+ * [Bug 1366] ioctl(TIOCSCTTY, 0) fails on NetBSD *[0-2].* > 3.99.7.
+ * CID 87 dead code in ntpq.c atoascii().
+(4.2.5p241-RC) 2009/11/07 Released by Harlan Stenn <stenn@ntp.org>
+* html/authopt.html update from Dave Mills.
+* Remove unused file from sntp/Makefile.am's distribution list.
+* new crypto signature cleanup.
(4.2.5p240-RC) 2009/11/05 Released by Harlan Stenn <stenn@ntp.org>
* [Bug 1364] clock_gettime() not detected, need -lrt on Debian 5.0.3.
* Provide all of OpenSSL's signature methods for ntp.keys (FIPS 140-2).
#endif /* OPENSSL */
/*
- * MD5 with key identifier concatenated with packet.
+ * Compute digest of key concatenated with packet. Note: the
+ * key type and digest type have been verified when the key
+ * was creaded.
*/
#ifdef OPENSSL
- INIT_SSL(NULL);
- digest_type = EVP_get_digestbynid(type);
- NTP_INSIST(digest_type != NULL);
- EVP_DigestInit(&ctx, digest_type);
++ INIT_SSL();
+ EVP_DigestInit(&ctx, EVP_get_digestbynid(type));
EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen);
EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length);
EVP_DigestFinal(&ctx, digest, &len);
#endif /* OPENSSL */
/*
- * MD5 with key identifier concatenated with packet.
+ * Compute digest of key concatenated with packet. Note: the
+ * key type and digest type have been verified when the key
+ * was created.
*/
#ifdef OPENSSL
- digest_type = EVP_get_digestbynid(type);
- NTP_INSIST(digest_type != NULL);
- EVP_DigestInit(&ctx, digest_type);
+ INIT_SSL(NULL);
+ EVP_DigestInit(&ctx, EVP_get_digestbynid(type));
EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen);
EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length);
EVP_DigestFinal(&ctx, digest, &len);
MD5Final(digest, &md5);
len = 16;
#endif /* OPENSSL */
- if ((unsigned)size != len + 4) {
- if ((u_int)size != len + 4)
++ if ((u_int)size != len + 4) {
+ msyslog(LOG_ERR,
+ "MAC decrypt: MAC length error");
return (0);
-
+ }
return (!memcmp(digest, (char *)pkt + length + 4, len));
}
return (NSRCADR(addr));
#ifdef OPENSSL
- EVP_DigestInit(&ctx, EVP_md5());
- INIT_SSL(NULL);
- digest_type = EVP_md5();
- NTP_INSIST(digest_type != NULL);
- EVP_DigestInit(&ctx, digest_type);
++ INIT_SSL();
++ EVP_DigestInit(&ctx, EVP_get_digestbynid(NID_md5));
EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr),
sizeof(struct in6_addr));
EVP_DigestFinal(&ctx, digest, &len);
*/
fp = fopen(file, "r");
if (fp == NULL) {
- msyslog(LOG_ERR, "can't open key file %s: %m", file);
+ msyslog(LOG_ERR, "authreadkeys: file %s: %m",
+ file);
return (0);
}
- #ifdef OPENSSL
- OpenSSL_add_all_algorithms();
- #endif /* OPENSSL */
-
+ INIT_SSL();
/*
* Remove all existing keys
* Finally, get key and insert it
*/
token = nexttok(&line);
- if (token == NULL)
- msyslog(LOG_ERR, "no key for key %ld", keyno);
- else
- MD5auth_setkey(keyno, keytype, (u_char *)token,
- strlen(token));
+ if (token == NULL) {
+ msyslog(LOG_ERR,
+ "authreadkeys: no key for key %d", keyno);
+ continue;
+ }
- MD5auth_setkey(keyno, keytype, token, strlen(token));
++ MD5auth_setkey(keyno, keytype, (u_char *)token,
++ strlen(token));
}
fclose(fp);
return (1);
projects / thirdparty / ntp.git / commitdiff
