ntp-keygen-opts.h index 8b7fbf941..dc1853205 100644 --- a/util/ntp-keygen-opts.h +++ b/util/ntp-keygen-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.h) * - * It has been AutoGen-ed July 12, 2010 at 10:09:37 AM by AutoGen 5.10 + * It has been AutoGen-ed July 19, 2010 at 07:43:25 AM by AutoGen 5.10 * From the definitions ntp-keygen-opts.def * and the template file options * @@ -213,10 +213,10 @@ typedef enum { #define VALUE_OPT_ISSUER_NAME 'i' #define VALUE_OPT_MD5KEY 'M' #define VALUE_OPT_MODULUS 'm' -#ifdef OPENSSL +#ifdef AUTOKEY #define OPT_VALUE_MODULUS (DESC(MODULUS).optArg.argInt) -#endif /* OPENSSL */ +#endif /* AUTOKEY */ #define VALUE_OPT_PVT_CERT 'P' #define VALUE_OPT_PVT_PASSWD 'p' #define VALUE_OPT_GET_PVT_PASSWD 'q' @@ -224,15 +224,15 @@ typedef enum { #define VALUE_OPT_SUBJECT_NAME 's' #define VALUE_OPT_TRUSTED_CERT 'T' #define VALUE_OPT_MV_PARAMS 'V' -#ifdef OPENSSL +#ifdef AUTOKEY #define OPT_VALUE_MV_PARAMS (DESC(MV_PARAMS).optArg.argInt) -#endif /* OPENSSL */ +#endif /* AUTOKEY */ #define VALUE_OPT_MV_KEYS 'v' -#ifdef OPENSSL +#ifdef AUTOKEY #define OPT_VALUE_MV_KEYS (DESC(MV_KEYS).optArg.argInt) -#endif /* OPENSSL */ +#endif /* AUTOKEY */ #define VALUE_OPT_HELP '?' #define VALUE_OPT_MORE_HELP '!' #define VALUE_OPT_VERSION INDEX_OPT_VERSION @@ -252,7 +252,7 @@ typedef enum { ntp_keygenOptions.pzCurOpt = NULL ) #define START_OPT RESTART_OPT(1) #define USAGE(c) (*ntp_keygenOptions.pUsageProc)( &ntp_keygenOptions, c ) -/* extracted from /usr/local/gnu/share/autogen/opthead.tpl near line 409 */ +/* extracted from /usr/local/share/autogen/opthead.tpl near line 409 */ /* * * * * * * diff --git a/util/ntp-keygen.c b/util/ntp-keygen.c index dd6b6549e..7f7ee2254 100644 --- a/util/ntp-keygen.c +++ b/util/ntp-keygen.c @@ -103,7 +103,7 @@ #include "openssl/pem.h" #include "openssl/x509v3.h" #include -#endif /* OPENSSL */ +#endif /* OPENSSL */ #include /* @@ -115,7 +115,7 @@ #define YEAR ((long)60*60*24*365) /* one year in seconds */ #define MAXFILENAME 256 /* max file name length */ #define MAXHOSTNAME 256 /* max host name length */ -#ifdef OPENSSL +#ifdef AUTOKEY #define PLEN 512 /* default prime modulus size (bits) */ #define ILEN 256 /* default identity modulus size (bits) */ #define MVMAX 100 /* max MV parameters */ @@ -127,14 +127,14 @@ #define BASIC_CONSTRAINTS "critical,CA:TRUE" #define EXT_KEY_PRIVATE "private" #define EXT_KEY_TRUST "trustRoot" -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Prototypes */ FILE *fheader (const char *, const char *, const char *); int gen_md5 (char *); -#ifdef OPENSSL +#ifdef AUTOKEY EVP_PKEY *gen_rsa (char *); EVP_PKEY *gen_dsa (char *); EVP_PKEY *gen_iffkey (char *); @@ -148,7 +148,7 @@ EVP_PKEY *genkey (char *, char *); EVP_PKEY *readkey (char *, char *, u_int *, EVP_PKEY **); void writekey (char *, char *, u_int *, EVP_PKEY **); u_long asn2ntp (ASN1_TIME *); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Program variables @@ -156,7 +156,7 @@ u_long asn2ntp (ASN1_TIME *); extern char *optarg; /* command line argument */ char *progname; volatile int debug = 0; /* debug, not de bug */ -#ifdef OPENSSL +#ifdef AUTOKEY u_int modulus = PLEN; /* prime modulus size (bits) */ u_int modulus2 = ILEN; /* identity modulus size (bits) */ #endif @@ -168,9 +168,9 @@ char *groupname = NULL; /* trusted host name (issuer name) */ char filename[MAXFILENAME + 1]; /* file name */ char *passwd1 = NULL; /* input private key password */ char *passwd2 = NULL; /* output private key password */ -#ifdef OPENSSL +#ifdef AUTOKEY long d0, d1, d2, d3; /* callback counters */ -#endif /* OPENSSL */ +#endif /* AUTOKEY */ #ifdef SYS_WINNT BOOL init_randfile(); @@ -218,7 +218,7 @@ main( { struct timeval tv; /* initialization vector */ int md5key = 0; /* generate MD5 keys */ -#ifdef OPENSSL +#ifdef AUTOKEY X509 *cert = NULL; /* X509 certificate */ X509_EXTENSION *ext; /* X509v3 extension */ EVP_PKEY *pkey_host = NULL; /* host key */ @@ -242,7 +242,7 @@ main( int nid; /* X509 digest/signature scheme */ FILE *fstr = NULL; /* file handle */ #define iffsw HAVE_OPT(ID_KEY) -#endif /* OPENSSL */ +#endif /* AUTOKEY */ char hostbuf[MAXHOSTNAME + 1]; char groupbuf[MAXHOSTNAME + 1]; @@ -259,7 +259,7 @@ main( #ifdef OPENSSL ssl_check_version(); fprintf(stderr, "Using OpenSSL version %lx\n", SSLeay()); -#endif /* OPENSSL */ +#endif /* OPENSSL */ /* * Process options, initialize host name and timestamp. @@ -279,7 +279,7 @@ main( if (HAVE_OPT( MD5KEY )) md5key++; -#ifdef OPENSSL +#ifdef AUTOKEY passwd1 = hostbuf; if (HAVE_OPT( PVT_PASSWD )) passwd1 = strdup(OPT_ARG( PVT_PASSWD )); @@ -416,7 +416,7 @@ main( if ((iffkey || gqkey || mvkey) && exten == NULL) fprintf(stderr, "Warning: identity files may not be useful with a nontrusted certificate.\n"); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /* * Create new unencrypted MD5 keys file if requested. If this @@ -427,7 +427,7 @@ main( exit (0); } -#ifdef OPENSSL +#ifdef AUTOKEY /* * Create a new encrypted RSA host key file if requested; * otherwise, look for an existing host key file. If not found, @@ -685,7 +685,7 @@ main( x509(pkey_sign, ectx, grpkey, exten, hostname); else x509(pkey_sign, ectx, grpkey, exten, groupname); -#endif /* OPENSSL */ +#endif /* AUTOKEY */ exit (0); } @@ -707,7 +707,7 @@ gen_md5( u_char keystr[MD5SIZE]; u_char hexstr[2 * MD5SIZE + 1]; u_char hex[] = "0123456789abcdef"; -#endif /* OPENSSL */ +#endif /* OPENSSL */ str = fheader("MD5key", id, groupname); ntp_srandom((u_long)epoch); @@ -740,13 +740,13 @@ gen_md5( fprintf(str, "%2d SHA1 %s # SHA1 key\n", i + MD5KEYS, hexstr); } -#endif /* OPENSSL */ +#endif /* OPENSSL */ fclose(str); return (1); } -#ifdef OPENSSL +#ifdef AUTOKEY /* * readkey - load cryptographic parameters and keys * @@ -2038,7 +2038,7 @@ genkey( fprintf(stderr, "Invalid %s key type %s\n", id, type); return (NULL); } -#endif /* OPENSSL */ +#endif /* AUTOKEY */ /*