From: Harlan Stenn Date: Sun, 2 Jul 2000 06:01:15 +0000 (-0000) Subject: Many files: X-Git-Tag: NTP_4_0_99_K~20 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4ddc63e88fee7986f45ce34d9c042c7df6fd8f80;p=thirdparty%2Fntp.git Many files: * ntpq/ntpq.c: Lose PUBKEY stuff - older ntpq's will complain when they see the info in a packet. * ntpd/ntp_proto.c (peer_xmit): TAI changes. * ntpd/ntp_crypto.c: Fix host/network byteorder stuff. Follow global->struct changes. TAI changes. Bugfixes. * ntpd/ntp_control.c: Follow field reorder/rename. * include/ntp_crypto.h: Move crypto stuff from separate globals into structs. * include/ntp_control.h (CS_HOST): Reorder/rename some fields From: Dave Mills ChangeLog, configure, configure.in: * configure.in: 4.0.99j4 bk: 395edaabPU1kb9j7CrInQ6UxK5QGgQ --- diff --git a/ChangeLog b/ChangeLog index 8804131e28..80e3450291 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,18 @@ +2000-07-02 Harlan Stenn + + * configure.in: 4.0.99j4 + + * ntpq/ntpq.c: Lose PUBKEY stuff - older ntpq's will complain when + they see the info in a packet. + * ntpd/ntp_proto.c (peer_xmit): TAI changes. + * ntpd/ntp_crypto.c: Fix host/network byteorder stuff. Follow + global->struct changes. TAI changes. Bugfixes. + * ntpd/ntp_control.c: Follow field reorder/rename. + * include/ntp_crypto.h: Move crypto stuff from separate globals + into structs. + * include/ntp_control.h (CS_HOST): Reorder/rename some fields + From: Dave Mills + 2000-06-30 Harlan Stenn * ntpd/ntp_peer.c (unpeer): Moved keystr cleanup inside ifdef PUBKEY diff --git a/configure b/configure index 67f065fb2a..8a0f45c986 100755 --- a/configure +++ b/configure @@ -1089,7 +1089,7 @@ fi PACKAGE=ntp -VERSION=4.0.99j3 +VERSION=4.0.99j4 if test "`CDPATH=: && cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then diff --git a/configure.in b/configure.in index daf1e1aa4b..3e0fbc28ae 100644 --- a/configure.in +++ b/configure.in @@ -5,7 +5,7 @@ AC_CANONICAL_SYSTEM AC_DEFINE_UNQUOTED(STR_SYSTEM, "$target") AM_CONFIG_HEADER(config.h) AC_ARG_PROGRAM -AM_INIT_AUTOMAKE(ntp, 4.0.99j3) +AM_INIT_AUTOMAKE(ntp, 4.0.99j4) AC_PREREQ(2.14) ac_cv_var_oncore_ok=no diff --git a/include/ntp_control.h b/include/ntp_control.h index ad2829a3bd..5de72f9e2a 100644 --- a/include/ntp_control.h +++ b/include/ntp_control.h @@ -165,11 +165,11 @@ struct ntp_control { #define CS_STABIL 18 #define CS_VARLIST 19 #ifdef PUBKEY -#define CS_PRIVATE 20 +#define CS_HOST 20 #define CS_PUBLIC 21 #define CS_DHPARAMS 22 -#define CS_HOSTNAM 23 -#define CS_REVTIME 24 +#define CS_REVTIME 23 +#define CS_LEAPTAB 24 #define CS_TAI 25 #define CS_MAXCODE CS_TAI #else @@ -217,12 +217,13 @@ struct ntp_control { #define CP_DISP 36 #define CP_VARLIST 37 #ifdef PUBKEY -#define CP_PUBLIC 38 -#define CP_SESKEY 39 -#define CP_SASKEY 40 -#define CP_INITSEQ 41 -#define CP_INITKEY 42 -#define CP_INITTSP 43 +#define CP_HOST 38 +#define CP_PUBLIC 39 +#define CP_SESKEY 40 +#define CP_SASKEY 41 +#define CP_INITSEQ 42 +#define CP_INITKEY 43 +#define CP_INITTSP 44 #define CP_MAXCODE CP_INITTSP #else #define CP_MAXCODE CP_VARLIST diff --git a/include/ntp_crypto.h b/include/ntp_crypto.h index ef226ad884..61eeb749eb 