From: Dave Hart Date: Sat, 7 Nov 2009 07:57:11 +0000 (+0000) Subject: [Bug 1366] ioctl(TIOCSCTTY, 0) fails on NetBSD *[0-2].* > 3.99.7. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb2ded2d5afd7a0fa61b310766bebb2c88ff5ff9;p=thirdparty%2Fntp.git [Bug 1366] ioctl(TIOCSCTTY, 0) fails on NetBSD *[0-2].* > 3.99.7. initialize OpenSSL before first use in libntp ntpq, ntpdc, ntpdate use OpenSSL and need applink on Windows add crypto digest and setvar default tests to ntpd/complete.conf bk: 4af52857DNznkuwu5xe8TZ_VUUtWUQ --- diff --git a/ChangeLog b/ChangeLog index b5cb73706d..3e08967962 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,5 @@ +* [Bug 1366] ioctl(TIOCSCTTY, 0) fails on NetBSD *[0-2].* > 3.99.7. +* CID 87 dead code in ntpq.c atoascii(). (4.2.5p240-RC) 2009/11/05 Released by Harlan Stenn * [Bug 1364] clock_gettime() not detected, need -lrt on Debian 5.0.3. * Provide all of OpenSSL's signature methods for ntp.keys (FIPS 140-2). diff --git a/configure.ac b/configure.ac index a41d5a221e..a0fb8efdbb 100644 --- a/configure.ac +++ b/configure.ac @@ -1736,32 +1736,50 @@ case "$ac_cv_arg_setpgrp_negpid" in yes) AC_DEFINE(UDP_BACKWARDS_SETOWN, 1, [Do we set process groups with -pid?]) ;; esac -AC_CACHE_CHECK([if we need a ctty for F_SETOWN], ac_cv_func_ctty_for_f_setown, -[[case "$host" in - *-*-bsdi[23]*) - ans=yes - ;; - *-*-freebsd*) - ans=yes - ;; - *-*-netbsd*3.[0-8]*|*-*-netbsd*[0-2].*|*-*-netbsd*3.99.[0-7]) - ans=yes - ;; - *-*-openbsd*) - ans=yes - ;; - *-*-osf*) - ans=yes - ;; - *-*-darwin*) - ans=yes - ;; - *) ans=no - ;; -esac -ac_cv_func_ctty_for_f_setown=$ans]]) -case "$ac_cv_func_ctty_for_f_setown" in - yes) AC_DEFINE(USE_FSETOWNCTTY, 1, [Must we have a CTTY for fsetown?]) ;; +AC_CACHE_CHECK( + [if we need a ctty for F_SETOWN], + ntp_cv_func_ctty_for_f_setown, + [ + case "$host" in + *-*-bsdi[23]*) + ans=yes + ;; + *-*-freebsd*) + ans=yes + ;; + # NetBSD versions prior to 3.99.8 require a CTTY for F_SETOWN, + # while later versions will fail the ioctl(TIOCSCTTY, 0) call + # and so must not have USE_FSETOWNCTTY. + *-*-netbsdaout3.[0-8]*|*-*-netbsdaout[0-2].*|*-*-netbsdaout3.99.[0-7]) + ans=yes + ;; + *-*-netbsdecoff3.[0-8]*|*-*-netbsdecoff[0-2].*|*-*-netbsdecoff3.99.[0-7]) + ans=yes + ;; + *-*-netbsdelf3.[0-8]*|*-*-netbsdelf[0-2].*|*-*-netbsdelf3.99.[0-7]) + ans=yes + ;; + *-*-netbsd3.[0-8]*|*-*-netbsd[0-2].*|*-*-netbsd3.99.[0-7]) + ans=yes + ;; + *-*-openbsd*) + ans=yes + ;; + *-*-osf*) + ans=yes + ;; + *-*-darwin*) + ans=yes + ;; + *) + ans=no + esac + ntp_cv_func_ctty_for_f_setown=$ans + ] +) +case "$ntp_cv_func_ctty_for_f_setown" in + yes) + AC_DEFINE(USE_FSETOWNCTTY, 1, [Must we have a CTTY for fsetown?]) esac AC_CACHE_CHECK([if the OS fails to clear cached routes when more specific routes become available], ac_cv_os_routeupdates, diff --git a/include/Makefile.am b/include/Makefile.am index 517a66802c..95a53c7dcd 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -60,6 +60,7 @@ noinst_HEADERS = \ parse_conf.h \ recvbuff.h \ refclock_atom.h \ + ssl_applink.c \ timepps-SCO.h \ timepps-Solaris.h \ timepps-SunOS.h \ diff --git a/include/ntp.h b/include/ntp.h index c6c2f7f4d1..5b2a1c9f04 100644 --- a/include/ntp.h +++ b/include/ntp.h @@ -8,6 +8,7 @@ #include #include +#include #ifdef OPENSSL #include #endif /* OPENSSL */ @@ -139,7 +140,7 @@ typedef char s_char; * Miscellaneous stuff */ #define NTP_MAXKEY 65535 /* max authentication key number */ -#define KEY_TYPE_MD5 4 /* MD5 digest NID */ +#define KEY_TYPE_MD5 NID_md5 /* MD5 digest NID */ /* * Limits of things */ diff --git a/include/ntp_request.h b/include/ntp_request.h index 9e4706c230..9ed644c395 100644 --- a/include/ntp_request.h +++ b/include/ntp_request.h @@ -153,7 +153,7 @@ struct req_pkt_tail { */ #define REQ_LEN_HDR 8 /* 4 * u_char + 2 * u_short */ #define REQ_LEN_MAC (sizeof(struct req_pkt)) -#define REQ_LEN_NOMAC (sizeof(struct req_pkt) - MAX_MAC_LEN) +#define REQ_LEN_NOMAC (sizeof(struct req_pkt) - MAX_MD5_LEN) /* * A response packet. The length here is variable, this is a diff --git a/include/ntp_stdlib.h b/include/ntp_stdlib.h index c7c9e4abd9..d078249459 100644 --- a/include/ntp_stdlib.h +++ b/include/ntp_stdlib.h @@ -156,6 +156,19 @@ extern int ipv6_works; typedef void (*pset_tod_using)(const char *); extern pset_tod_using set_tod_using; +/* ssl_init.c */ +#ifdef OPENSSL +extern void ssl_init (void); +extern int ssl_init_done; +#define INIT_SSL() \ + do { \ + if (!ssl_init_done) \ + ssl_init(); \ + } while (0) +#else /* !OPENSSL follows */ +#define INIT_SSL() do {} while (0) +#endif + /* lib/isc/win32/strerror.c * * To minimize Windows-specific changes to the rest of the NTP code, diff --git a/include/ssl_applink.c b/include/ssl_applink.c new file mode 100644 index 0000000000..ba1f4a8fe9 --- /dev/null +++ b/include/ssl_applink.c @@ -0,0 +1,74 @@ +/* + * include/ssl_applink.c -- common NTP code for openssl/applink.c + * + * Each program which uses OpenSSL should include this file in _one_ + * of its source files and call ssl_applink() before any OpenSSL + * functions. + */ + +#if defined(OPENSSL) && defined(SYS_WINNT) +# ifdef _MSC_VER +# pragma warning(push) +# pragma warning(disable: 4152) +# endif +# include +# ifdef _MSC_VER +# pragma warning(pop) +# endif +#endif + +#if defined(OPENSSL) && defined(_MSC_VER) && defined(_DEBUG) +#define WRAP_DBG_MALLOC +#endif + +#ifdef WRAP_DBG_MALLOC +void *wrap_dbg_malloc(size_t s, const char *f, int l); +void *wrap_dbg_realloc(void *p, size_t s, const char *f, int l); +void wrap_dbg_free(void *p); +#endif + + +#if defined(OPENSSL) && defined(SYS_WINNT) +void ssl_applink(void); + +void +ssl_applink(void) +{ +#ifdef WRAP_DBG_MALLOC + CRYPTO_set_mem_ex_functions(wrap_dbg_malloc, wrap_dbg_realloc, wrap_dbg_free); +#else + CRYPTO_malloc_init(); +#endif +} +#else /* !OPENSSL || !SYS_WINNT */ +#define ssl_applink() do {} while (0) +#endif + + +#ifdef WRAP_DBG_MALLOC +/* + * OpenSSL malloc overriding uses different parameters + * for DEBUG malloc/realloc/free (lacking block type). + * Simple wrappers convert. + */ +void *wrap_dbg_malloc(size_t s, const char *f, int l) +{ + void *ret; + + ret = _malloc_dbg(s, _NORMAL_BLOCK, f, l); + return ret; +} + +void *wrap_dbg_realloc(void *p, size_t s, const char *f, int l) +{ + void *ret; + + ret = _realloc_dbg(p, s, _NORMAL_BLOCK, f, l); + return ret; +} + +void wrap_dbg_free(void *p) +{ + _free_dbg(p, _NORMAL_BLOCK); +} +#endif /* WRAP_DBG_MALLOC */ diff --git a/libntp/Makefile.am b/libntp/Makefile.am index 5ec437791a..7f0118ba6b 100644 --- a/libntp/Makefile.am +++ b/libntp/Makefile.am @@ -3,19 +3,71 @@ NULL= AUTOMAKE_OPTIONS = noinst_LIBRARIES = libntp.a @MAKE_LIBNTPSIM@ EXTRA_LIBRARIES = libntpsim.a -libntp_a_SRCS = a_md5encrypt.c adjtime.c atoint.c atolfp.c atouint.c \ - audio.c authkeys.c authreadkeys.c authusekey.c buftvtots.c \ - caljulian.c caltontp.c calyearstart.c clocktime.c \ - clocktypes.c decodenetnum.c dofptoa.c dolfptoa.c emalloc.c \ - findconfig.c fptoa.c fptoms.c getopt.c hextoint.c \ - hextolfp.c humandate.c icom.c inttoa.c iosignal.c \ - lib_strbuf.c machines.c memmove.c mfptoa.c ntp_lineedit.c \ - mfptoms.c mktime.c modetoa.c mstolfp.c msutotsf.c msyslog.c \ - netof.c ntp_rfc2553.c numtoa.c numtohost.c octtoint.c \ - prettydate.c ntp_random.c recvbuff.c refnumtoa.c snprintf.c \ - socktoa.c socktohost.c statestr.c strdup.c bsd_strerror.c \ - strstr.c syssignal.c tsftomsu.c tstotv.c tvtots.c uglydate.c \ - uinttoa.c ymd2yd.c \ +libntp_a_SRCS = \ + a_md5encrypt.c \ + adjtime.c \ + atoint.c \ + atolfp.c \ + atouint.c \ + audio.c \ + authkeys.c \ + authreadkeys.c \ + authusekey.c \ + bsd_strerror.c \ + buftvtots.c \ + caljulian.c \ + caltontp.c \ + calyearstart.c \ + clocktime.c \ + clocktypes.c \ + decodenetnum.c \ + dofptoa.c \ + dolfptoa.c \ + emalloc.c \ + findconfig.c \ + fptoa.c \ + fptoms.c \ + getopt.c \ + hextoint.c \ + hextolfp.c \ + humandate.c \ + icom.c \ + inttoa.c \ + iosignal.c \ + lib_strbuf.c \ + machines.c \ + memmove.c \ + mfptoa.c \ + ntp_lineedit.c \ + mfptoms.c \ + mktime.c \ + modetoa.c \ + mstolfp.c \ + msutotsf.c \ + msyslog.c \ + netof.c \ + ntp_rfc2553.c \ + numtoa.c \ + numtohost.c \ + octtoint.c \ + prettydate.c \ + ntp_random.c \ + recvbuff.c \ + refnumtoa.c \ + snprintf.c \ + socktoa.c \ + socktohost.c \ + ssl_init.c \ + statestr.c \ + strdup.c \ + strstr.c \ + syssignal.c \ + tsftomsu.c \ + tstotv.c \ + tvtots.c \ + uglydate.c \ + uinttoa.c \ + ymd2yd.c \ $(srcdir)/../lib/isc/assertions.c \ $(srcdir)/../lib/isc/buffer.c \ $(srcdir)/../lib/isc/nothreads/condition.c \ diff --git a/libntp/a_md5encrypt.c b/libntp/a_md5encrypt.c index 46573b7f44..2a8cb3957d 100644 --- a/libntp/a_md5encrypt.c +++ b/libntp/a_md5encrypt.c @@ -31,7 +31,7 @@ MD5authencrypt( ) { u_char digest[64]; /* for SHA-512 */ - unsigned len; + u_int len; #ifdef OPENSSL const EVP_MD * digest_type; EVP_MD_CTX ctx; @@ -43,6 +43,7 @@ MD5authencrypt( * MD5 with key identifier concatenated with packet. */ #ifdef OPENSSL + INIT_SSL(NULL); digest_type = EVP_get_digestbynid(type); NTP_INSIST(digest_type != NULL); EVP_DigestInit(&ctx, digest_type); @@ -76,8 +77,9 @@ MD5authdecrypt( ) { u_char digest[64]; /* for SHA-512 */ - unsigned len; + u_int len; #ifdef OPENSSL + const EVP_MD * digest_type; EVP_MD_CTX ctx; #else MD5_CTX md5; @@ -87,7 +89,10 @@ MD5authdecrypt( * MD5 with key identifier concatenated with packet. */ #ifdef OPENSSL - EVP_DigestInit(&ctx, EVP_get_digestbynid(type)); + INIT_SSL(NULL); + digest_type = EVP_get_digestbynid(type); + NTP_INSIST(digest_type != NULL); + EVP_DigestInit(&ctx, digest_type); EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen); EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length); EVP_DigestFinal(&ctx, digest, &len); @@ -98,7 +103,7 @@ MD5authdecrypt( MD5Final(digest, &md5); len = 16; #endif /* OPENSSL */ - if ((unsigned)size != len + 4) + if ((u_int)size != len + 4) return (0); return (!memcmp(digest, (char *)pkt + length + 4, len)); @@ -115,8 +120,9 @@ addr2refid(sockaddr_u *addr) u_char digest[20]; u_int32 addr_refid; #ifdef OPENSSL + const EVP_MD * digest_type; EVP_MD_CTX ctx; - unsigned len; + u_int len; #else MD5_CTX md5; #endif /* OPENSSL */ @@ -125,7 +131,10 @@ addr2refid(sockaddr_u *addr) return (NSRCADR(addr)); #ifdef OPENSSL - EVP_DigestInit(&ctx, EVP_md5()); + INIT_SSL(NULL); + digest_type = EVP_md5(); + NTP_INSIST(digest_type != NULL); + EVP_DigestInit(&ctx, digest_type); EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr), sizeof(struct in6_addr)); EVP_DigestFinal(&ctx, digest, &len); diff --git a/libntp/authreadkeys.c b/libntp/authreadkeys.c index 95fd7759c8..052cccd21d 100644 --- a/libntp/authreadkeys.c +++ b/libntp/authreadkeys.c @@ -84,10 +84,7 @@ authreadkeys( msyslog(LOG_ERR, "can't open key file %s: %m", file); return (0); } -#ifdef OPENSSL - OpenSSL_add_all_algorithms(); -#endif /* OPENSSL */ - + INIT_SSL(); /* * Remove all existing keys @@ -163,10 +160,9 @@ authreadkeys( */ token = nexttok(&line); if (token == NULL) - msyslog(LOG_ERR, - "no key for key %ld", keyno); + msyslog(LOG_ERR, "no