1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
/*
* ssl_init.c Common OpenSSL initialization code for the various
* programs which use it.
*
* Moved from ntpd/ntp_crypto.c crypto_setup()
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <ctype.h>
#include <ntp.h>
#include <ntp_debug.h>
#include <lib_strbuf.h>
#ifdef OPENSSL
#include "openssl/err.h"
#include "openssl/evp.h"
int ssl_init_done;
void
ssl_init(void)
{
if (ssl_init_done)
return;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ssl_init_done = 1;
}
void
ssl_check_version(void)
{
INIT_SSL();
}
#endif /* OPENSSL */
/*
* keytype_from_text returns OpenSSL NID for digest by name, and
* optionally the associated digest length.
*
* Used by ntpd authreadkeys(), ntpq and ntpdc keytype()
*/
int
keytype_from_text(
const char *text,
size_t *pdigest_len
)
{
const u_long max_digest_len = MAX_MAC_LEN - sizeof(keyid_t);
int key_type;
u_int digest_len;
#ifdef OPENSSL
u_char digest[EVP_MAX_MD_SIZE];
char * upcased;
char * pch;
EVP_MD_CTX ctx;
/*
* OpenSSL digest short names are capitalized, so uppercase the
* digest name before passing to OBJ_sn2nid(). If it is not
* recognized but begins with 'M' use NID_md5 to be consistent
* with past behavior.
*/
INIT_SSL();
LIB_GETBUF(upcased);
strncpy(upcased, text, LIB_BUFLENGTH);
for (pch = upcased; '\0' != *pch; pch++)
*pch = (char)toupper(*pch);
key_type = OBJ_sn2nid(upcased);
#else
key_type = 0;
#endif
if (!key_type && 'm' == tolower(text[0]))
key_type = NID_md5;
if (!key_type)
return 0;
if (NULL != pdigest_len) {
#ifdef OPENSSL
EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type));
EVP_DigestFinal(&ctx, digest, &digest_len);
if (digest_len + sizeof(keyid_t) > MAX_MAC_LEN) {
fprintf(stderr,
"key type %s %u octet digests are too big, max %lu\n",
keytype_name(key_type), digest_len,
max_digest_len);
msyslog(LOG_ERR,
"key type %s %u octet digests are too big, max %lu\n",
keytype_name(key_type), digest_len,
max_digest_len);
return 0;
}
#else
digest_len = 16;
#endif
*pdigest_len = digest_len;
}
return key_type;
}
/*
* keytype_name returns OpenSSL short name for digest by NID.
*
* Used by ntpq and ntpdc keytype()
*/
const char *
keytype_name(
int nid
)
{
static const char unknown_type[] = "(unknown key type)";
const char *name;
#ifdef OPENSSL
INIT_SSL();
name = OBJ_nid2sn(nid);
if (NULL == name)
name = unknown_type;
#else /* !OPENSSL follows */
if (NID_md5 == nid)
name = "MD5";
else
name = unknown_type;
#endif
return name;
}
/*
* Use getpassphrase() if configure.ac detected it, as Suns that
* have it truncate the password in getpass() to 8 characters.
*/
#ifdef HAVE_GETPASSPHRASE
# define getpass(str) getpassphrase(str)
#endif
/*
* getpass_keytype() -- shared between ntpq and ntpdc, only vaguely
* related to the rest of ssl_init.c.
*/
char *
getpass_keytype(
int keytype
)
{
char pass_prompt[64 + 11 + 1]; /* 11 for " Password: " */
snprintf(pass_prompt, sizeof(pass_prompt),
"%.64s Password: ", keytype_name(keytype));
return getpass(pass_prompt);
}
|