100644 --- a/include/ntp_crypto.h +++ b/include/ntp_crypto.h @@ -66,12 +66,10 @@ extern int crypto_public P((struct peer *, u_char *, u_int)); */ extern int crypto_flags; extern R_DH_PARAMS dh_params; -extern char * private_key_file; -extern u_int private_key_fstamp; -extern char * public_key_file; -extern u_int public_key_fstamp; -extern char * dh_params_file; -extern u_int dh_params_fstamp; -extern u_int sys_tai; +extern struct value host; /* public key/host name */ +extern struct value dhparam; /* Diffie-Hellman parameters */ +extern struct value dhpub; /* Diffie-Hellman public value */ +extern struct value tai_leap; /* TAI leapseconds table */ +extern u_int sys_tai; /* current UTC offset from TAI */ #endif /* PUBKEY */ #endif /* AUTOKEY */ diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c index 567ad4eb86..bbf5e10722 100644 --- a/ntpd/ntp_control.c +++ b/ntpd/ntp_control.c @@ -114,11 +114,11 @@ static struct ctl_var sys_var[] = { { CS_STABIL, RO, "stability" }, /* 18 */ { CS_VARLIST, RO, "sys_var_list" }, /* 19 */ #ifdef PUBKEY - { CS_PRIVATE, RO, "privatekey" }, /* 120 */ + { CS_HOST, RO, "hostname" }, /* 20 */ { CS_PUBLIC, RO, "publickey" }, /* 21 */ - { CS_DHPARAMS, RO, "dhparams" }, /* 22 */ - { CS_HOSTNAM, RO, "hostname" }, /* 23 */ - { CS_REVTIME, RO, "revoketime"}, /* 24 */ + { CS_DHPARAMS, RO, "agree" }, /* 22 */ + { CS_REVTIME, RO, "refresh"}, /* 23 */ + { CS_LEAPTAB, RO, "leaptable" }, /* 24 */ { CS_TAI, RO, "tai"}, /* 25 */ #endif /* PUBKEY */ { 0, EOV, "" } @@ -150,11 +150,10 @@ static u_char def_sys_var[] = { CS_COMPLIANCE, CS_STABIL, #ifdef PUBKEY - CS_PRIVATE, - CS_PUBLIC, + CS_HOST, CS_DHPARAMS, - CS_HOSTNAM, CS_REVTIME, + CS_LEAPTAB, CS_TAI, #endif /* PUBKEY */ 0 @@ -204,12 +203,13 @@ static struct ctl_var peer_var[] = { { CP_DISP, PADDING,"" }, /* 36 */ { CP_VARLIST, RO, "peer_var_list" }, /* 37 */ #ifdef PUBKEY - { CP_PUBLIC, RO, "publickey" }, /* 38 */ - { CP_SESKEY, RO, "pcookie" }, /* 39 */ - { CP_SASKEY, RO, "hcookie" }, /* 40 */ - { CP_INITSEQ, RO, "initsequence" }, /* 41 */ - { CP_INITKEY, RO, "initkey" }, /* 42 */ - { CP_INITTSP, RO, "timestamp" }, /* 43 */ + { CP_HOST, RO, "hostname" }, /* 38 */ + { CP_PUBLIC, RO, "publickey" }, /* 39 */ + { CP_SESKEY, RO, "pcookie" }, /* 40 */ + { CP_SASKEY, RO, "hcookie" }, /* 41 */ + { CP_INITSEQ, RO, "initsequence" }, /* 42 */ + { CP_INITKEY, RO, "initkey" }, /* 43 */ + { CP_INITTSP, RO, "timestamp" }, /* 44 */ #endif /* PUBKEY */ { 0, EOV, "" } }; @@ -249,7 +249,7 @@ static u_char def_peer_var[] = { CP_FILTOFFSET, CP_FILTERROR, #ifdef PUBKEY - CP_PUBLIC, + CP_HOST, CP_SESKEY, CP_INITSEQ, #endif /* PUBKEY */ @@ -1151,9 +1151,6 @@ ctl_putsys( #ifdef HAVE_UNAME char str[256]; #endif -#ifdef PUBKEY - char str1[256]; -#endif ?* PUBKEY */ switch (varid) { @@ -1320,46 +1317,30 @@ ctl_putsys( break; #ifdef PUBKEY - case CS_PRIVATE: - if (private_key_file == NULL) + case CS_HOST: + ctl_putstr(sys_var[CS_HOST].text, sys_hostname, + strlen(sys_hostname)); + if (host.fstamp == 0) break; - strcpy(str1, private_key_file); - if (private_key_fstamp != 0) - sprintf(str1, "%s.