key for key %ld", keyno); else - MD5auth_setkey(keyno, keytype, token, + MD5auth_setkey(keyno, keytype, (u_char *)token, strlen(token)); } fclose(fp); diff --git a/libntp/ssl_init.c b/libntp/ssl_init.c new file mode 100644 index 0000000000..13efa50ec8 --- /dev/null +++ b/libntp/ssl_init.c @@ -0,0 +1,42 @@ +/* + * ssl_init.c Common OpenSSL initialization code for the various + * programs which use it. + * + * Moved from ntpd/ntp_crypto.c crypto_setup() + */ +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include + +#ifndef OPENSSL +int ssl_init__non_empty_compliation_unit; +#else /* OPENSSL follows */ +#include "openssl/err.h" +#include "openssl/rand.h" + + +int ssl_init_done; + +void +ssl_init(void) +{ + if (ssl_init_done) + return; + + if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) { + msyslog(LOG_ERR, + "OpenSSL version mismatch. Built against %lx, you have %lx", + OPENSSL_VERSION_NUMBER, SSLeay()); + fprintf(stderr, + "OpenSSL version mismatch. Built against %lx, you have %lx\n", + OPENSSL_VERSION_NUMBER, SSLeay()); + exit (-1); + } + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); + + ssl_init_done = 1; +} +#endif /* OPENSSL */ diff --git a/ntpd/complete.conf b/ntpd/complete.conf index 0c06f11a6a..2c49a69f7e 100644 --- a/ntpd/complete.conf +++ b/ntpd/complete.conf @@ -12,7 +12,7 @@ filegen protostats file stats type month enable filegen rawstats file rawstats type year nolink enable filegen sysstats file sysstats type age enable filegen timingstats file timingstats type none disable -crypto host hostname ident id pw cryptopass randfile /.rnd +crypto digest md5 host myhostname ident wedent pw cryptopass randfile /.rnd revoke 10 keysdir "/etc/ntp/keys" keys "/etc/ntp.keys" @@ -50,6 +50,7 @@ interface listen eth0 interface listen ipv6 interface listen 192.168.192.0/24 interface listen 192.168.193.1 -setvar vanity = "name plate" +setvar varnondef = "this variable does not have default after the value" +setvar vanity = "name plate" default trap 127.0.0.1 interface 127.0.0.1 port 1234 trap 127.0.0.2 diff --git a/ntpd/ntp_config.c b/ntpd/ntp_config.c index 8b5182c264..33825c115f 100644 --- a/ntpd/ntp_config.c +++ b/ntpd/ntp_config.c @@ -1815,7 +1815,7 @@ config_auth( int rankey; rankey = ntp_random(); - MD5auth_setkey(req_keyid, KEY_TYPE_MD5, (u_char *)&rankey, + MD5auth_setkey(req_keyid, NID_md5, (u_char *)&rankey, sizeof(rankey)); authtrust(req_keyid, 1); } diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c index 6bade24bec..a6b4bc689b 100644 --- a/ntpd/ntp_crypto.c +++ b/ntpd/ntp_crypto.c @@ -3661,6 +3661,7 @@ crypto_setup(void) { struct pkey_info *pinfo; /* private/public key */ char filename[MAXFILENAME]; /* file name buffer */ + char * randfile; char statstr[NTP_MAXSTRLEN]; /* statistics for filegen */ l_fp seed; /* crypto PRNG seed as NTP timestamp */ u_int len; @@ -3676,14 +3677,6 @@ crypto_setup(void) "crypto_setup: spurious crypto command"); return; } - if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) { - msyslog(LOG_ERR, - "crypto_setup: OpenSSL version mismatch. Built against %lx, you have %lx", - OPENSSL_VERSION_NUMBER, SSLeay()); - exit (-1); - } - ERR_load_crypto_strings(); - OpenSSL_add_all_algorithms(); /* * Load required random seed file and seed the random number @@ -3692,34 +3685,31 @@ crypto_setup(void) * depending on the system. Wiggle the contents a bit and write * it back so the sequence does not repeat when we next restart. */ + INIT_SSL(); if (!RAND_status()) { if (rand_file == NULL) { - RAND_file_name(filename, MAXFILENAME); - rand_file = filename; + RAND_file_name(filename, sizeof(filename)); + randfile = filename; } else if (*rand_file != '/') { - snprintf(filename, MAXFILENAME, "%s/%s", + snprintf(filename, sizeof(filename), "%s/%s", keysdir, rand_file); - rand_file = filename; - } - if (rand_file == NULL) { - msyslog(LOG_ERR, - "crypto_setup: seed file unknown name"); - exit (-1); - } - if ((bytes = RAND_load_file(rand_file, -1)) == 0) { + randfile = filename; + } else + randfile = rand_file; + + if ((bytes = RAND_load_file(randfile, -1)) == 0) { msyslog(LOG_ERR, - "crypto_setup: random seed file %s missing", - rand_file); + "cypto_setup: random seed file %s missing", randfile); exit (-1); } get_systime(&seed); RAND_seed(&seed, sizeof(l_fp)); - RAND_write_file(rand_file); + RAND_write_file(randfile); #ifdef DEBUG if (debug) printf( "crypto_setup: OpenSSL version %lx random seed file %s bytes read %d\n", - SSLeay(), rand_file, bytes); + SSLeay(), randfile, bytes); #endif } diff --git a/ntpd/ntp_request.c b/ntpd/ntp_request.c index a3af341665..3130a8d73c 100644 --- a/ntpd/ntp_request.c +++ b/ntpd/ntp_request.c @@ -615,14 +615,12 @@ process_private( NTOHL_FP(&tailinpkt->tstamp, &ftmp); L_SUB(&ftmp, &rbufp->recv_time); LFPTOD(&ftmp, dtemp); - if (fabs(dtemp) >= INFO_TS_MAXSKEW) { + if (fabs(dtemp) > INFO_TS_MAXSKEW) { /* * He's a loser. Tell him. */ -#ifdef DEBUG - if (debug > 4) - printf("xmit/rcv timestamp delta > INFO_TS_MAXSKEW\n"); -#endif + DPRINTF(5, ("xmit/rcv timestamp delta %g > INFO_TS_MAXSKEW %g\n", + dtemp, INFO_TS_MAXSKEW)); req_ack(srcadr, inter, inpkt, INFO_ERR_AUTH); return; } diff --git a/ntpdate/ntpdate.c b/ntpdate/ntpdate.c index 70b33704c7..16b8e7fe0c 100644 --- a/ntpdate/ntpdate.c +++ b/ntpdate/ntpdate.c @@ -20,9 +20,8 @@ #include "ntp_syslog.h" #include "ntp_select.h" #include "ntp_stdlib.h" +#include -/* Don't include ISC's version of IPv6 variables and structures */ -#define ISC_IPV6_H 1 #include "isc/net.h" #include "isc/result.h" #include "isc/sockaddr.h" @@ -37,19 +36,15 @@ #ifdef HAVE_POLL_H # include #endif -#ifndef SYS_WINNT -# ifdef HAVE_SYS_SIGNAL_H -# include -# else -# include -# endif -# ifdef HAVE_SYS_IOCTL_H -# include -# endif -#endif /* SYS_WINNT */ +#ifdef HAVE_SYS_SIGNAL_H +# include +#endif +#ifdef HAVE_SYS_IOCTL_H +# include +#endif #ifdef HAVE_SYS_RESOURCE_H # include -#endif /* HAVE_SYS_RESOURCE_H */ +#endif #include @@ -77,9 +72,6 @@ struct timeval timeout = {60,0}; #include "recvbuff.h" #ifdef SYS_WINNT -#define EPROTONOSUPPORT WSAEPROTONOSUPPORT -#define EAFNOSUPPORT WSAEAFNOSUPPORT -#define EPFNOSUPPORT WSAEPFNOSUPPORT #define TARGET_RESOLUTION 1 /* Try for 1-millisecond accuracy on Windows NT timers. */ #pragma comment(lib, "winmm") @@ -338,6 +330,8 @@ ntpdatemain ( if (!ExpandEnvironmentStrings(KEYFILE, key_file, MAX_PATH)) msyslog(LOG_ERR, "ExpandEnvironmentStrings(KEYFILE) failed: %m\n"); + + ssl_applink(); #endif /* SYS_WINNT */ #ifdef NO_MAIN_ALLOWED diff --git a/ntpdc/ntpdc.c b/ntpdc/ntpdc.c index 0f460455c6..f8e2e6a2e4 100644 --- a/ntpdc/ntpdc.c +++ b/ntpdc/ntpdc.c @@ -14,10 +14,9 @@ #include "ntp_stdlib.h" #include "ntp_assert.h" #include "ntp_lineedit.h" -/* Don't include ISC's version of IPv6 variables and structures */ -#define ISC_IPV6_H 1 #include "isc/net.h" #include "isc/result.h" +#include #include "ntpdc-opts.h" @@ -51,12 +50,7 @@ static const char * prompt = "ntpdc> "; /* prompt to ask him about */ static u_long info_auth_keyid; static int keyid_entered = 0; -/* - * Type of key md5 - */ -#define KEY_TYPE_MD5 4 - -static int info_auth_keytype = KEY_TYPE_MD5; /* MD5 */ +static int info_auth_keytype = NID_md5; /* MD5 */ u_long current_time; /* needed by authkeys; not used */ /* @@ -298,6 +292,7 @@ ntpdcmain( #endif init_lib(); /* sets up ipv4_works, ipv6_works */ + ssl_applink(); /* Check