From: Harlan Stenn Date: Mon, 26 Jan 2009 07:08:57 +0000 (-0500) Subject: Cleanup/fixes for ntp_proto.c and ntp_crypto.c from Dave Mills X-Git-Tag: NTP_4_2_5P157~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e242b92970fb465e8fbb8d8e3cd0157b1cc4f79;p=thirdparty%2Fntp.git Cleanup/fixes for ntp_proto.c and ntp_crypto.c from Dave Mills bk: 497d6189GS1k95ZrC91cvGgQh-xK_Q --- diff --git a/ChangeLog b/ChangeLog index d8b48d477..b3e4b4c4c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,4 @@ +* Cleanup/fixes for ntp_proto.c and ntp_crypto.c from Dave Mills. (4.2.5p156) 2009/01/19 Released by Harlan Stenn * [Bug 1118] Fixed sign extension for 32 bit time_t in caljulian() and prettydate(). Fixed some compiler warnings about missing prototypes. diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c index 81c5689d6..f5e423792 100644 --- a/ntpd/ntp_crypto.c +++ b/ntpd/ntp_crypto.c @@ -328,7 +328,7 @@ make_keylist( cookie, lifetime + mpoll); lifetime -= mpoll; if (auth_havekey(keyid) || keyid <= NTP_MAXKEY || - lifetime < 0) + lifetime < 0 || tstamp == 0) break; } @@ -871,6 +871,9 @@ crypto_recv( * Install autokey values and light the * autokey bit. This is not hard. */ + if (ep->tstamp == 0) + break; + if (peer->recval.ptr == NULL) peer->recval.ptr = emalloc(sizeof(struct autokey)); @@ -1084,6 +1087,8 @@ crypto_xmit( * synchronized, light the error bit and go home. */ pkt = (u_int32 *)xpkt + *start / 4; + fp = (struct exten *)pkt; + opcode = ntohl(ep->opcode); if (peer != NULL) { srcadr_sin = &peer->srcadr; if (!(opcode & CRYPTO_RESP)) @@ -1091,8 +1096,6 @@ crypto_xmit( } else { srcadr_sin = &rbufp->recv_srcadr; } - fp = (struct exten *)pkt; - opcode = ntohl(ep->opcode); associd = (associd_t) ntohl(ep->associd); fp->associd = ep->associd; len = 8; @@ -1443,7 +1446,7 @@ crypto_verify( * signature field lengths. The extension field length must be * long enough to contain the value header, value and signature. * Note both the value and signature field lengths are rounded - * up to the next word. + * up to the next word (4 octets). */ vallen = ntohl(ep->vallen); if (vallen == 0) @@ -1458,13 +1461,14 @@ crypto_verify( /* * Check for valid timestamp and filestamp. If the timestamp is * zero, the sender is not synchronized and signatures are - * disregarded. If not, the timestamp must not precede the + * not possible. If nonzero the timestamp must not precede the * filestamp. The timestamp and filestamp must not precede the - * corresponding values in the value structure, if present. */ + * corresponding values in the value structure, if present. + */ tstamp = ntohl(ep->tstamp); fstamp = ntohl(ep->fstamp); if (tstamp == 0) - return (XEVNT_OK); + return (XEVNT_TSP); if (tstamp < fstamp) return (XEVNT_TSP); @@ -1481,6 +1485,14 @@ crypto_verify( } } + /* + * At the time the certificate message is validated, the public + * key in the message is not available. Thus, don't try to + * verify the signature. + */ + if (opcode == (CRYPTO_CERT | CRYPTO_RESP)) + return (XEVNT_OK); + /* * Check for valid signature length, public key and digest * algorithm. @@ -1490,7 +1502,7 @@ crypto_verify( else pkey = peer->pkey; if (siglen == 0 || pkey == NULL || peer->digest == NULL) - return (XEVNT_OK); + return (XEVNT_ERR); if (siglen != (u_int)EVP_PKEY_size(pkey)) return (XEVNT_SGL); @@ -1498,11 +1510,12 @@ crypto_verify( /* * Darn, I thought we would never get here. Verify the * signature. If the identity exchange is verified, light the - * proventic bit. + * proventic bit. What a relief. */ EVP_VerifyInit(&ctx, peer->digest); EVP_VerifyUpdate(&ctx, (u_char *)&ep->tstamp, vallen + 12); - if (EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen, pkey) <= 0) + if (EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen, + pkey) <= 0) return (XEVNT_SIG); if (peer->crypto & CRYPTO_FLAG_VRFY) @@ -3013,12 +3026,14 @@ cert_sign( ptr = vp->ptr; i2d_X509(cert, &ptr); vp->siglen = 0; - vp->sig = emalloc(sign_siglen); - EVP_SignInit(&ctx, sign_digest); - EVP_SignUpdate(&ctx, (u_char *)vp, 12); - EVP_SignUpdate(&ctx, vp->ptr, len); - if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) - vp->siglen = htonl(len); + if (tstamp != 0) { + vp->sig = emalloc(sign_siglen); + EVP_SignInit(&ctx, sign_digest); + EVP_SignUpdate(&ctx, (u_char *)vp, 12); + EVP_SignUpdate(&ctx, vp->ptr, len); + if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) + vp->siglen = htonl(len); + } #ifdef DEBUG if (debug > 1) X509_print_fp(stdout, cert); diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index a69b38330..95945cf1a 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -984,7 +984,7 @@ receive( * interleaved modes or is horribly broken. */ if (L_ISZERO(&p_xmt)) { - peer->flash |= TEST3; /* unsynch */ + peer->flash |= TEST3; /* unsynch */ /* * If the transmit timestamp duplicates a previous one, the @@ -1110,14 +1110,10 @@ receive( */ peer->ppoll = max(peer->minpoll, pkt->ppoll); if (hismode == MODE_SERVER && hisleap == LEAP_NOTINSYNC && - hisstratum == STRATUM_UNSPEC && &pkt->refid != 0) { + hisstratum == STRATUM_UNSPEC && memcmp(&pkt->refid, + "RATE", 4) == 0) { peer->selbroken++; - if (memcmp(&pkt->refid, "RATE", 4) == 0) { - report_event(PEVNT_RATE, peer, NULL); - } else if (memcmp(&pkt->refid, "DENY", 4) == 0) { - peer->flash |= TEST4; /* access denied */ - report_event(PEVNT_DENY, peer, NULL); - } + report_event(PEVNT_RATE, peer, NULL); if (pkt->ppoll > peer->minpoll) peer->minpoll = peer->ppoll; peer->burst = peer->retry = 0; @@ -1698,11 +1694,11 @@ clock_update( clear_all(); sys_leap = LEAP_NOTINSYNC; sys_stratum = STRATUM_UNSPEC; + memcpy(&sys_refid, "STEP", 4); sys_rootdelay = 0; sys_rootdisp = 0; L_CLR(&sys_reftime); sys_jitter = LOGTOD(sys_precision); - memcpy(&sys_refid, "STEP", 4); leapsec = 0; break; @@ -3374,7 +3370,7 @@ peer_unfit( /* * A loop error occurs if the remote peer is synchronized to the - * local peer of if the remote peer is synchronized to the same + * local peer or if the remote peer is synchronized to the same * server as the local peer but only if the remote peer is * neither a reference clock nor an orphan. */ @@ -3469,14 +3465,13 @@ init_proto(void) */ sys_leap = LEAP_NOTINSYNC; sys_stratum = STRATUM_UNSPEC; + memcpy(&sys_refid, "INIT", 4); sys_peer = NULL; sys_rootdelay = 0; sys_rootdisp = 0; L_CLR(&sys_reftime); sys_jitter = 0; sys_peer = NULL; - - memcpy(&sys_refid, "INIT", 4); sys_precision = (s_char)default_get_precision(); get_systime(&dummy); sys_survivors = 0;