From: Harlan Stenn Date: Sat, 8 Sep 2001 07:31:34 +0000 (-0400) Subject: Lose DES and MD5 manifests, lose rsaref stuff. X-Git-Tag: NTP_4_1_71~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dd16d6672caa409b41c03993f749f0df07edf09c;p=thirdparty%2Fntp.git Lose DES and MD5 manifests, lose rsaref stuff. bk: 3b99c956MWMonhJbOYSBJEUbb6syCQ --- diff --git a/Makefile.am b/Makefile.am index 664dc852ae..ee0437c224 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,7 +5,6 @@ SUBDIRS = \ scripts \ include \ ElectricFence \ - librsaref \ libntp \ libparse \ ntpd \ diff --git a/README b/README index ce516056b0..eb9e45cbfb 100644 --- a/README +++ b/README @@ -32,11 +32,9 @@ NEWS What's new in this release. README This file. -README.cvs Instructions for folks who use the CVS-repository +README.bk Instructions for folks who use the BitKeeper-repository version of NTP. -README.des If you *need* DES support. - README.hackers Notes to folks who want to hack on the code. TODO List of items the NTP developers are working on. @@ -111,8 +109,6 @@ kernel Directory containing sources for kernel programs such as libntp Directory containing library source code used by most programs in the distribution. -librsaref Staging directory for RSAREF. - ntp_update Update an NTP CVS tree. ntpdate Directory containing sources for a program to set the diff --git a/README.cvs b/README.cvs deleted file mode 100644 index 041b84ad2d..0000000000 --- a/README.cvs +++ /dev/null @@ -1,52 +0,0 @@ -To get the NTP distribution via anonymous CVS: - - % cvs -d :pserver:anoncvs@www.ntp.org:/cvs/ntp login - -the password is: anoncvs - - % rm -rf ntp - % cvs -d :pserver:anoncvs@www.ntp.org:/cvs/ntp co ntp - -after which the "ntp_update" script in the top-level of the tree should -keep things in synch and properly timestamped. - -PLEASE NOTE: - - When obtaining the NTP distribution directly via CVS instead of - using "ntp_update", the files are installed in an arbitrary - order. - - When you run "make", this may cause some of the generated files - to be reconstructed. - - If you do not have the right verison of automake and autoconf, - these files will be regenerated incorrectly. - - In this case, you can "fix" your distribution by running: - - ntp_update -C - - which will force any local changes to your NTP files to be - discarded and replaced with the versions in the repository. - - If "ntp_update -C" does not work just remove the "broken" - files (probably Makefile.in files) and re-run ntp_udate. - -There are some mailing lists for the NTP CVS distribution. For more -information, send a message to with the word "lists" -in the body of the message. - -If you get NTP via CVS, you MAY need to build the release using GNU make -and gcc. - -You can then "make dist" to build a release tarball that does not require -GNU make or gcc. - -The reason GNU make and gcc may be required is because the repository -version of NTP does not have the make dependencies built-in. These -dependencies are created dynamically, and this dynamic process may -require GNU make and gcc. - -I'm told that the version of automake we are now using does not require -GNU make or gcc for the dependency tracking, but I haven't tested this -yet. diff --git a/README.des b/README.des deleted file mode 100644 index 88f0aea066..0000000000 --- a/README.des +++ /dev/null @@ -1,16 +0,0 @@ -If you want DES support in ntp: - -- Use MD5 instead: -- - convert your DES keys to MD5 by changing the 'A', 'N' or 'S' to 'M' - -If you *need* DES support: - -- first see if you can simply "want" DES support instead -- Follow the instructions in README.rsa - -Be advised that the RSA DES code is not quite as portable as one might -wish for. In particular, DES under NTP will only work between machines -of the same "endianness". - -Dave would prefer that new/alternative encryption schemes follow the -RSA API. diff --git a/README.rsa b/README.rsa deleted file mode 100644 index 3568dbb0d5..0000000000 --- a/README.rsa +++ /dev/null @@ -1,105 +0,0 @@ -If you want to use the RSA stuff for crypto keys: - -- Get RSAREF or RSAEURO. -- - Unpack it in the top-level source directory of the NTP distribution - in a directory named rsaref2 or rsaeuro1, respectively - (You should see directories like ports, rsaref2, scripts) - -Make sure rsa.c has the security patch applied - a copy of it is at the -end of this file. - -When you run configure, the Right Thing will happen. - -Be advised that the RSA DES code is not quite as portable os one might -wish for. In particular, DES under NTP will only work between machines -of the same "endianness". - -Dave would prefer that new/alternative encryption schemes follow the -RSA API. - - ---- rsa.c.orig Fri Mar 25 14:01:48 1994 -+++ rsaref2/source/rsa.c Mon Dec 13 13:10:28 1999 -@@ -33,6 +33,9 @@ - unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN]; - unsigned int i, modulusLen; - -+ if (publicKey->bits > MAX_RSA_MODULUS_BITS) -+ return (RE_LEN); -+ - modulusLen = (publicKey->bits + 7) / 8; - if (inputLen + 11 > modulusLen) - return (RE_LEN); -@@ -78,6 +81,9 @@ - unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; - unsigned int i, modulusLen, pkcsBlockLen; - -+ if (publicKey->bits > MAX_RSA_MODULUS_BITS) -+ return (RE_LEN); -+ - modulusLen = (publicKey->bits + 7) / 8; - if (inputLen > modulusLen) - return (RE_LEN); -@@ -128,6 +134,9 @@ - int status; - unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; - unsigned int i, modulusLen; -+ -+ if (privateKey->bits > MAX_RSA_MODULUS_BITS) -+ return (RE_LEN); - - modulusLen = (privateKey->bits + 7) / 8; - if (inputLen + 11 > modulusLen) -@@ -168,6 +177,9 @@ - unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; - unsigned int i, modulusLen, pkcsBlockLen; - -+ if (privateKey->bits > MAX_RSA_MODULUS_BITS) -+ return (RE_LEN); -+ - modulusLen = (privateKey->bits + 7) / 8; - if (inputLen > modulusLen) - return (RE_LEN); - ---- rsa.c.orig Sat Sep 28 22:59:40 1996 -+++ rsaeuro1/source/rsa.c Sat Jul 8 00:33:13 2000 -@@ -51,6 +51,9 @@ R_RANDOM_STRUCT *randomStruct; /* rando - unsigned char byte, pkcsBlock[MAX_RSA_MODULUS_LEN]; - unsigned int i, modulusLen; - -+ if (publicKey->bits > MAX_RSA_MODULUS_BITS) -+ return (RE_LEN); -+ - modulusLen = (publicKey->bits + 7) / 8; - - if(inputLen + 11 > modulusLen) -@@ -101,6 +104,9 @@ R_RSA_PUBLIC_KEY *publicKey; /* RSA p - unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; - unsigned int i, modulusLen, pkcsBlockLen; - -+ if (publicKey->bits > MAX_RSA_MODULUS_BITS) -+ return (RE_LEN); -+ - modulusLen = (publicKey->bits + 7) / 8; - - if(inputLen > modulusLen) -@@ -154,6 +160,9 @@ R_RSA_PRIVATE_KEY *privateKey; /* RSA p - unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; - unsigned int i, modulusLen; - -+ if (privateKey->bits > MAX_RSA_MODULUS_BITS) -+ return (RE_LEN); -+ - modulusLen = (privateKey->bits + 7) / 8; - - if(inputLen + 11 > modulusLen) -@@ -193,6 +202,9 @@ R_RSA_PRIVATE_KEY *privateKey; /* RSA p - unsigned char pkcsBlock[MAX_RSA_MODULUS_LEN]; - unsigned int i, modulusLen, pkcsBlockLen; - -+ if (privateKey->bits > MAX_RSA_MODULUS_BITS) -+ return (RE_LEN); -+ - modulusLen = (privateKey->bits + 7) / 8; - - if(inputLen > modulusLen) diff --git a/acconfig.h b/acconfig.h index dfb0582a80..02fe262ad9 100644 --- a/acconfig.h +++ b/acconfig.h @@ -4,12 +4,6 @@ /* Minutes per DST adjustment */ #undef DSTMINUTES -/* MD5 authentication */ -#undef MD5 - -/* DES authentication (COCOM only) */ -#undef DES - /* time_t */ #undef time_t diff --git a/config.h.in b/config.h.in index ade6a59ad1..3e059bfecb 100644 --- a/config.h.in +++ b/config.h.in @@ -5,12 +5,6 @@ /* Minutes per DST adjustment */ #undef DSTMINUTES -/* MD5 authentication */ -#undef MD5 - -/* DES authentication (COCOM only) */ -#undef DES - /* time_t */ #undef time_t @@ -914,9 +908,6 @@ /* Define as the return type of signal handlers (`int' or `void'). */ #undef RETSIGTYPE -/* Use RSAREF? */ -#undef RSAREF - /* The size of a `int', as computed