to see if we have IPv6. Otherwise default to IPv4 */ if (!ipv6_works) @@ -957,7 +952,7 @@ sendrequest( return (1); } authusekey(info_auth_keyid, info_auth_keytype, - (const u_char *)pass); + (u_char *)pass); authtrust(info_auth_keyid, 1); } qpkt.auth_seq = AUTH_SEQ(1, 0); @@ -1776,12 +1771,12 @@ keytype( { if (pcmd->nargs == 0) fprintf(fp, "keytype is %s\n", - (info_auth_keytype == KEY_TYPE_MD5) ? "MD5" : "???"); + (info_auth_keytype == NID_md5) ? "MD5" : "???"); else switch (*(pcmd->argval[0].string)) { case 'm': case 'M': - info_auth_keytype = KEY_TYPE_MD5; + info_auth_keytype = NID_md5; break; default: diff --git a/ntpq/Makefile.am b/ntpq/Makefile.am index fc96b495fb..8bf4f0961f 100644 --- a/ntpq/Makefile.am +++ b/ntpq/Makefile.am @@ -42,6 +42,9 @@ $(srcdir)/ntpq-opts.texi $(srcdir)/ntpq-opts.menu: $(srcdir)/ntpq-opts.def $(std $(PROGRAMS): $(LDADD) +../libntp/libntp.a: + cd ../libntp && $(MAKE) + $(top_srcdir)/version : cd $(top_srcdir) && $(MAKE) version diff --git a/ntpq/ntpq.c b/ntpq/ntpq.c index a0baa4b0dd..15290a1f13 100644 --- a/ntpq/ntpq.c +++ b/ntpq/ntpq.c @@ -18,10 +18,9 @@ #include "ntp_stdlib.h" #include "ntp_assert.h" #include "ntp_lineedit.h" -/* Don't include ISC's version of IPv6 variables and structures */ -#define ISC_IPV6_H 1 #include "isc/net.h" #include "isc/result.h" +#include #include "ntpq-opts.h" @@ -68,12 +67,7 @@ s_char sys_precision; /* local clock precision (log2 s) */ */ u_long info_auth_keyid = 0; -/* - * Type of key md5 - */ -#define KEY_TYPE_MD5 4 - -static int info_auth_keytype = KEY_TYPE_MD5; /* MD5 */ +static int info_auth_keytype = NID_md5; /* MD5 */ u_long current_time; /* needed by authkeys; not used */ /* @@ -296,7 +290,7 @@ static void ntpversion (struct parse *, FILE *); static void warning (const char *, const char *, const char *); static void error (const char *, const char *, const char *); static u_long getkeyid (const char *); -static void atoascii (int, char *, char *); +static void atoascii (const char *, size_t, char *, size_t); static void makeascii (int, char *, FILE *); static void cookedprint (int, int, char *, int, int, FILE *); static void rawprint (int, int, char *, int, int, FILE *); @@ -527,6 +521,7 @@ ntpqmain( delay_time.l_uf = DEFDELAY; init_lib(); /* sets up ipv4_works, ipv6_works */ + ssl_applink(); /* Check to see if we have IPv6. Otherwise default to IPv4 */ if (!ipv6_works) @@ -2383,12 +2378,12 @@ keytype( { if (pcmd->nargs == 0) fprintf(fp, "keytype is %s\n", - (info_auth_keytype == KEY_TYPE_MD5) ? "MD5" : "???"); + (info_auth_keytype == NID_md5) ? "MD5" : "???"); else switch (*(pcmd->argval[0].string)) { case 'm': case 'M': - info_auth_keytype = KEY_TYPE_MD5; + info_auth_keytype = NID_md5; break; default: @@ -2667,49 +2662,58 @@ getkeyid( */ static void atoascii( - int length, - char *data, - char *outdata + const char *in, + size_t in_octets, + char *out, + size_t out_octets ) { - register u_char *cp; - register u_char *ocp; - register u_char c; - - if (!data) - { - *outdata = '\0'; + register const u_char * pchIn; + const u_char * pchInLimit; + register u_char * pchOut; + register u_char c; + + pchIn = (const u_char *)in; + pchInLimit = pchIn + in_octets; + pchOut = (u_char *)out; + + if (NULL == pchIn) { + if (0 < out_octets) + *pchOut = '\0'; return; } - ocp = (u_char *)outdata; - for (cp = (u_char *)data; cp < (u_char *)data + length; cp++) { - c = *cp; - if (c == '\0') - break; - if (c == '\0') - break; - if (c > 0177) { - *ocp++ = 'M'; - *ocp++ = '-'; - c &= 0177; - } +#define ONEOUT(c) \ +do { \ + if (0 == --out_octets) { \ + *pchOut = '\0'; \ + return; \ + } \ + *pchOut++ = (c); \ +} while (0) - if (c < ' ') { - *ocp++ = '^'; - *ocp++ = (u_char)(c + '@'); - } else if (c == 0177) { - *ocp++ = '^'; - *ocp++ = '?'; - } else { - *ocp++ = c; + for ( ; pchIn < pchInLimit; pchIn++) { + c = *pchIn; + if ('\0' == c) + break; + if (c & 0x80) { + ONEOUT('M'); + ONEOUT('-'); + c &= 0x7f; } - if (ocp >= ((u_char *)outdata + length - 4)) - break; + if (c < ' ') { + ONEOUT('^'); + ONEOUT((u_char)(c + '@')); + } else if (0x7f == c) { + ONEOUT('^'); + ONEOUT('?'); + } else + ONEOUT(c); } - *ocp++ = '\0'; -} + ONEOUT('\0'); +#undef ONEOUT +} /* @@ -2728,21 +2732,20 @@ makeascii( for (cp = (u_char *)data; cp < (u_char *)data + length; cp++) { c = (int)*cp; - if (c > 0177) { + if (c & 0x80) { putc('M', fp); putc('-', fp); - c &= 0177; + c &= 0x7f; } if (c < ' ') { putc('^', fp); - putc(c+'@', fp); - } else if (c == 0177) { + putc(c + '@', fp); + } else if (0x7f == c) { putc('^', fp); putc('?', fp); - } else { + } else putc(c, fp); - } } } @@ -2993,32 +2996,27 @@ output( char *value ) { - int lenname; - int lenvalue; + size_t len; - lenname = strlen(name); - lenvalue = strlen(value); + /* strlen of "name=value" */ + len = strlen(name) + 1 + strlen(value); if (out_chars != 0) { - putc(',', fp); - out_chars++; - out_linecount++; - if ((out_linecount + lenname + lenvalue + 3) > MAXOUTLINE) { - putc('\n', fp); - out_chars++; + out_chars += 2; + if ((out_linecount + len + 2) > MAXOUTLINE) { + fputs(",\n", fp); out_linecount = 0; } else { - putc(' ', fp); - out_chars++; - out_linecount++; + fputs(", ", fp); + out_linecount += 2; } } fputs(name, fp); putc('=', fp); fputs(value, fp); - out_chars += lenname + 1 + lenvalue; - out_linecount += lenname + 1 + lenvalue; + out_chars += len; + out_linecount += len; } @@ -3031,7 +3029,7 @@ endoutput( ) { if (out_chars != 0) - putc('\n', fp); + putc('\n', fp); } @@ -3142,23 +3140,24 @@ cookedprint( int narr; switch (datatype) { - case TYPE_PEER: + case TYPE_PEER: varlist = peer_var; break; - case TYPE_SYS: + case TYPE_SYS: varlist = sys_var; break; - case TYPE_CLOCK: + case TYPE_CLOCK: varlist = clock_var; break; - default: - (void) fprintf(stderr, "Unknown datatype(0x%x) in cookedprint\n", datatype); + default: + fprintf(stderr, "Unknown datatype(0x%x) in cookedprint\n", + datatype); return; } if (!quiet) - (void) fprintf(fp, "status=%04x %s,\n", status, - statustoa(datatype, status)); + fprintf(fp, "status=%04x %s,\n", status, + statustoa(datatype, status)); startoutput(); while (nextvar(&length, &data, &name, &value)) { @@ -3300,8 +3299,8 @@ cookedprint( char bv[401]; int len; - atoascii(400, name, bn); - atoascii(400, value, bv); + atoascii(name, MAXVARLEN, bn, sizeof(bn)); + atoascii(value, MAXVARLEN, bv, sizeof(bv)); if (output_raw != '*') { len = strlen(bv); bv[len] = output_raw; diff --git a/ports/winnt/ntpd/ntservice.c b/ports/winnt/ntpd/ntservice.c index c81decd43e..cf184381da 100644 --- a/ports/winnt/ntpd/ntservice.c +++ b/ports/winnt/ntpd/ntservice.c @@ -30,17 +30,8 @@ #include "clockstuff.h" #include "ntp_iocompletionport.h" #include "isc/win32os.h" +#include -#ifdef OPENSSL -# pragma warning(push) -# pragma warning(disable: 4152) -# include -# pragma warning(pop) -#endif - -#if defined(OPENSSL) && defined(_MSC_VER) && defined(_DEBUG) -#define WRAP_DBG_MALLOC -#endif /* * Globals @@ -95,13 +86,8 @@ int main( int argc, char *argv[] ) int i = 1; -#ifdef OPENSSL -#ifdef WRAP_DBG_MALLOC - CRYPTO_set_mem_ex_functions(wrap_dbg_malloc, wrap_dbg_realloc, wrap_dbg_free); -#else - CRYPTO_malloc_init(); -#endif -#endif + ssl_applink(); + /* Save the command line parameters */ glb_argc = argc; glb_argv = argv; @@ -345,25 +331,3 @@ OnConsoleEvent( return TRUE; } - -#if defined(OPENSSL) && defined(_MSC_VER) && defined(_DEBUG) -/* - * OpenSSL