%u", str1, private_key_fstamp); - ctl_putstr(sys_var[CS_PRIVATE].text, str1, strlen(str1)); - break; - - case CS_PUBLIC: - if (public_key_file == NULL) - break; - strcpy(str1, public_key_file); - if (public_key_fstamp != 0) - sprintf(str1, "%s.%u", str1, public_key_fstamp); - ctl_putstr(sys_var[CS_PUBLIC].text, str1, strlen(str1)); + ctl_putuint(sys_var[CS_PUBLIC].text, host.fstamp); break; case CS_DHPARAMS: - if (dh_params_file == NULL) + if (dhparam.fstamp == 0) break; - strcpy(str1, dh_params_file); - if (dh_params_fstamp != 0) - sprintf(str1, "%s.%u", str1, dh_params_fstamp); - ctl_putstr(sys_var[CS_DHPARAMS].text, str1, - strlen(str1)); + ctl_putuint(sys_var[CS_DHPARAMS].text, dhparam.fstamp); break; - case CS_HOSTNAM: - if (sys_hostname == NULL) + case CS_REVTIME: + if (dhpub.fstamp == 0) break; - ctl_putstr(sys_var[CS_HOSTNAM].text, sys_hostname, - strlen(sys_hostname)); + ctl_putuint(sys_var[CS_REVTIME].text, dhpub.fstamp); break; - case CS_REVTIME: - if (sys_revoketime.l_ui == 0) + case CS_LEAPTAB: + if (tai_leap.fstamp == 0) break; - ctl_putuint(sys_var[CS_REVTIME].text, - sys_revoketime.l_ui); + ctl_putuint(sys_var[CS_LEAPTAB].text, tai_leap.fstamp); break; case CS_TAI: @@ -1381,10 +1362,6 @@ ctl_putpeer( struct peer *peer ) { -#ifdef PUBKEY - u_int len; -#endif /* PUBKEY */ - switch (varid) { case CP_CONFIG: @@ -1598,11 +1575,13 @@ ctl_putpeer( } break; #ifdef PUBKEY - case CP_PUBLIC: - if (peer->keystr == NULL) - break; - len = strlen(peer->keystr); - ctl_putstr(peer_var[CP_PUBLIC].text, peer->keystr, len); + case CP_HOST: + if (peer->keystr != NULL) + ctl_putstr(peer_var[CP_HOST].text, peer->keystr, + strlen(peer->keystr)); + if (peer->fstamp != 0) + ctl_putuint(peer_var[CP_PUBLIC].text, + peer->fstamp); break; case CP_SESKEY: @@ -1610,15 +1589,19 @@ ctl_putpeer( ctl_puthex(peer_var[CP_SESKEY].text, peer->pcookie.key); if (peer->hcookie != 0) - ctl_puthex(peer_var[CP_SASKEY].text, peer->hcookie); + ctl_puthex(peer_var[CP_SASKEY].text, + peer->hcookie); break; case CP_INITSEQ: if (peer->recauto.key == 0) break; - ctl_putint(peer_var[CP_INITSEQ].text, peer->recauto.seq); - ctl_puthex(peer_var[CP_INITKEY].text, peer->recauto.key); - ctl_putuint(peer_var[CP_INITTSP].text, peer->recauto.tstamp); + ctl_putint(peer_var[CP_INITSEQ].text, + peer->recauto.seq); + ctl_puthex(peer_var[CP_INITKEY].text, + peer->recauto.key); + ctl_putuint(peer_var[CP_INITTSP].text, + peer->recauto.tstamp); break; #endif /* PUBKEY */ } diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c index c26331fe52..407fd42ed7 100644 --- a/ntpd/ntp_crypto.c +++ b/ntpd/ntp_crypto.c @@ -84,35 +84,36 @@ */ static R_RSA_PRIVATE_KEY private_key; /* RSA private key */ static R_RSA_PUBLIC_KEY public_key; /* RSA public key */ -static struct value host; /* host name/public key */ -static struct value dhparam; /* Diffie_Hellman parameters */ -static struct value dhpub; /* Diffie_Hellman public value */ -static struct value tai_leap; /* TAI leapseconds table */ static u_char *dh_private; /* DH private value */ static u_int dh_keyLen; /* DH private value length */ +static char *keysdir = "/usr/local/etc/"; /* crypto keys directory */ +static char *private_key_file = NULL; /* private key file */ +static char *public_key_file = NULL; /* public