by sizeof. */ #undef SIZEOF_INT diff --git a/configure.in b/configure.in index 822d12bb44..046a187a8d 100644 --- a/configure.in +++ b/configure.in @@ -2335,58 +2335,23 @@ AC_MSG_RESULT($ans) AC_MSG_CHECKING(for the level of crypto support) AC_ARG_WITH(crypto, - AC_HELP_STRING([--with-crypto], [+ ={autokey,openssl,rsaref}]), -dnl AC_HELP_STRING([--with-crypto], [+ ={autokey,rsaref}]), + AC_HELP_STRING([--with-crypto], [+ ={autokey,openssl}]), [ans=$withval], [ans=yes]) case "$ans" in no) ;; - yes|rsaref|openssl) - case "$ans" in - rsaref) + yes|openssl) + if test -z "$OPENSSL_LIB" -o -z "$OPENSSL_INC" + then ans=no - ;; - *) - if test -z "$OPENSSL_LIB" -o -z "$OPENSSL_INC" - then - ans=no - else - # We have OpenSSL inc/lib - use them. - ans=openssl - CPPFLAGS="$CPPFLAGS -I$OPENSSL_INC" - LDFLAGS="$LDFLAGS -L$OPENSSL_LIB" - LIBS="$LIBS -lcrypto" - AC_DEFINE(DES) - AC_DEFINE(OPENSSL, , [Use OpenSSL?]) - AC_DEFINE(PUBKEY, , [Public key?]) - fi - ;; - esac - - case "$ans" in - no) - if test -f $srcdir/rsaref2/source/digit.c - then - ans=rsaref - RSAOBJS=digit.o - RSASRCS="digit.c digit.h" - RSADIR=rsaref2 - fi - if test -f $srcdir/rsaeuro1/source/rsaeuro.h - then - ans=rsaref - RSAOBJS="md4c.o shsc.o" - RSASRCS="md4c.c shsc.c" - RSADIR=rsaeuro1 - fi - if test "$ans" = "rsaref"; then - LIBRSAREF=../librsaref/librsaref.a - MAKE_LIBRSAREF=librsaref.a - AC_DEFINE(DES) - AC_DEFINE(PUBKEY) - AC_DEFINE(RSAREF, , [Use RSAREF?]) - fi - ;; - esac + else + # We have OpenSSL inc/lib - use them. + ans=openssl + CPPFLAGS="$CPPFLAGS -I$OPENSSL_INC" + LDFLAGS="$LDFLAGS -L$OPENSSL_LIB" + LIBS="$LIBS -lcrypto" + AC_DEFINE(OPENSSL, , [Use OpenSSL?]) + AC_DEFINE(PUBKEY, , [Public key?]) + fi ;; esac AC_SUBST(AUTOKEY) @@ -3175,9 +3140,8 @@ AC_DEFINE_DIR(NTP_KEYSDIR, sysconfdir, [Default location of crypto key info]) LIBOBJS=`echo $LIBOBJS|sed 's/\.o /\$U.o /g;s/\.o$/\$U.o/'` AC_CONFIG_FILES(Makefile adjtimed/Makefile clockstuff/Makefile \ -ElectricFence/Makefile -include/Makefile kernel/Makefile kernel/sys/Makefile libntp/Makefile \ -libparse/Makefile librsaref/Makefile ntpd/Makefile ntpdc/Makefile \ +ElectricFence/Makefile include/Makefile kernel/Makefile kernel/sys/Makefile \ +libntp/Makefile libparse/Makefile ntpd/Makefile ntpdc/Makefile \ ntpdate/Makefile ntpq/Makefile ntptrace/Makefile parseutil/Makefile \ scripts/Makefile scripts/calc_tickadj scripts/checktime scripts/freq_adj \ scripts/mkver scripts/ntp-wait scripts/ntpsweep scripts/ntpver \ diff --git a/include/ntp_machine.h b/include/ntp_machine.h index d14f5c1d28..b5a7acc1fd 100644 --- a/include/ntp_machine.h +++ b/include/ntp_machine.h @@ -495,8 +495,8 @@ struct servent *getservbyname P((char *name, char *type)); #endif /* - * Byte order woes. The DES code is sensitive to byte order. This - * used to be resolved by calling ntohl() and htonl() to swap things + * Byte order woes. + * This used to be resolved by calling ntohl() and htonl() to swap things * around, but this turned out to be quite costly on Vaxes where those * things are actual functions. The code now straightens out byte * order troubles on its own, with no performance penalty for little diff --git a/include/ntp_stdlib.h b/include/ntp_stdlib.h index d10f67946d..26557efa51 100644 --- a/include/ntp_stdlib.h +++ b/include/ntp_stdlib.h @@ -60,15 +60,6 @@ extern struct savekey *auth_findkey P((keyid_t)); extern int auth_moremem P((void)); extern int ymd2yd P((int, int, int)); -#ifdef DES -extern int DESauthdecrypt P((u_char *, u_int32 *, int, int)); -extern int DESauthencrypt P((u_char *, u_int32 *, int)); -extern void DESauth_setkey P((keyid_t, const u_int32 *)); -extern void DESauth_subkeys P((const u_int32 *, u_char *, u_char *)); -extern void DESauth_des P((u_int32 *, u_char *)); -extern int DESauth_parity P((u_int32 *)); -#endif /* DES */ - extern int MD5authdecrypt P((u_char *, u_int32 *, int, int)); extern int MD5authencrypt P((u_char *, u_int32 *, int)); extern void MD5auth_setkey P((keyid_t, const u_char *, const