* [Bug 1366] ioctl(TIOCSCTTY, 0) fails on NetBSD *[0-2].* > 3.99.7.
* CID 87 dead code in ntpq.c atoascii().
+* Fix authenticated ntpdc, broken in p240.
(4.2.5p241-RC) 2009/11/07 Released by Harlan Stenn <stenn@ntp.org>
* html/authopt.html update from Dave Mills.
* Remove unused file from sntp/Makefile.am's distribution list.
l_fp rec; /* receive time stamp */
l_fp xmt; /* transmit time stamp */
-#define LEN_PKT_NOMAC 12 * sizeof(u_int32) /* min header length */
-#define MIN_MAC_LEN 1 * sizeof(u_int32) /* crypto_NAK */
-#define MAX_MD5_LEN 5 * sizeof(u_int32) /* MD5 */
-#define MAX_MAC_LEN 6 * sizeof(u_int32) /* SHA */
+#define LEN_PKT_NOMAC (12 * sizeof(u_int32)) /* min header length */
+#define MIN_MAC_LEN (1 * sizeof(u_int32)) /* crypto_NAK */
+#define MAX_MD5_LEN (5 * sizeof(u_int32)) /* MD5 */
+#define MAX_MAC_LEN (6 * sizeof(u_int32)) /* SHA */
/*
* The length of the packet less MAC must be a multiple of 64
char data[MAXFILENAME + 48]; /* data area [32 prev](176 byte max) */
/* struct conf_peer must fit */
l_fp tstamp; /* time stamp, for authentication */
- keyid_t keyid; /* encryption key */
- char mac[MAX_MD5_LEN-sizeof(u_int32)]; /* (optional) 8 byte auth code */
+ keyid_t keyid; /* (optional) encryption key */
+ char mac[MAX_MD5_LEN-sizeof(u_int32)]; /* (optional) auth code */
};
/*
*/
struct req_pkt_tail {
l_fp tstamp; /* time stamp, for authentication */
- keyid_t keyid; /* encryption key */
- char mac[MAX_MD5_LEN-sizeof(u_int32)]; /* (optional) 8 byte auth code */
+ keyid_t keyid; /* (optional) encryption key */
+ char mac[MAX_MD5_LEN-sizeof(u_int32)]; /* (optional) auth code */
};
/*
/* ssl_init.c */
#ifdef OPENSSL
-extern void ssl_init (void);
+extern void ssl_init (void);
+extern void ssl_check_version (void);
extern int ssl_init_done;
#define INIT_SSL() \
do { \
ssl_init(); \
} while (0)
#else /* !OPENSSL follows */
-#define INIT_SSL() do {} while (0)
+#define INIT_SSL() do {} while (0)
#endif
/* lib/isc/win32/strerror.c
#ifdef OPENSSL
EVP_MD_CTX ctx;
#else
+ MD5_CTX md5;
#endif /* OPENSSL */
/*
* was created.
*/
#ifdef OPENSSL
- INIT_SSL(NULL);
+ INIT_SSL();
EVP_DigestInit(&ctx, EVP_get_digestbynid(type));
EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen);
EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length);
u_char digest[20];
u_int32 addr_refid;
#ifdef OPENSSL
- const EVP_MD * digest_type;
EVP_MD_CTX ctx;
u_int len;
#else
*/
authkeyuncached++;
sk = key_hash[KEYHASH(keyno)];
- while (sk != 0) {
+ while (sk != NULL) {
if (keyno == sk->keyid) {
if (sk->type == 0) {
authkeynotfound++;
return (0);
}
+ break;
}
- break;
-
sk = sk->next;
}
* If the key is not found, or if it is found but not trusted,
* the key is not considered found.
*/
- if (sk == 0) {
+ if (sk == NULL) {
authkeynotfound++;
return (0);
"authreadkeys: invalid type for key %d", keyno);
continue;
}
- keytype = KEY_TYPE_MD5
+ keytype = KEY_TYPE_MD5;
#endif /* OPENSSL */
keystr = token;
if (ssl_init_done)
return;
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+
+ ssl_init_done = 1;
+}
+
+
+void
+ssl_check_version(void)
+{
if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) {
msyslog(LOG_ERR,
"OpenSSL version mismatch. Built against %lx, you have %lx",
OPENSSL_VERSION_NUMBER, SSLeay());
exit (-1);
}
- ERR_load_crypto_strings();
- OpenSSL_add_all_algorithms();
- ssl_init_done = 1;
+ INIT_SSL();
}
#endif /* OPENSSL */
res_authenticate = 0;
res_keyid = 0;
res_authokay = 0;
- req_count = (int)htons(pkt->count);
+ req_count = (int)ntohs(pkt->count);
datanotbinflag = 0;
datalinelen = 0;
datapt = rpkt.data;
"crypto_setup: spurious crypto command");
return;
}
+ ssl_check_version();
/*
* Load required random seed file and seed the random number
* depending on the system. Wiggle the contents a bit and write
* it back so the sequence does not repeat when we next restart.
