The following patch has been taken from the ntp-stable vendor branch.

Put everything OpenSSL related between #ifdef OPENSSL..#endif.

This also fixes bugs #252, #275 & #293.

See
<http://ntp.bkbits.net:8080/ntp-stable/hist/util/ntp-keygen.c?nav=index.html|src/+|src/util>
for reference.

Submitted by:	Marius Strobl <marius@alchemy.franken.de>
This commit is contained in:
roberto 2004-07-22 09:16:04 +00:00
parent 118e757284
commit 515bd10243

View File

@ -159,7 +159,9 @@ u_long asn2ntp P((ASN1_TIME *));
extern char *optarg; /* command line argument */ extern char *optarg; /* command line argument */
int debug = 0; /* debug, not de bug */ int debug = 0; /* debug, not de bug */
int rval; /* return status */ int rval; /* return status */
#ifdef OPENSSL
u_int modulus = PLEN; /* prime modulus size (bits) */ u_int modulus = PLEN; /* prime modulus size (bits) */
#endif
int nkeys = 0; /* MV keys */ int nkeys = 0; /* MV keys */
time_t epoch; /* Unix epoch (seconds) since 1970 */ time_t epoch; /* Unix epoch (seconds) since 1970 */
char *hostname; /* host name (subject name) */ char *hostname; /* host name (subject name) */
@ -221,7 +223,9 @@ main(
EVP_PKEY *pkey_iff = NULL; /* IFF parameters */ EVP_PKEY *pkey_iff = NULL; /* IFF parameters */
EVP_PKEY *pkey_gq = NULL; /* GQ parameters */ EVP_PKEY *pkey_gq = NULL; /* GQ parameters */
EVP_PKEY *pkey_mv = NULL; /* MV parameters */ EVP_PKEY *pkey_mv = NULL; /* MV parameters */
#endif
int md5key = 0; /* generate MD5 keys */ int md5key = 0; /* generate MD5 keys */
#ifdef OPENSSL
int hostkey = 0; /* generate RSA keys */ int hostkey = 0; /* generate RSA keys */
int iffkey = 0; /* generate IFF parameters */ int iffkey = 0; /* generate IFF parameters */
int gqpar = 0; /* generate GQ parameters */ int gqpar = 0; /* generate GQ parameters */
@ -231,7 +235,6 @@ main(
char *sign = NULL; /* sign key */ char *sign = NULL; /* sign key */
EVP_PKEY *pkey = NULL; /* temp key */ EVP_PKEY *pkey = NULL; /* temp key */
const EVP_MD *ectx; /* EVP digest */ const EVP_MD *ectx; /* EVP digest */
char hostbuf[MAXHOSTNAME + 1];
char pathbuf[MAXFILENAME + 1]; char pathbuf[MAXFILENAME + 1];
const char *scheme = NULL; /* digest/signature scheme */ const char *scheme = NULL; /* digest/signature scheme */
char *exten = NULL; /* private extension */ char *exten = NULL; /* private extension */
@ -240,6 +243,7 @@ main(
FILE *fstr = NULL; /* file handle */ FILE *fstr = NULL; /* file handle */
int iffsw = 0; /* IFF key switch */ int iffsw = 0; /* IFF key switch */
#endif /* OPENSSL */ #endif /* OPENSSL */
char hostbuf[MAXHOSTNAME + 1];
u_int temp; u_int temp;
#ifdef SYS_WINNT #ifdef SYS_WINNT
@ -267,8 +271,10 @@ main(
*/ */
gethostname(hostbuf, MAXHOSTNAME); gethostname(hostbuf, MAXHOSTNAME);
hostname = hostbuf; hostname = hostbuf;
#ifdef OPENSSL
trustname = hostbuf; trustname = hostbuf;
passwd1 = hostbuf; passwd1 = hostbuf;
#endif
#ifndef SYS_WINNT #ifndef SYS_WINNT
gettimeofday(&tv, 0); gettimeofday(&tv, 0);
#else #else
@ -277,15 +283,22 @@ main(
epoch = tv.tv_sec; epoch = tv.tv_sec;
rval = 0; rval = 0;
while ((temp = getopt(argc, argv, while ((temp = getopt(argc, argv,
"c:deGgHIi:Mm:nPp:q:S:s:TV:v:")) != -1) { #ifdef OPENSSL
"c:deGgHIi:Mm:nPp:q:S:s:TV:v:"
#else
"dM"
#endif
)) != -1) {
switch(temp) { switch(temp) {