int)); diff --git a/libntp/Makefile.am b/libntp/Makefile.am index 654981b050..945cc7eaa4 100644 --- a/libntp/Makefile.am +++ b/libntp/Makefile.am @@ -2,7 +2,7 @@ AUTOMAKE_OPTIONS = ../util/ansi2knr noinst_LIBRARIES = libntp.a libntp_a_SOURCES = a_md5encrypt.c adjtime.c atoint.c atolfp.c atouint.c \ - authencrypt.c authkeys.c authparity.c authreadkeys.c authusekey.c \ + authkeys.c authreadkeys.c authusekey.c \ buftvtots.c caljulian.c calleapwhen.c caltontp.c calyearstart.c \ clocktime.c clocktypes.c decodenetnum.c dofptoa.c dolfptoa.c \ emalloc.c findconfig.c fptoa.c fptoms.c getopt.c hextoint.c \ @@ -17,7 +17,7 @@ EXTRA_libntp_a_SOURCES = adjtimex.c log.c mktime.c random.c snprintf.c \ strdup.c strerror.c libntp_a_LIBADD = @LIBOBJS@ libntp_a_DEPENDENCIES = @LIBOBJS@ -INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/librsaref +INCLUDES = -I$(top_srcdir)/include ETAGS_ARGS = Makefile.am noinst_HEADERS = lib_strbuf.h log.h diff --git a/libntp/authencrypt.c b/libntp/authencrypt.c deleted file mode 100644 index a03d47b582..0000000000 --- a/libntp/authencrypt.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * DES interface for rsaref2.0 - * - * These routines implement an interface for the RSA Laboratories - * implementation of the Data Encryption Standard (DES) algorithm - * operating in Cipher-Block Chaining (CBC) mode. This algorithm is - * included in the rsaref2.0 package available from RSA in the US and - * foreign countries. Further information is available at www.rsa.com. - */ -#ifdef HAVE_CONFIG_H -#include -#endif -#include -#include "ntp_types.h" -#include "ntp_string.h" -#include "ntp_stdlib.h" - -#ifdef DES - -/* - * DESauthencrypt - generate DES-CBC message authenticator - * - * Returns length of authenticator field. - */ -int -DESauthencrypt( - u_char *key, /* key pointer */ - u_int32 *pkt, /* packet pointer */ - int length /* packet length */ - ) -{ -} - - -/* - * DESauthdecrypt - verify DES message authenticator - * - * Returns one if authenticator valid, zero if invalid. - */ -int -DESauthdecrypt( - u_char *key, /* key pointer */ - u_int32 *pkt, /* packet pointer */ - int length, /* packet length */ - int size /* size of MAC field */ - ) -{ -} -#else -int authencrypt_bs; -#endif /* DES */ diff --git a/libntp/authkeys.c b/libntp/authkeys.c index f35d91c621..145fa025b8 100644 --- a/libntp/authkeys.c +++ b/libntp/authkeys.c @@ -23,9 +23,6 @@ struct savekey { struct savekey *next; union { long bogon; /* Make sure nonempty */ -#ifdef DES - u_int32 DES_key[2]; /* DES key */ -#endif u_char MD5_key[32]; /* MD5 key */ } k; keyid_t keyid; /* key identifier */ @@ -35,7 +32,6 @@ struct savekey { }; #define KEY_TRUSTED 0x001 /* this key is trusted */ -#define KEY_DES 0x100 /* this is a DES type key */ #define KEY_MD5 0x200 /* this is a MD5 type key */ /* @@ -168,12 +164,6 @@ authhavekey( cache_keylen = sk->keylen; return (1); } -#ifdef DES - if (sk->flags & KEY_DES) { - cache_key = (u_char *)sk->k.DES_key; - return (1); - } -#endif return (0); } @@ -308,60 +298,6 @@ authistrusted( } - -#ifdef DES -/* - * DESauth_setkey - set a key into the key array - */ -void -DESauth_setkey( - keyid_t keyno, - const u_int32 *key - ) -{ - struct savekey *sk; - - /* - * See if we already have the key. If so just stick in the - * new value. - */ - sk = key_hash[KEYHASH(keyno)]; - while (sk != 0) { - if (keyno == sk->keyid) { - sk->k.DES_key[0] = key[0]; - sk->k.DES_key[1] = key[1]; - sk->flags |= KEY_DES; - if (cache_keyid == keyno) - cache_flags = 0; - cache_keyid = 0; - return; - } - sk = sk->next; - } - - /* - * Need to allocate new structure. Do it. - */ - if (authnumfreekeys == 0) { - if (auth_moremem() == 0) - return; - } - sk = authfreekeys; - authfreekeys = sk->next; - authnumfreekeys--; - - sk->k.DES_key[0] = key[0]; - sk->k.DES_key[1] = key[1]; - sk->keyid = keyno; - sk->flags = KEY_DES; - sk->lifetime = 0; - sk->next = key_hash[KEYHASH(keyno)]; - key_hash[KEYHASH(keyno)] = sk; - authnumkeys++; - return; -} -#endif - void MD5auth_setkey( keyid_t keyno, @@ -512,11 +448,6 @@ authencrypt( if (!authhavekey(keyno)) return (0); -#ifdef DES - if (cache_flags & KEY_DES) - return (DESauthencrypt(cache_key, pkt, length)); -#endif - if (cache_flags & KEY_MD5) return (MD5authencrypt(cache_key, pkt, length)); @@ -549,11 +480,6 @@ authdecrypt( if (!authhavekey(keyno) || size < 4) return (0); -#ifdef DES - if (cache_flags & KEY_DES) - return (DESauthdecrypt(cache_key, pkt, length, size)); -#endif - if (cache_flags & KEY_MD5) return (MD5authdecrypt(cache_key, pkt, length, size)); diff --git a/libntp/authparity.c b/libntp/authparity.c deleted file mode 100644 index ea5eac0a6f..0000000000 --- a/libntp/authparity.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * auth_parity - set parity on a key/check for odd parity - */ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#ifdef DES -#include "ntp_stdlib.h" - -int -DESauth_parity( - u_int32 *key - ) -{ - u_int32 mask; - int parity_err; - int bitcount; - int half; - int byte; - int i; - - /* - * Go through counting bits in each byte. Check to see if - * each parity bit was set correctly. If not, note the error - * and set it right. - */ - parity_err = 0; - for (half = 0; half < 2; half++) { /* two halves of key */ - mask = 0x80000000; - for (byte = 0; byte < 4; byte++) { /* 4 bytes per half */ - bitcount = 0; - for (i = 0; i < 7; i++) { /* 7 data bits / byte */ - if (key[half] & mask) - bitcount++; - mask >>= 1; - } - - /* - * If bitcount is even, parity must be set. If - * bitcount is odd, parity must be clear. - */ - if ((bitcount & 0x1) == 0) { - if (!(key[half] & mask)) { - parity_err++; - key[half] |= mask; - } - } else { - if (key[half] & mask) { - parity_err++; - key[half] &= ~mask; - } - } - mask >>= 1; - } - } - - /* - * Return the result of the parity check. - */ - return (parity_err == 0); -} -#else -int authparity_bs; -#endif /* DES */ diff --git a/libntp/authreadkeys.c b/libntp/authreadkeys.c index ce5cefbb90..22020f3f85 100644 --- a/libntp/authreadkeys.c +++ b/libntp/authreadkeys.c @@ -9,19 +9,6 @@ #include "ntp_syslog.h" #include "ntp_stdlib.h" -#ifdef DES -/* - * Types of ascii representations for keys. "Standard" means a 64 bit - * hex number in NBS format, i.e. with the low order bit of each byte - * a parity bit. "NTP" means a 64 bit key in NTP format, with the - * high order bit of each byte a parity bit. "Ascii" means a 1-to-8 - * character string whose ascii representation is used as the key. - */ -#define KEY_TYPE_STD 1 -#define KEY_TYPE_NTP 2 -#define KEY_TYPE_ASCII 3 -#endif - /* * Arbitrary long string of ASCII characters. */ @@ -140,19 +127,6 @@ authreadkeys( continue; } switch (*token) { -#ifdef DES - case 'S': - case 's': - keytype = KEY_TYPE_STD; break; - - case 'N': - case 'n': - keytype = KEY_TYPE_NTP; break; - - case 'A': - case 'a': - keytype = KEY_TYPE_ASCII; break; -#endif case 'M': case 'm': keytype = KEY_TYPE_MD5; break; @@ -173,17 +147,6 @@ authreadkeys( keyno); } else { switch(keytype) { -#ifdef DES - case KEY_TYPE_STD: - case KEY_TYPE_NTP: - case KEY_TYPE_ASCII: - if (!authusekey(keyno, keytype, - (u_char *)token)) - msyslog(LOG_ERR, - "format/parity error for DES key %ld, not used", - keyno); - break; -#endif case KEY_TYPE_MD5: if (!authusekey(keyno, keytype, (u_char *)token)) diff --git a/libntp/authusekey.c b/libntp/authusekey.c index 18b8ba00ec..40dd3737dd 100644 --- a/libntp/authusekey.c +++ b/libntp/authusekey.c @@ -15,14 +15,6 @@ * high order bit of each byte a parity bit. "Ascii" means a 1-to-8 * character string whose ascii representation is used as the key. */ -#ifdef DES -#define KEY_TYPE_STD 1 -#define KEY_TYPE_NTP 2 -#define KEY_TYPE_ASCII 3 - -#define STD_PARITY_BITS ((unsigned)0x01010101) - -#endif #define KEY_TYPE_MD5 4 @@ -33,13 +25,6 @@ authusekey( const u_char *str ) { -#ifdef DES - u_int32 key[2]; - u_char keybytes[8]; - char *xdigit; - int i; - static const char *hex = "0123456789abcdef"; -#endif const u_char *cp; int