More crypto cleanup from Dave.
bk: 38e42fce26wmT0TsRNbLbK2TkBCHHw
extern void crypto_init P((void));
extern void crypto_config P((int, char *));
extern void crypto_setup P((void));
-extern void crypto_public P((struct peer *, u_char *));
+extern int crypto_public P((struct peer *, u_char *));
extern void crypto_agree P((void));
/*
((R_RSA_PUBLIC_KEY *)peer->pubkey)->modulus,
(u_char *)&(pkt[i + 4]), temp);
break;
-#endif /* PUBKEY */
/*
* Receive remote host name and install public key from
* file.
*/
case CRYPTO_NAME | CRYPTO_RESP:
- crypto_public(peer, (char *)&pkt[i + 3]);
+ temp = crypto_public(peer, (char *)&pkt[i + 3]);
#ifdef DEBUG
if (debug)
- printf("crypto_recv: host %s\n",
- (char *)&pkt[i + 3]);
+ printf("crypto_recv: host %d %s\n",
+ temp, (char *)&pkt[i + 3]);
#endif
break;
+#endif /* PUBKEY */
/*
* For other requests, save the request code for later;
(u_char *)&public_key.modulus, temp);
len += temp + 4;
break;
-#endif /* PUBKEY */
/*
* Send host name.
xpkt[i + 2] = htonl(temp);
len += temp + 4;
break;
+#endif /* PUBKEY */
/*
* Default - Fall through for requests; for unknown responses,
* has errors, we just keep going and expect the host to fetch the
* public key from the peer via the extension field.
*/
-void
+int
crypto_public(
struct peer *peer, /* peer structure pointer */
u_char *cp /* canonical host name */
snprintf(filename, sizeof filename, "ntpkey_%s", cp);
if (!crypto_read(filename, (u_char *)&keybuf, keylen))
- return;
+ return (0);
if (peer->keystr != NULL)
free(peer->keystr);
peer->keystr = emalloc(strlen(filename) + 1);
if (peer->pubkey == NULL)
peer->pubkey = emalloc(keylen);
memcpy(peer->pubkey, (char *)&keybuf, keylen);
+ return (1);
}
break;
}
if (i > peer->recauto.seq) {
- peer->recauto.seq = 0;
+ peer->recauto.tstamp = 0;
break;
}
if (hismode == MODE_BROADCAST)
sys_rootdelay = sys_peer->rootdelay +
fabs(sys_peer->delay);
sys_leap = leap_consensus;
+
+ /*
+ * This is cute. If the leap changes, we gotta reroll
+ * the keys.
+ */
+ if (sys_leap != oleap)
+ key_expire_all();
}
if (oleap != sys_leap)
report_event(EVNT_SYNCCHG, (struct peer *)0);
* values at other times.
*/
case MODE_BROADCAST:
- if (peer->keynumber == peer->sndauto.seq)
+ if (peer->keynumber == peer->sndauto.tstamp)
cmmd = CRYPTO_AUTO | CRYPTO_RESP;
else
cmmd = CRYPTO_ASSOC | CRYPTO_RESP;
peer->assoc);
} else
#endif /* PUBKEY */
- if (peer->recauto.seq == 0) {
+ if (peer->recauto.tstamp == 0) {
sendlen += crypto_xmit((u_int32 *)&xpkt,
sendlen, CRYPTO_AUTO, peer->hcookie,
peer->assoc);
sendlen += crypto_xmit((u_int32 *)&xpkt,
sendlen, CRYPTO_PRIV, peer->hcookie,
peer->assoc);
- } else if (peer->recauto.seq == 0 &&
+ } else if (peer->recauto.tstamp == 0 &&
peer->flags & FLAG_MCAST2) {
sendlen += crypto_xmit((u_int32 *)&xpkt,
sendlen, CRYPTO_AUTO, peer->hcookie,
peer->keylist = NULL;
}
peer->keynumber = peer->sndauto.seq = 0;
- peer->recauto.key = 0;
}
#endif /* AUTOKEY */