*/
- INIT_SSL();
if (!RAND_status()) {
if (rand_file == NULL) {
RAND_file_name(filename, sizeof(filename));
if ((bytes = RAND_load_file(randfile, -1)) == 0) {
msyslog(LOG_ERR,
- "cypto_setup: random seed file %s missing", randfile);
+ "crypto_setup: random seed file %s missing",
+ randfile);
exit (-1);
}
get_systime(&seed);
}
#ifndef SYS_WINNT
- n = recv(sockfd, (char *)&reqpkt, REQ_LEN_MAC, 0);
+ n = recv(sockfd, (char *)&reqpkt, sizeof(reqpkt), 0);
if (n <= 0) {
if (n < 0) {
msyslog(LOG_ERR, "recv() fails: %m");
continue;
}
#else /* Overlapped I/O used on non-blocking sockets on Windows NT */
- ret = ReadFile((HANDLE)sockfd, (char *)&reqpkt, (DWORD)REQ_LEN_MAC,
+ ret = ReadFile((HANDLE)sockfd, (char *)&reqpkt, sizeof(reqpkt),
NULL, (LPOVERLAPPED)&overlap);
if ((ret == FALSE) && (GetLastError() != ERROR_IO_PENDING)) {
msyslog(LOG_ERR, "ReadFile() fails: %m");
if (proc->needs_auth && sys_authenticate) {
l_fp ftmp;
double dtemp;
-
- if (rbufp->recv_length < (int)((REQ_LEN_HDR +
+
+ if (rbufp->recv_length < (REQ_LEN_HDR +
(INFO_ITEMSIZE(inpkt->mbz_itemsize) *
- INFO_NITEMS(inpkt->err_nitems))
- + sizeof(struct req_pkt_tail)))) {
+ INFO_NITEMS(inpkt->err_nitems)) +
+ sizeof(*tailinpkt))) {
req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
- }
- tailinpkt = (struct req_pkt_tail *)((char *)&rbufp->recv_pkt +
- rbufp->recv_length - sizeof(struct req_pkt_tail));
+ return;
+ }
+ tailinpkt = (void *)((char *)&rbufp->recv_pkt +
+ rbufp->recv_length - sizeof(*tailinpkt));
/*
* If this guy is restricted from doing this, don't let him
qpkt.auth_seq = AUTH_SEQ(0, 0);
return sendpkt((char *)&qpkt, req_pkt_size);
} else {
- l_fp ts;
- int maclen = 0;
- char *pass = "\0";
- struct req_pkt_tail *qpktail;
-
- qpktail = (struct req_pkt_tail *)((char *)&qpkt + req_pkt_size
- + MAX_MAC_LEN - sizeof(struct req_pkt_tail));
+ u_long key_id;
+ l_fp ts;
+ l_fp * ptstamp;
+ int maclen;
+ char * pass;
if (info_auth_keyid == 0) {
if (((struct conf_peer *)qpkt.data)->keyid > 0)
info_auth_keyid = ((struct conf_peer *)qpkt.data)->keyid;
else {
- maclen = getkeyid("Keyid: ");
- if (maclen == 0) {
+ key_id = getkeyid("Keyid: ");
+ if (key_id == 0) {
(void) fprintf(stderr,
"Invalid key identifier\n");
return 1;
}
- info_auth_keyid = maclen;
+ info_auth_keyid = key_id;
}
}
if (!authistrusted(info_auth_keyid)) {
qpkt.auth_seq = AUTH_SEQ(1, 0);
get_systime(&ts);
L_ADD(&ts, &delay_time);
- HTONL_FP(&ts, &qpktail->tstamp);
+ ptstamp = (void *)((char *)&qpkt + req_pkt_size
+ - sizeof(qpkt.tstamp));
+ HTONL_FP(&ts, ptstamp);
maclen = authencrypt(info_auth_keyid, (u_int32 *)&qpkt,
req_pkt_size);
if (maclen == 0) {
#endif
#ifdef OPENSSL
- INIT_SSL();
+ ssl_check_version();
fprintf(stderr, "Using OpenSSL version %lx\n", SSLeay());
#endif /* OPENSSL */
projects / thirdparty / ntp.git / commitdiff