len; @@ -49,74 +34,6 @@ authusekey( return 0; switch(keytype) { -#ifdef DES - case KEY_TYPE_STD: - case KEY_TYPE_NTP: - if (len != 16) /* Lazy. Should define constant */ - return 0; - /* - * Decode hex key. - */ - key[0] = 0; - key[1] = 0; - for (i = 0; i < 16; i++) { - if (!isascii(*cp)) - return 0; - xdigit = strchr(hex, isupper(*cp) ? tolower(*cp) : *cp); - cp++; - if (xdigit == 0) - return 0; - key[i>>3] <<= 4; - key[i>>3] |= (u_int32)(xdigit - hex) & 0xf; - } - - /* - * If this is an NTP format key, put it into NBS format - */ - if (keytype == KEY_TYPE_NTP) { - for (i = 0; i < 2; i++) - key[i] = ((key[i] << 1) & ~STD_PARITY_BITS) - | ((key[i] >> 7) & STD_PARITY_BITS); - } - - /* - * Check the parity, reject the key if the check fails - */ - if (!DESauth_parity(key)) { - return 0; - } - - /* - * We can't find a good reason not to use this key. - * So use it. - */ - DESauth_setkey(keyno, key); - break; - - case KEY_TYPE_ASCII: - /* - * Make up key from ascii representation - */ - memset((char *) keybytes, 0, sizeof(keybytes)); - for (i = 0; i < 8 && i < len; i++) - keybytes[i] = *cp++ << 1; - key[0] = (u_int32)keybytes[0] << 24 | (u_int32)keybytes[1] << 16 - | (u_int32)keybytes[2] << 8 | (u_int32)keybytes[3]; - key[1] = (u_int32)keybytes[4] << 24 | (u_int32)keybytes[5] << 16 - | (u_int32)keybytes[6] << 8 | (u_int32)keybytes[7]; - - /* - * Set parity on key - */ - (void)DESauth_parity(key); - - /* - * Now set key in. - */ - DESauth_setkey(keyno, key); - break; -#endif - case KEY_TYPE_MD5: MD5auth_setkey(keyno, str, (int)strlen((const char *)str)); break; diff --git a/librsaref/Makefile.am b/librsaref/Makefile.am deleted file mode 100644 index 889251ebcb..0000000000 --- a/librsaref/Makefile.am +++ /dev/null @@ -1,60 +0,0 @@ -#AUTOMAKE_OPTIONS = ../util/ansi2knr no-dependencies -#AUTOMAKE_OPTIONS = ../util/ansi2knr -noinst_LIBRARIES = @MAKE_LIBRSAREF@ -EXTRA_LIBRARIES = librsaref.a -CLEANFILES = $(EXTRA_LIBRARIES) - -# NOTES: -# don't use RSAREF's global.h - we use ours. - -nodist_librsaref_a_SOURCES = \ - desc.c \ - md2c.c \ - md5c.c \ - nn.c \ - prime.c \ - r_dh.c \ - r_encode.c \ - r_enhanc.c \ - r_keygen.c \ - r_random.c \ - r_stdlib.c \ - rsa.c \ - des.h \ - md2.h \ - md5.h \ - nn.h \ - prime.h \ - r_random.h \ - rsa.h \ - rsaref.h @RSASRCS@ - -librsaref_a_LIBADD = @RSAOBJS@ -librsaref_a_DEPENDENCIES = $(librsaref_a_LIBADD) - -BUILT_SOURCES = $(nodist_librsaref_a_SOURCES) -INCLUDES = -I$(top_srcdir)/include -ETAGS_ARGS = Makefile.am - -DISTCLEANFILES = $(nodist_librsaref_a_SOURCES) stamp-rsaref - -#EXTRA_DIST = - -$(nodist_librsaref_a_SOURCES): stamp-rsaref - -stamp-rsaref: - @rm -f stamp-rsaref stamp-rsarefT - @echo timestamp > stamp-rsarefT 2> /dev/null - for i in $(nodist_librsaref_a_SOURCES); do \ - case "@MAKE_LIBRSAREF@" in \ - '') touch $$i ;; \ - *) case "$$i" in \ - *.h) r_dst=$(srcdir)/$$i ;; \ - *) r_dst=$$i ;; \ - esac ; \ - cmp -s $${r_dst} $(srcdir)/../@RSADIR@/source/$$i 2>/dev/null \ - || cp $(srcdir)/../@RSADIR@/source/$$i $${r_dst} ;; \ - esac ; \ - done - @echo timestamp > stamp-rsarefT 2> /dev/null - @mv stamp-rsarefT stamp-rsaref diff --git a/ntpd/Makefile.am b/ntpd/Makefile.am index 718d9969fe..02b28f8daf 100644 --- a/ntpd/Makefile.am +++ b/ntpd/Makefile.am @@ -1,9 +1,9 @@ #AUTOMAKE_OPTIONS = ../util/ansi2knr no-dependencies AUTOMAKE_OPTIONS = ../util/ansi2knr bin_PROGRAMS = ntpd -INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/librsaref +INCLUDES = -I$(top_srcdir)/include # LDADD might need RESLIB and ADJLIB -LDADD = version.o @LIBPARSE@ ../libntp/libntp.a @LIBRSAREF@ +LDADD = version.o @LIBPARSE@ ../libntp/libntp.a # ntpd may need: # log10 refclock_wwv.o # sqrt ntp_control.o @@ -45,6 +45,6 @@ $(PROGRAMS): $(LDADD) ../libparse/libparse.a: cd ../libparse && $(MAKE) -version.o: $(ntpd_OBJECTS) ../libntp/libntp.a @LIBPARSE@ @LIBRSAREF@ Makefile +version.o: $(ntpd_OBJECTS) ../libntp/libntp.a @LIBPARSE@ Makefile $(top_builddir)/scripts/mkver ntpd $(COMPILE) -c version.c diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index ae6625782e..b0ac21747a 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -426,7 +426,7 @@ receive( * the game to reduce the exposure to a clogging attack. Now we * have to burn some cycles to find the association and * authenticate the packet if required. Note that we burn only - * MD5 or DES cycles, again to reduce exposure. There may be no + * MD5 cycles, again to reduce exposure. There may be no * matching association and that's okay. * * More on the autokey mambo. Normally the local interface is diff --git a/ntpdate/Makefile.am b/ntpdate/Makefile.am index ea551083ba..cf781b8d3f 100644 --- a/ntpdate/Makefile.am +++ b/ntpdate/Makefile.am @@ -4,7 +4,7 @@ bin_PROGRAMS = ntpdate ntptimeset ntptimeset_SOURCES = ntptimeset.c ntptime_config.c INCLUDES = -I$(top_srcdir)/include # LDADD might need RESLIB and ADJLIB -LDADD = version.o ../libntp/libntp.a @LIBRSAREF@ +LDADD = version.o ../libntp/libntp.a DISTCLEANFILES = .version version.c stamp-v noinst_HEADERS = ntpdate.h #EXTRA_DIST = ntpdate.mak @@ -15,6 +15,6 @@ $(PROGRAMS): $(LDADD) ../libntp/libntp.a: cd ../libntp && $(MAKE) -version.o: $(ntpdate_OBJECTS) ../libntp/libntp.a @LIBRSAREF@ Makefile +version.o: $(ntpdate_OBJECTS) ../libntp/libntp.a Makefile $(top_builddir)/scripts/mkver ntpdate $(COMPILE) -c version.c diff --git a/ntpdc/Makefile.am b/ntpdc/Makefile.am index 19e9cfa792..368d461ff4 100644 --- a/ntpdc/Makefile.am +++ b/ntpdc/Makefile.am @@ -3,7 +3,7 @@ AUTOMAKE_OPTIONS = ../util/ansi2knr bin_PROGRAMS = ntpdc INCLUDES = -I$(top_srcdir)/include # LDADD might need RESLIB and ADJLIB -LDADD = version.o ../libntp/libntp.a @LIBRSAREF@ +LDADD = version.o ../libntp/libntp.a DISTCLEANFILES = .version version.c noinst_HEADERS = ntpdc.h #EXTRA_DIST = ntpdc.mak @@ -16,6 +16,6 @@ $(PROGRAMS): $(LDADD) ../libntp/libntp.a: cd ../libntp && $(MAKE) -version.o: $(ntpdc_OBJECTS) ../libntp/libntp.a @LIBRSAREF@ Makefile +version.o: $(ntpdc_OBJECTS) ../libntp/libntp.a Makefile $(top_builddir)/scripts/mkver ntpdc $(COMPILE) -c version.c diff --git a/ntpdc/ntpdc.c b/ntpdc/ntpdc.c index 09ba6333c8..2d737f62b9 100644 --- a/ntpdc/ntpdc.c +++ b/ntpdc/ntpdc.c @@ -45,12 +45,11 @@ static const char * prompt = "ntpdc> "; /* prompt to ask him about */ static u_long info_auth_keyid; /* - * Type of key md5 or des + * Type of key md5 */ -#define KEY_TYPE_DES 3 #define KEY_TYPE_MD5 4 -static int info_auth_keytype = KEY_TYPE_MD5; /* MD5*/ +static int info_auth_keytype = KEY_TYPE_MD5; /* MD5 */ u_long current_time; /* needed by authkeys; not used */ int ntpdcmain P((int, char **)); @@ -786,8 +785,7 @@ sendrequest( info_auth_keyid = maclen; } if (!authistrusted(info_auth_keyid)) { - pass = getpass((info_auth_keytype == KEY_TYPE_DES) - ? "DES Password: " : "MD5 Password: "); + pass = getpass("MD5 Password: "); if (*pass == '\0') { (void) fprintf(stderr, "Invalid password\n"); @@ -1501,7 +1499,7 @@ keytype( { if (pcmd->nargs == 0) fprintf(fp, "keytype is %s\n", - (info_auth_keytype == KEY_TYPE_MD5) ? "MD5" : "DES"); + (info_auth_keytype == KEY_TYPE_MD5) ? "MD5" : "???"); else switch (*(pcmd->argval[0].string)) { case 'm': @@ -1509,13 +1507,8 @@ keytype( info_auth_keytype = KEY_TYPE_MD5; break; - case 'd': - case 'D': - info_auth_keytype = KEY_TYPE_DES; - break; - default: - fprintf(fp, "keytype must be 'md5' or 'des'\n"); + fprintf(fp, "keytype must be 'md5'\n"); } } @@ -1545,10 +1538,7 @@ passwd( (u_char *)pcmd->argval[0].string); authtrust(info_auth_keyid, 1); } else { - pass = getpass((info_auth_keytype == KEY_TYPE_DES) - ? "DES Password: " - : "MD5 Password: " - ); + pass = getpass("MD5 Password: "); if (*pass == '\0') (void) fprintf(fp, "Password unchanged\n"); else { diff --git a/ntpq/Makefile.am b/ntpq/Makefile.am index 90f4c398b7..813dc64eb0 100644 --- a/ntpq/Makefile.am +++ b/ntpq/Makefile.am @@ -3,7 +3,7 @@ AUTOMAKE_OPTIONS = ../util/ansi2knr bin_PROGRAMS = ntpq INCLUDES = -I$(top_srcdir)/include # LDADD might need RESLIB and ADJLIB -LDADD = version.o ../libntp/libntp.a @LIBRSAREF@ +LDADD = version.o ../libntp/libntp.a DISTCLEANFILES = .version version.c noinst_HEADERS = ntpq.h #EXTRA_DIST = ntpq.mak @@ -16,6 +16,6 @@ $(PROGRAMS): $(LDADD) ../libntp/libntp.a: cd ../libntp && $(MAKE) -version.o: $(ntpq_OBJECTS) ../libntp/libntp.a @LIBRSAREF@ Makefile +version.o: $(ntpq_OBJECTS) ../libntp/libntp.a Makefile $(top_builddir)/scripts/mkver ntpq $(COMPILE) -c version.c diff --git a/ntpq/ntpq.c b/ntpq/ntpq.c index 34404b25b3..ba671ae298 100644 --- a/ntpq/ntpq.c +++ b/ntpq/ntpq.c @@ -46,9 +46,8 @@ const char *prompt = "ntpq> "; /* prompt to ask him about */ u_long info_auth_keyid = NTP_MAXKEY; /* - * Type of key md5 or des + * Type of key md5 */ -#define KEY_TYPE_DES 3 #define KEY_TYPE_MD5 4 static int info_auth_keytype = KEY_TYPE_MD5; /* MD5 */ @@ -1123,8 +1122,7 @@ sendrequest( } } if (!authistrusted(info_auth_keyid)) { - pass = getpass((info_auth_keytype == KEY_TYPE_DES) - ? "DES Password: " : "MD5 Password: "); + pass = getpass("MD5 Password: "); if (*pass == '\0') { (void) fprintf(stderr, "Invalid password\n"); @@ -2141,7 +2139,7 @@ keytype( { if (pcmd->nargs == 0) fprintf(fp, "keytype is %s\n", - (info_auth_keytype == KEY_TYPE_MD5) ? "MD5" : "DES"); + (info_auth_keytype == KEY_TYPE_MD5) ? "MD5" : "???"); else switch (*(pcmd->argval[0].string)) { case 'm': @@ -2149,13 +2147,8 @@ keytype( info_auth_keytype = KEY_TYPE_MD5; break; - case 'd': - case 'D': - info_auth_keytype = KEY_TYPE_DES; - break; - default: - fprintf(fp, "keytype must be 'md5' or 'des'\n"); + fprintf(fp, "keytype must be 'md5'\n"); } } @@ -2180,10 +2173,7 @@ passwd( return; } } - pass = getpass((info_auth_keytype == KEY_TYPE_DES) - ? "DES Password: " - : "MD5 Password: " - ); + pass = getpass("MD5 Password: "); if (*pass == '\0') (void) fprintf(fp, "Password unchanged\n"); else diff --git a/ports/winnt/include/config.h b/ports/winnt/include/config.h index 99bf623fc1..045a7c3847 100644 --- a/ports/winnt/include/config.h +++ b/ports/winnt/include/config.h @@ -18,8 +18,6 @@ #endif # undef OPEN_BCAST_SOCKET /* for ntp_io.c */ # undef UDP_WILDCARD_DELIVERY /* for ntp_io.c */ /* 98/06/01 */ -# undef DES /* from libntp.mak */ -# define MD5 /* from libntp.mak */ # define HAVE_RANDOM #define MAXHOSTNAMELEN 64 #define AUTOKEY diff --git a/util/Makefile.am b/util/Makefile.am index 95a9842d89..68909ba09c 100644 --- a/util/Makefile.am +++ b/util/Makefile.am @@ -5,10 +5,10 @@ bin_PROGRAMS = @MAKE_NTPTIME@ @MAKE_TICKADJ@ @MAKE_TIMETRIM@ genkeys EXTRA_PROGRAMS = byteorder hist jitter kern longsize ntptime \ precision sht testrs6000 tickadj timetrim -#ntp_genkeys_LDADD = ../ntpd/ntp_config$U.o ../libntp/libntp.a $(LIBRSAREF) -#ntp_genkeys_DEPENDENCIES = ../ntpd/ntp_config$U.o ../libntp/libntp.a $(LIBRSAREF) +#ntp_genkeys_LDADD = ../ntpd/ntp_config$U.o ../libntp/libntp.a +#ntp_genkeys_DEPENDENCIES = ../ntpd/ntp_config$U.o ../libntp/libntp.a -INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/librsaref +INCLUDES = -I$(top_srcdir)/include # LDADD might need RESLIB and ADJLIB LDADD = ../libntp/libntp.a #EXTRA_DIST = README TAGS diff --git a/util/ntp-genkeys.c b/util/ntp-genkeys.c index fd85121046..15c8412f32 100644 --- a/util/ntp-genkeys.c +++ b/util/ntp-genkeys.c @@ -45,7 +45,7 @@ /* * This program generates (up to) four files: * - * ntp.keys containing the DES/MD5 private keys, + * ntp.keys containing the MD5 private keys, * ntpkey containing the RSA private key, * ntpkey_HOST containing the RSA public key * where HOST is the DNS name of the generating machine, @@ -76,7 +76,7 @@ * distributed by secure means to other servers and clients sharing the * same security compartment. * - * The key identifiers for MD5 and DES keys must be less than 65536, + * The key identifiers for MD5 keys must be less than 65536, * although this program uses only the identifiers from 1 to 16. The key * identifier for each association is specified as the key argument in * the server or peer configuration file command.