]> git.ipfire.org Git - thirdparty/ntp.git/commitdiff
ntp_crypto.h, ntp_crypto.c, ntp_proto.c:
authorHarlan Stenn <stenn@ntp.org>
Fri, 31 Mar 2000 04:55:42 +0000 (04:55 -0000)
committerHarlan Stenn <stenn@ntp.org>
Fri, 31 Mar 2000 04:55:42 +0000 (04:55 -0000)
  More crypto cleanup from Dave.

bk: 38e42fce26wmT0TsRNbLbK2TkBCHHw

include/ntp_crypto.h
ntpd/ntp_crypto.c
ntpd/ntp_proto.c

index 401c3e4c258db9bd8233d7b2fe598aa415881ae4..604b286b280c95b5baa444504d0370f4cb0cc746 100644 (file)
@@ -55,7 +55,7 @@ extern        void    key_expire      P((struct peer *));
 extern void    crypto_init     P((void));
 extern void    crypto_config   P((int, char *));
 extern void    crypto_setup    P((void));
-extern void    crypto_public   P((struct peer *, u_char *));
+extern int     crypto_public   P((struct peer *, u_char *));
 extern void    crypto_agree    P((void));
 
 /*
index 29a76e5776642b7a078872de539647465bae88e0..2d39340b52d722a8fa3feac99186bf1381ff737a 100644 (file)
@@ -508,20 +508,20 @@ crypto_recv(
                            ((R_RSA_PUBLIC_KEY *)peer->pubkey)->modulus,
                            (u_char *)&(pkt[i + 4]), temp);
                        break;
-#endif /* PUBKEY */
 
                /*
                 * Receive remote host name and install public key from
                 * file.
                 */
                case CRYPTO_NAME | CRYPTO_RESP:
-                       crypto_public(peer, (char *)&pkt[i + 3]);
+                       temp = crypto_public(peer, (char *)&pkt[i + 3]);
 #ifdef DEBUG
                        if (debug)
-                               printf("crypto_recv: host %s\n",
-                                   (char *)&pkt[i + 3]); 
+                               printf("crypto_recv: host %d %s\n",
+                                   temp, (char *)&pkt[i + 3]); 
 #endif
                        break;
+#endif /* PUBKEY */
 
                /*
                 * For other requests, save the request code for later;
@@ -714,7 +714,6 @@ crypto_xmit(
                    (u_char *)&public_key.modulus, temp);
                len += temp + 4;
                break;
-#endif /* PUBKEY */
 
        /*
         * Send host name.
@@ -725,6 +724,7 @@ crypto_xmit(
                xpkt[i + 2] = htonl(temp);
                len += temp + 4;
                break;
+#endif /* PUBKEY */
 
        /*
         * Default - Fall through for requests; for unknown responses,
@@ -863,7 +863,7 @@ crypto_read(
  * has errors, we just keep going and expect the host to fetch the
  * public key from the peer via the extension field.
  */
-void
+int
 crypto_public(
        struct peer *peer,      /* peer structure pointer */
        u_char *cp              /* canonical host name */
@@ -875,7 +875,7 @@ crypto_public(
 
        snprintf(filename, sizeof filename, "ntpkey_%s", cp);
        if (!crypto_read(filename, (u_char *)&keybuf, keylen))
-               return;
+               return (0);
        if (peer->keystr != NULL)
                free(peer->keystr);
        peer->keystr = emalloc(strlen(filename) + 1);
@@ -883,6 +883,7 @@ crypto_public(
        if (peer->pubkey == NULL)
                peer->pubkey = emalloc(keylen);
        memcpy(peer->pubkey, (char *)&keybuf, keylen);
+       return (1);
 }
 
 
index 476184492e217b700cf22089cb3fd0b8165f21ef..31f88029b3edf8e4e0e024430ba71401170581f5 100644 (file)
@@ -736,7 +736,7 @@ receive(
                                        break;
                                }
                                if (i > peer->recauto.seq) {
-                                       peer->recauto.seq = 0;
+                                       peer->recauto.tstamp = 0;
                                        break;
                                }
                                if (hismode == MODE_BROADCAST)
@@ -1042,6 +1042,13 @@ clock_update(void)
                sys_rootdelay = sys_peer->rootdelay +
                    fabs(sys_peer->delay);
                sys_leap = leap_consensus;
+
+               /*
+                * This is cute. If the leap changes, we gotta reroll
+                * the keys.
+                */
+               if (sys_leap != oleap)
+                       key_expire_all();
        }
        if (oleap != sys_leap)
                report_event(EVNT_SYNCCHG, (struct peer *)0);
@@ -1910,7 +1917,7 @@ peer_xmit(
                 * values at other times.
                 */
                case MODE_BROADCAST:
-                       if (peer->keynumber == peer->sndauto.seq)
+                       if (peer->keynumber == peer->sndauto.tstamp)
                                cmmd = CRYPTO_AUTO | CRYPTO_RESP;
                        else
                                cmmd = CRYPTO_ASSOC | CRYPTO_RESP;
@@ -1963,7 +1970,7 @@ peer_xmit(
                                    peer->assoc);
                        } else
 #endif /* PUBKEY */
-                       if (peer->recauto.seq == 0) {
+                       if (peer->recauto.tstamp == 0) {
                                sendlen += crypto_xmit((u_int32 *)&xpkt,
                                    sendlen, CRYPTO_AUTO, peer->hcookie,
                                    peer->assoc);
@@ -2022,7 +2029,7 @@ peer_xmit(
                                sendlen += crypto_xmit((u_int32 *)&xpkt,
                                    sendlen, CRYPTO_PRIV, peer->hcookie,
                                    peer->assoc);
-                       } else if (peer->recauto.seq == 0 &&
+                       } else if (peer->recauto.tstamp == 0 &&
                            peer->flags & FLAG_MCAST2) {
                                sendlen += crypto_xmit((u_int32 *)&xpkt,
                                    sendlen, CRYPTO_AUTO, peer->hcookie,
@@ -2237,7 +2244,6 @@ key_expire(
                peer->keylist = NULL;
        }
        peer->keynumber = peer->sndauto.seq = 0;
-       peer->recauto.key = 0;
 }
 #endif /* AUTOKEY */