#ifdef OPENSSL
/* /*
* -c select public certificate type * -c select public certificate type
*/ */
case 'c': case 'c':
scheme = optarg; scheme = optarg;
continue; continue;
#endif
/* /*
* -d debug * -d debug
@ -294,47 +307,59 @@ main(
debug++; debug++;
continue; continue;
#ifdef OPENSSL
/* /*
* -e write identity keys * -e write identity keys
*/ */
case 'e': case 'e':
iffsw++; iffsw++;
continue; continue;
#endif
#ifdef OPENSSL
/* /*
* -G generate GQ parameters and keys * -G generate GQ parameters and keys
*/ */
case 'G': case 'G':
gqpar++; gqpar++;
continue; continue;
#endif
#ifdef OPENSSL
/* /*
* -g update GQ keys * -g update GQ keys
*/ */
case 'g': case 'g':
gqkey++; gqkey++;
continue; continue;
#endif
#ifdef OPENSSL
/* /*
* -H generate host key (RSA) * -H generate host key (RSA)
*/ */
case 'H': case 'H':
hostkey++; hostkey++;
continue; continue;
#endif
#ifdef OPENSSL
/* /*
* -I generate IFF parameters * -I generate IFF parameters
*/ */
case 'I': case 'I':
iffkey++; iffkey++;
continue; continue;
#endif
#ifdef OPENSSL
/* /*
* -i set issuer name * -i set issuer name
*/ */
case 'i': case 'i':
trustname = optarg; trustname = optarg;
continue; continue;
#endif
/* /*
* -M generate MD5 keys * -M generate MD5 keys
@ -343,7 +368,7 @@ main(
md5key++; md5key++;
continue; continue;
#ifdef OPENSSL
/* /*
* -m select modulus (256-2048) * -m select modulus (256-2048)
*/ */
@ -352,49 +377,63 @@ main(
fprintf(stderr, fprintf(stderr,
"invalid option -m %s\n", optarg); "invalid option -m %s\n", optarg);
continue; continue;
#endif
#ifdef OPENSSL
/* /*
* -P generate PC private certificate * -P generate PC private certificate
*/ */
case 'P': case 'P':
exten = EXT_KEY_PRIVATE; exten = EXT_KEY_PRIVATE;
continue; continue;
#endif
#ifdef OPENSSL
/* /*
* -p output private key password * -p output private key password
*/ */
case 'p': case 'p':
passwd2 = optarg; passwd2 = optarg;
continue; continue;
#endif
#ifdef OPENSSL
/* /*
* -q input private key password * -q input private key password
*/ */
case 'q': case 'q':
passwd1 = optarg; passwd1 = optarg;
continue; continue;
#endif
#ifdef OPENSSL
/* /*
* -S generate sign key (RSA or DSA) * -S generate sign key (RSA or DSA)
*/ */
case 'S': case 'S':
sign = optarg; sign = optarg;
continue; continue;
#endif
#ifdef OPENSSL
/* /*
* -s set subject name * -s set subject name
*/ */
case 's': case 's':
hostname = optarg; hostname = optarg;
continue; continue;
#endif
#ifdef OPENSSL
/* /*
* -T trusted certificate (TC scheme) * -T trusted certificate (TC scheme)
*/ */
case 'T': case 'T':
exten = EXT_KEY_TRUST; exten = EXT_KEY_TRUST;
continue; continue;
#endif
#ifdef OPENSSL
/* /*
* -V <keys> generate MV parameters * -V <keys> generate MV parameters
*/ */
@ -404,7 +443,9 @@ main(
fprintf(stderr, fprintf(stderr,
"invalid option -V %s\n", optarg); "invalid option -V %s\n", optarg);
continue; continue;
#endif
#ifdef OPENSSL
/* /*
* -v <key> update MV keys * -v <key> update MV keys
*/ */
@ -414,6 +455,7 @@ main(
fprintf(stderr, fprintf(stderr,
"invalid option -v %s\n", optarg); "invalid option -v %s\n", optarg);
continue; continue;
#endif
/* /*
* None of the above. * None of the above.
@ -446,6 +488,7 @@ main(
fprintf(stderr, fprintf(stderr,
"Random seed file %s %u bytes\n", pathbuf, temp); "Random seed file %s %u bytes\n", pathbuf, temp);