key file */ +static char *dh_params_file = NULL; /* DH parameters file */ +static char *tai_leap_file = NULL; /* TAI leapseconds file */ + + +/* + * Global cryptodata in network byte order + */ +struct value host; /* host name/public key */ +struct value dhparam; /* Diffie_Hellman parameters */ +struct value dhpub; /* Diffie_Hellman public value */ +struct value tai_leap; /* TAI leapseconds table */ /* * Global cryptodata in host byte order. */ int crypto_flags; /* flags that wave cryptically */ R_DH_PARAMS dh_params; /* Diffie-Hellman parameters */ -char *private_key_file = NULL; /* private key file */ -u_int private_key_fstamp; /* RSA private key filestamp */ -char *public_key_file = NULL; /* public key file */ -u_int public_key_fstamp; /* RSA public key filestamp */ -char *dh_params_file = NULL; /* DH parameters file */ -u_int dh_params_fstamp; /* DH parameters filestamp */ -char *keysdir = "/usr/local/etc/"; /* crypto keys directory */ -u_int tai_leap_fstamp; /* TAI leapseconds filestamp */ -char *tai_leap_file = NULL; /* TAI leapseconds file */ u_int sys_tai; /* current UTC offset from TAI */ /* * Cryptotypes */ -static void crypto_rsa P((char *, u_int *, u_char *, u_int)); -static void crypto_dh P((char *, u_int *)); -static void crypto_tai P((char *, u_int *)); +static u_int crypto_rsa P((char *, u_char *, u_int)); +static void crypto_dh P((char *)); +static void crypto_tai P((char *)); #endif /* PUBKEY */ @@ -470,7 +471,7 @@ crypto_recv( rval, temp, tstamp, ntohl(vp->fstamp)); #endif - if (rval != RV_OK) + if (rval != RV_OK || temp == 0) break; /* @@ -479,7 +480,7 @@ crypto_recv( * the private key length is set arbitrarily at * half the prime length. */ - dhparam.fstamp = htonl(vp->fstamp); + dhparam.fstamp = vp->fstamp; dhparam.vallen = vp->vallen; if (dhparam.val != NULL) free(dhparam.val); @@ -503,7 +504,7 @@ crypto_recv( * Initialize Diffie-Hellman public value * extension field. */ - dhpub.fstamp = htonl(vp->fstamp); + dhpub.fstamp = vp->fstamp; dhpub.vallen = htonl(dh_params.primeLen); if (dhpub.val != NULL) free(dhpub.val); @@ -551,7 +552,7 @@ crypto_recv( * value. We use only the first u_int32 for the * host cookie. Wasteful. */ - if (rval != RV_OK) { + if (rval != RV_OK || temp == 0) { temp = 0; } else { rval = R_ComputeDHAgreedKey(dh_key, @@ -616,7 +617,8 @@ crypto_recv( peer->keystr = emalloc(temp); strcpy(peer->keystr, (char *)&pkt[j]); - peer->fstamp = tstamp; + peer->fstamp = + ntohl(vp->fstamp); peer->flash &= ~TEST10; } } @@ -658,14 +660,14 @@ crypto_recv( rval, temp, tstamp, ntohl(vp->fstamp)); #endif - if (rval != RV_OK) + if (rval != RV_OK || temp == 0) break; /* * Initialize TAI leapsecond table and extension * field in network byte order. */ - tai_leap.fstamp = htonl(vp->fstamp); + tai_leap.fstamp = vp->fstamp; tai_leap.vallen = vp->vallen; if (tai_leap.val == NULL) free(tai_leap.val); @@ -677,10 +679,6 @@ crypto_recv( memcpy(pp, &vp->val, temp); sys_tai = temp / 4 + TAI_1972; crypto_agree(); - -for (i = 0; i < temp / 4; i++) - printf("xxx %u %u\n", i, ntohl(*pp++)); - break; #endif /* PUBKEY */ @@ -926,6 +924,7 @@ void crypto_setup(void) { char filename[MAXFILENAME]; + u_int