malloc overriding uses different parameters - * for DEBUG malloc/realloc/free (lacking block type). - * Simple wrappers convert. - */ -void *wrap_dbg_malloc(size_t s, const char *f, int l) -{ - return _malloc_dbg(s, _NORMAL_BLOCK, f, l); -} - -void *wrap_dbg_realloc(void *p, size_t s, const char *f, int l) -{ - return _realloc_dbg(p, s, _NORMAL_BLOCK, f, l); -} - -void wrap_dbg_free(void *p) -{ - _free_dbg(p, _NORMAL_BLOCK); -} -#endif /* defined(OPENSSL) && defined(_MSC_VER) && defined(_DEBUG) */ diff --git a/ports/winnt/vc6/libntp.dsp b/ports/winnt/vc6/libntp.dsp index 87c1e7c266..e39d741a5a 100644 --- a/ports/winnt/vc6/libntp.dsp +++ b/ports/winnt/vc6/libntp.dsp @@ -386,6 +386,10 @@ SOURCE=..\..\..\libntp\socktohost.c # End Source File # Begin Source File +SOURCE=..\..\..\libntp\ssl_init.c +# End Source File +# Begin Source File + SOURCE=..\..\..\libntp\statestr.c # End Source File # Begin Source File diff --git a/ports/winnt/vs2003/libntp.vcproj b/ports/winnt/vs2003/libntp.vcproj index d6a5e70606..0dd667a3ba 100644 --- a/ports/winnt/vs2003/libntp.vcproj +++ b/ports/winnt/vs2003/libntp.vcproj @@ -1565,6 +1565,10 @@ PreprocessorDefinitions=""/> + + + + diff --git a/ports/winnt/vs2008/libntp/libntp.vcproj b/ports/winnt/vs2008/libntp/libntp.vcproj index c47c2663e7..f70789a9ae 100644 --- a/ports/winnt/vs2008/libntp/libntp.vcproj +++ b/ports/winnt/vs2008/libntp/libntp.vcproj @@ -479,6 +479,10 @@ RelativePath="..\..\..\..\libntp\socktohost.c" > + + @@ -817,11 +821,11 @@ > $@ + $(srcdir)/sntp-opts.h: $(srcdir)/sntp-opts.c $(srcdir)/sntp-opts.c: $(srcdir)/sntp-opts.def $(srcdir)/../include/version.def $(run_ag) sntp-opts.def @@ -104,6 +109,9 @@ $(srcdir)/sntp.1: $(srcdir)/sntp-opts.def $(srcdir)/../include/version.def $(srcdir)/sntp-opts.texi $(srcdir)/sntp-opts.menu: $(srcdir)/sntp-opts.def $(srcdir)/../include/version.def $(run_ag) -Taginfo.tpl -DLEVEL=section sntp-opts.def +../libntp/libntp.a: + cd ../libntp && $(MAKE) + libtool: $(LIBTOOL_DEPS) ./config.status --recheck diff --git a/util/ntp-keygen.c b/util/ntp-keygen.c index fb8cc36c71..bb1062d3e3 100644 --- a/util/ntp-keygen.c +++ b/util/ntp-keygen.c @@ -90,7 +90,7 @@ #include #include "ntp_types.h" #include "ntp_random.h" -#include "l_stdlib.h" +#include "ntp_stdlib.h" #include "ntp_assert.h" #include "ntp-keygen-opts.h" @@ -103,13 +103,8 @@ #include "openssl/pem.h" #include "openssl/x509v3.h" #include -#ifdef SYS_WINNT -# pragma warning(push) -# pragma warning(disable: 4152) -# include -# pragma warning(pop) -#endif /* SYS_WINNT */ #endif /* OPENSSL */ +#include /* * Cryptodefines @@ -159,7 +154,7 @@ u_long asn2ntp (ASN1_TIME *); */ extern char *optarg; /* command line argument */ char *progname; -int debug = 0; /* debug, not de bug */ +volatile int debug = 0; /* debug, not de bug */ #ifdef OPENSSL u_int modulus = PLEN; /* prime modulus size (bits) */ u_int modulus2 = ILEN; /* identity modulus size (bits) */ @@ -255,25 +250,14 @@ main( #ifdef SYS_WINNT /* Initialize before OpenSSL checks */ InitWin32Sockets(); - if(!init_randfile()) + if (!init_randfile()) fprintf(stderr, "Unable to initialize .rnd file\n"); + ssl_applink(); #endif #ifdef OPENSSL - /* - * OpenSSL version numbers: MNNFFPPS: major minor fix patch - * status We match major, minor, fix and status (not patch) - */ - if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) { - fprintf(stderr, - "OpenSSL version mismatch. Built against %lx, you have %lx\n", - OPENSSL_VERSION_NUMBER, SSLeay()); - exit (-1); - - } else { - fprintf(stderr, - "Using OpenSSL version %lx\n", SSLeay()); - } + INIT_SSL(); + fprintf(stderr, "Using OpenSSL version %lx\n", SSLeay()); #endif /* OPENSSL */ /*