RAND_add(&epoch, sizeof(epoch), 4.0); RAND_add(&epoch, sizeof(epoch), 4.0);
#endif
/* /*
* Generate new parameters and keys as requested. These replace * Generate new parameters and keys as requested. These replace
@ -453,6 +496,7 @@ main(
*/ */
if (md5key) if (md5key)
gen_md5("MD5"); gen_md5("MD5");
#ifdef OPENSSL
if (hostkey) if (hostkey)
pkey_host = genkey("RSA", "host"); pkey_host = genkey("RSA", "host");
if (sign != NULL) if (sign != NULL)
@ -714,7 +758,7 @@ gen_md5(
} }
md5key[j] = (u_char)temp; md5key[j] = (u_char)temp;
} }
md5key[16] = '\0'; md5key[15] = '\0';
fprintf(str, "%2d MD5 %16s # MD5 key\n", i, fprintf(str, "%2d MD5 %16s # MD5 key\n", i,
md5key); md5key);
} }
@ -1245,7 +1289,7 @@ gen_mv(
char *id /* file name id */ char *id /* file name id */
) )
{ {
EVP_PKEY *pkey; /* private key */ EVP_PKEY *pkey, *pkey1; /* private key */
DSA *dsa; /* DSA parameters */ DSA *dsa; /* DSA parameters */
DSA *sdsa; /* DSA parameters */ DSA *sdsa; /* DSA parameters */
BN_CTX *ctx; /* BN working space */ BN_CTX *ctx; /* BN working space */
@ -1284,7 +1328,7 @@ gen_mv(
modulus / n); modulus / n);
ctx = BN_CTX_new(); u = BN_new(); v = BN_new(); w = BN_new(); ctx = BN_CTX_new(); u = BN_new(); v = BN_new(); w = BN_new();
b = BN_new(); b1 = BN_new(); b = BN_new(); b1 = BN_new();
dsa = malloc(sizeof(DSA)); dsa = DSA_new();
dsa->p = BN_new(); dsa->p = BN_new();
dsa->q = BN_new(); dsa->q = BN_new();
dsa->g = BN_new(); dsa->g = BN_new();
@ -1589,7 +1633,7 @@ gen_mv(
* the designated recipient(s) who pay a suitably outrageous fee * the designated recipient(s) who pay a suitably outrageous fee
* for its use. * for its use.
*/ */
sdsa = malloc(sizeof(DSA)); sdsa = DSA_new();
sdsa->p = BN_dup(dsa->p); sdsa->p = BN_dup(dsa->p);
sdsa->q = BN_dup(BN_value_one()); sdsa->q = BN_dup(BN_value_one());
sdsa->g = BN_dup(BN_value_one()); sdsa->g = BN_dup(BN_value_one());
@ -1622,15 +1666,16 @@ gen_mv(
*/ */
sprintf(ident, "MVkey%d", j); sprintf(ident, "MVkey%d", j);
str = fheader(ident, trustname); str = fheader(ident, trustname);
pkey = EVP_PKEY_new(); pkey1 = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey, sdsa); EVP_PKEY_set1_DSA(pkey1, sdsa);
PEM_write_PrivateKey(str, pkey, passwd2 ? PEM_write_PrivateKey(str, pkey1, passwd2 ?
EVP_des_cbc() : NULL, NULL, 0, NULL, passwd2); EVP_des_cbc() : NULL, NULL, 0, NULL, passwd2);
fclose(str); fclose(str);
fprintf(stderr, "ntpkey_%s_%s.%lu\n", ident, trustname, fprintf(stderr, "ntpkey_%s_%s.%lu\n", ident, trustname,
epoch + JAN_1970); epoch + JAN_1970);
if (debug) if (debug)
DSA_print_fp(stdout, sdsa, 0); DSA_print_fp(stdout, sdsa, 0);
EVP_PKEY_free(pkey1);
} }
/* /*
@ -1643,7 +1688,7 @@ gen_mv(
BN_free(u); BN_free(v); BN_free(w); BN_CTX_free(ctx); BN_free(u); BN_free(v); BN_free(w); BN_CTX_free(ctx);
BN_free(b); BN_free(b1); BN_free(biga); BN_free(bige); BN_free(b); BN_free(b1); BN_free(biga); BN_free(bige);
BN_free(ss); BN_free(gbar); BN_free(ghat); BN_free(ss); BN_free(gbar); BN_free(ghat);
DSA_free(dsa); DSA_free(sdsa); DSA_free(sdsa);
/* /*
* Free the world. * Free the world.
@ -1883,7 +1928,6 @@ cb (
break; break;
} }
} }
#endif /* OPENSSL */
/* /*
@ -1907,6 +1951,7 @@ genkey(
rval = -1; rval = -1;
return (NULL); return (NULL);
} }
#endif /* OPENSSL */
/* /*