fstamp; /* filestamp */ u_int len, temp; u_int32 *pp; @@ -938,19 +937,15 @@ crypto_setup(void) memset(&host, 0, sizeof(host)); memset(&dhparam, 0, sizeof(dhparam)); memset(&dhpub, 0, sizeof(dhpub)); + memset(&tai_leap, 0, sizeof(tai_leap)); /* * Load required RSA private key from file, default "ntpkey". */ if (private_key_file == NULL) private_key_file = "ntpkey"; - crypto_rsa(private_key_file, &private_key_fstamp, - (u_char *)&private_key, sizeof(R_RSA_PRIVATE_KEY)); - if (private_key.bits == 0) { - msyslog(LOG_ERR, - "crypto_setup: required RSA private key file missing or corrupted"); - exit; - } + host.fstamp = htonl(crypto_rsa(private_key_file, + (u_char *)&private_key, sizeof(R_RSA_PRIVATE_KEY))); /* * Load required RSA public key from file, default @@ -963,18 +958,13 @@ crypto_setup(void) public_key_file = emalloc(strlen(filename) + 1); strcpy(public_key_file, filename); } - crypto_rsa(public_key_file, &public_key_fstamp, - (u_char *)&public_key, sizeof(R_RSA_PUBLIC_KEY)); - if (public_key.bits == 0) { + fstamp = htonl(crypto_rsa(public_key_file, + (u_char *)&public_key, sizeof(R_RSA_PUBLIC_KEY))); + if (fstamp != host.fstamp || strstr(public_key_file, + sys_hostname) == NULL) { msyslog(LOG_ERR, - "crypto_setup: required RSA public key file missing or corrupted"); - exit; - } - if (strstr(public_key_file, sys_hostname) == NULL) { - msyslog(LOG_ERR, - "crypto_setup: RSA public key file %s not generated by this host", - public_key_file); - exit; + "RSA public/private key files mismatch"); + exit (-1); } /* @@ -987,7 +977,6 @@ crypto_setup(void) strcpy(filename, sys_hostname); for (len = strlen(filename) + 1; len % 4 != 0; len++) filename[len - 1] = 0; - host.fstamp = htonl(public_key_fstamp); temp = sizeof(R_RSA_PUBLIC_KEY) - sizeof(u_int) + 4; host.vallen = htonl(temp + len); host.val = emalloc(temp + len); @@ -995,7 +984,6 @@ crypto_setup(void) *pp++ = htonl(public_key.bits); memcpy(pp, &public_key.modulus, temp - 4); memcpy(&host.val[temp], filename, len); - temp = private_key.bits / 8; host.sig = emalloc(private_key.bits / 8); /* @@ -1006,7 +994,7 @@ crypto_setup(void) */ if (dh_params_file == NULL) dh_params_file = "ntpkey_dh"; - crypto_dh(dh_params_file, &dh_params_fstamp); + crypto_dh(dh_params_file); /* * Load optional TAI leapseconds file, default "leap-second". If @@ -1016,7 +1004,7 @@ crypto_setup(void) */ if (tai_leap_file == NULL) tai_leap_file = "leap-seconds"; - crypto_tai(tai_leap_file, &tai_leap_fstamp); + crypto_tai(tai_leap_file); } @@ -1029,8 +1017,7 @@ crypto_agree(void) R_RANDOM_STRUCT randomstr; /* wiggle bits */ R_SIGNATURE_CTX ctx; /* signature context */ u_int len, temp; - int rval; - int i; + int rval, i; /* * Sign host name and timestamps. @@ -1042,14 +1029,14 @@ crypto_agree(void) rval = R_SignFinal(&ctx, host.sig, &len, &private_key); if (rval != RV_OK || len != private_key.bits / 8) { msyslog(LOG_ERR, "host signature fails %x", rval); - exit(1); + exit (-1); } host.siglen = ntohl(len); /* * Sign Diffie-Hellman parameters and timestamps. */ - if (dhparam.vallen > 0) { + if (dhparam.vallen != 0) { dhparam.tstamp = htonl(sys_revoketime.l_ui); R_SignInit(&ctx, DA_MD5); R_SignUpdate(&ctx, (u_char *)&dhparam, 12); @@ -1059,31 +1046,29 @@ crypto_agree(void) if (rval != RV_OK || len != private_key.bits / 8) { msyslog(LOG_ERR, "DH parameters signature fails %x", rval); - exit(1); + exit (-11); } dhparam.siglen = ntohl(len); - } - /* - * Compute Diffie-Hellman public value. - */ - R_RandomInit(&randomstr); - R_GetRandomBytesNeeded(&len, &randomstr); - for (i = 0; i < len; i++) { - temp = RANDOM; - R_RandomUpdate(&randomstr, (u_char *)&temp, 1); - } - rval = R_SetupDHAgreement(dhpub.val, dh_private, dh_keyLen, - &dh_params, &randomstr); - if (rval != RV_OK) { - msyslog(LOG_ERR, "invalid DH parameters"); - exit(1); - } + /* + * Compute Diffie-Hellman public value. + */ + R_RandomInit(&randomstr); + R_GetRandomBytesNeeded(&len, &randomstr); + for (i = 0; i < len; i++) { + temp = RANDOM; + R_RandomUpdate(&randomstr, (u_char *)&temp, 1); + } + rval = R_SetupDHAgreement(dhpub.val, dh_private, + dh_keyLen, &dh_params, &randomstr); + if (rval != RV_OK) { + msyslog(LOG_ERR, "invalid DH parameters"); + exit (-1); + } - /* - * Sign Diffie-Hellman public value and timestamps. - */ - if (dhpub.vallen > 0) { + /* + * Sign Diffie-Hellman public value and timestamps. + */ dhpub.tstamp = htonl(sys_revoketime.l_ui); R_SignInit(&ctx, DA_MD5); R_SignUpdate(&ctx, (u_char *)&dhpub, 12); @@ -1093,7 +1078,7 @@ crypto_agree(void) if (rval != RV_OK || len != private_key.bits / 8) { msyslog(LOG_ERR, "DH public value signature fails %x", rval); - exit(1); + exit (-1); } dhpub.siglen = ntohl(len); } @@ -1101,7 +1086,7 @@ crypto_agree(void) /* * Sign TAI leapsecond table and timestamps. */ - if (tai_leap.vallen > 0) { + if (tai_leap.vallen != 0) { tai_leap.tstamp = htonl(sys_revoketime.l_ui); R_SignInit(&ctx, DA_MD5); R_SignUpdate(&ctx, (u_char *)&tai_leap, 12); @@ -1112,7 +1097,7 @@ crypto_agree(void) if (rval != RV_OK || len != private_key.bits / 8) { msyslog(LOG_ERR, "TAI leapseconds signature fails %x", rval); - exit(1); + exit (-1); } tai_leap.siglen = ntohl(len); } @@ -1129,10 +1114,9 @@ crypto_agree(void) /* * crypto_rsa - read RSA key, decode and check for errors. */ -static void +u_int crypto_rsa( char *cp, /* file name */ - u_int *fstamp, /* filestamp */ u_char *key, /* key pointer */ u_int keylen /* key length */ ) @@ -1142,6 +1126,7 @@ crypto_rsa( u_char encoded_key[MAX_ENCLEN]; /* encoded key buffer */ char filename[MAXFILENAME]; /* name of parameter file */ char linkname[MAXFILENAME]; /* file link (for filestamp) */ + u_int fstamp; /* filestamp */ u_int bits, len; char *rptr; int rval; @@ -1158,7 +1143,7 @@ crypto_rsa( str = fopen(filename, "r"); if (str == NULL) { msyslog(LOG_ERR, "RSA file %s not found", filename); - return; + exit (-1); } /* @@ -1196,7 +1181,7 @@ crypto_rsa( if (rval != RV_OK) { fclose(str); msyslog(LOG_ERR, "RSA file %s error %x", cp, rval); - return; + exit (-1); } fclose(str); *(u_int *)buf = bits; @@ -1213,24 +1198,25 @@ crypto_rsa( rptr = strrchr(filename, '.'); } if (rptr != NULL) - sscanf(++rptr, "%u", fstamp); + sscanf(++rptr, "%u", &fstamp); + else + fstamp = 0; #ifdef DEBUG if (debug) printf( "crypto_rsa: RSA file %s link %d fs %u modulus %d\n", - cp, rval, *fstamp, bits); + cp, rval, fstamp, bits); #endif - return; + return (fstamp); } /* * crypto_dh - read DH parameters, decode and check for errors. */ -static void +void crypto_dh( - char *cp, /* file name */ - u_int *fstamp /* filestamp */ + char *cp /* file name */ ) { FILE *str; /* file handle */ @@ -1242,6 +1228,7 @@ crypto_dh( u_int generatorlen; /* generator length (octets) */ char filename[MAXFILENAME]; /* name of parameter file */ char linkname[MAXFILENAME]; /* file link (for filestamp) */ + u_int fstamp; /* filestamp */ u_int32 *pp; u_int len; char *rptr; @@ -1363,17 +1350,18 @@ crypto_dh( } else { rptr = strrchr(filename, '.'); } - if (rptr != NULL) { - sscanf(++rptr, "%u", fstamp); - dhparam.fstamp = htonl(*fstamp); - dhpub.fstamp = htonl(*fstamp); - } + if (rptr != NULL) + sscanf(++rptr, "%u", &fstamp); + else + fstamp = 0; + dhparam.fstamp = htonl(fstamp); + dhpub.fstamp = htonl(fstamp); #ifdef DEBUG if (debug) printf( "crypto_dh: DH file %s link %d fs %u prime %u gen %u\n", - dh_params_file, rval, dh_params_fstamp, - dh_params.primeLen, dh_params.generatorLen); + dh_params_file, rval, fstamp, dh_params.primeLen, + dh_params.generatorLen); #endif } @@ -1381,10 +1369,9 @@ crypto_dh( /* * crypto_tai - read TAI offset table and check for errors. */ -static void +void crypto_tai( - char *cp, /* file name */ - u_int *fstamp /* filestamp */ + char *cp /* file name */ ) { FILE *str; /* file handle */ @@ -1393,6 +1380,7 @@ crypto_tai( u_int offset; /* offset at leap (s) */ char filename[MAXFILENAME]; /* name of parameter file */ char linkname[MAXFILENAME]; /* file link (for filestamp) */ + u_int fstamp; /* filestamp */ u_int32 *pp; u_int len; char *rptr; @@ -1463,15 +1451,16 @@ crypto_tai( } else { rptr = strrchr(filename, '.'); } - if (rptr != NULL) { - sscanf(++rptr, "%u", fstamp); - tai_leap.fstamp = htonl(*fstamp); - } + if (rptr != NULL) + sscanf(++rptr, "%u", &fstamp); + else + fstamp = 0; + tai_leap.fstamp = htonl(fstamp); #ifdef DEBUG if (debug) printf( "crypto_tai: TAI file %s link %d fs %u offset %u\n", - tai_leap_file, rval, tai_leap_fstamp, + tai_leap_file, rval, fstamp, ntohl(tai_leap.vallen) / 4 + TAI_1972); #endif } diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index 9b5af41c0d..e1d78a3243 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -2025,6 +2025,11 @@ peer_xmit( sendlen += crypto_xmit((u_int32 *)&xpkt, sendlen, CRYPTO_NAME, peer->pcookie.key, peer->assoc); + else if (crypto_flags & CRYPTO_FLAG_TAI && + sys_tai == 0) + sendlen += crypto_xmit((u_int32 *)&xpkt, + sendlen, CRYPTO_TAI, + peer->pcookie.key, peer->assoc); else #endif /* PUBKEY */ if (peer->pcookie.tstamp == 0) diff --git a/ntpq/ntpq.c b/ntpq/ntpq.c index 85c2b639fc..912dc85063 100644 --- a/ntpq/ntpq.c +++ b/ntpq/ntpq.c @@ -115,13 +115,6 @@ struct ctl_var sys_var[] = { { CS_SYSTEM, ST, "system" }, /* 16 */ { CS_STABIL, FS, "stability" }, /* 17 */ { CS_VARLIST, ST, "sys_var_list" }, /* 18 */ -#ifdef PUBKEY - { CS_PRIVATE, ST, "privatekey" }, /* 19 */ - { CS_PUBLIC, ST, "publickey" }, /* 20 */ - { CS_DHPARAMS, ST, "dhparams" }, /* 21 */ - { CS_HOSTNAM, ST, "hostname" }, /* 22 */ - { CS_REVTIME, TS, "revoketime" }, /* 23 */ -#endif /* PUBKEY */ { 0, EOV, "" } };