The following patch has been taken from the ntp-stable vendor branch.
Put everything OpenSSL related between #ifdef OPENSSL..#endif. This also fixes bugs #252, #275 & #293. See <http://ntp.bkbits.net:8080/ntp-stable/hist/util/ntp-keygen.c?nav=index.html|src/+|src/util> for reference. Submitted by: Marius Strobl <marius@alchemy.franken.de>
This commit is contained in:
parent
118e757284
commit
515bd10243
@ -159,7 +159,9 @@ u_long asn2ntp P((ASN1_TIME *));
|
|||||||
extern char *optarg; /* command line argument */
|
extern char *optarg; /* command line argument */
|
||||||
int debug = 0; /* debug, not de bug */
|
int debug = 0; /* debug, not de bug */
|
||||||
int rval; /* return status */
|
int rval; /* return status */
|
||||||
|
#ifdef OPENSSL
|
||||||
u_int modulus = PLEN; /* prime modulus size (bits) */
|
u_int modulus = PLEN; /* prime modulus size (bits) */
|
||||||
|
#endif
|
||||||
int nkeys = 0; /* MV keys */
|
int nkeys = 0; /* MV keys */
|
||||||
time_t epoch; /* Unix epoch (seconds) since 1970 */
|
time_t epoch; /* Unix epoch (seconds) since 1970 */
|
||||||
char *hostname; /* host name (subject name) */
|
char *hostname; /* host name (subject name) */
|
||||||
@ -221,7 +223,9 @@ main(
|
|||||||
EVP_PKEY *pkey_iff = NULL; /* IFF parameters */
|
EVP_PKEY *pkey_iff = NULL; /* IFF parameters */
|
||||||
EVP_PKEY *pkey_gq = NULL; /* GQ parameters */
|
EVP_PKEY *pkey_gq = NULL; /* GQ parameters */
|
||||||
EVP_PKEY *pkey_mv = NULL; /* MV parameters */
|
EVP_PKEY *pkey_mv = NULL; /* MV parameters */
|
||||||
|
#endif
|
||||||
int md5key = 0; /* generate MD5 keys */
|
int md5key = 0; /* generate MD5 keys */
|
||||||
|
#ifdef OPENSSL
|
||||||
int hostkey = 0; /* generate RSA keys */
|
int hostkey = 0; /* generate RSA keys */
|
||||||
int iffkey = 0; /* generate IFF parameters */
|
int iffkey = 0; /* generate IFF parameters */
|
||||||
int gqpar = 0; /* generate GQ parameters */
|
int gqpar = 0; /* generate GQ parameters */
|
||||||
@ -231,7 +235,6 @@ main(
|
|||||||
char *sign = NULL; /* sign key */
|
char *sign = NULL; /* sign key */
|
||||||
EVP_PKEY *pkey = NULL; /* temp key */
|
EVP_PKEY *pkey = NULL; /* temp key */
|
||||||
const EVP_MD *ectx; /* EVP digest */
|
const EVP_MD *ectx; /* EVP digest */
|
||||||
char hostbuf[MAXHOSTNAME + 1];
|
|
||||||
char pathbuf[MAXFILENAME + 1];
|
char pathbuf[MAXFILENAME + 1];
|
||||||
const char *scheme = NULL; /* digest/signature scheme */
|
const char *scheme = NULL; /* digest/signature scheme */
|
||||||
char *exten = NULL; /* private extension */
|
char *exten = NULL; /* private extension */
|
||||||
@ -240,6 +243,7 @@ main(
|
|||||||
FILE *fstr = NULL; /* file handle */
|
FILE *fstr = NULL; /* file handle */
|
||||||
int iffsw = 0; /* IFF key switch */
|
int iffsw = 0; /* IFF key switch */
|
||||||
#endif /* OPENSSL */
|
#endif /* OPENSSL */
|
||||||
|
char hostbuf[MAXHOSTNAME + 1];
|
||||||
u_int temp;
|
u_int temp;
|
||||||
|
|
||||||
#ifdef SYS_WINNT
|
#ifdef SYS_WINNT
|
||||||
@ -267,8 +271,10 @@ main(
|
|||||||
*/
|
*/
|
||||||
gethostname(hostbuf, MAXHOSTNAME);
|
gethostname(hostbuf, MAXHOSTNAME);
|
||||||
hostname = hostbuf;
|
hostname = hostbuf;
|
||||||
|
#ifdef OPENSSL
|
||||||
trustname = hostbuf;
|
trustname = hostbuf;
|
||||||
passwd1 = hostbuf;
|
passwd1 = hostbuf;
|
||||||
|
#endif
|
||||||
#ifndef SYS_WINNT
|
#ifndef SYS_WINNT
|
||||||
gettimeofday(&tv, 0);
|
gettimeofday(&tv, 0);
|
||||||
#else
|
#else
|
||||||
@ -277,15 +283,22 @@ main(
|
|||||||
epoch = tv.tv_sec;
|
epoch = tv.tv_sec;
|
||||||
rval = 0;
|
rval = 0;
|
||||||
while ((temp = getopt(argc, argv,
|
while ((temp = getopt(argc, argv,
|
||||||
"c:deGgHIi:Mm:nPp:q:S:s:TV:v:")) != -1) {
|
#ifdef OPENSSL
|
||||||
|
"c:deGgHIi:Mm:nPp:q:S:s:TV:v:"
|
||||||
|
#else
|
||||||
|
"dM"
|
||||||
|
#endif
|
||||||
|
)) != -1) {
|
||||||
switch(temp) {
|
switch(temp) {
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -c select public certificate type
|
* -c select public certificate type
|
||||||
*/
|
*/
|
||||||
case 'c':
|
case 'c':
|
||||||
scheme = optarg;
|
scheme = optarg;
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* -d debug
|
* -d debug
|
||||||
@ -294,47 +307,59 @@ main(
|
|||||||
debug++;
|
debug++;
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -e write identity keys
|
* -e write identity keys
|
||||||
*/
|
*/
|
||||||
case 'e':
|
case 'e':
|
||||||
iffsw++;
|
iffsw++;
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -G generate GQ parameters and keys
|
* -G generate GQ parameters and keys
|
||||||
*/
|
*/
|
||||||
case 'G':
|
case 'G':
|
||||||
gqpar++;
|
gqpar++;
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -g update GQ keys
|
* -g update GQ keys
|
||||||
*/
|
*/
|
||||||
case 'g':
|
case 'g':
|
||||||
gqkey++;
|
gqkey++;
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -H generate host key (RSA)
|
* -H generate host key (RSA)
|
||||||
*/
|
*/
|
||||||
case 'H':
|
case 'H':
|
||||||
hostkey++;
|
hostkey++;
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -I generate IFF parameters
|
* -I generate IFF parameters
|
||||||
*/
|
*/
|
||||||
case 'I':
|
case 'I':
|
||||||
iffkey++;
|
iffkey++;
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -i set issuer name
|
* -i set issuer name
|
||||||
*/
|
*/
|
||||||
case 'i':
|
case 'i':
|
||||||
trustname = optarg;
|
trustname = optarg;
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* -M generate MD5 keys
|
* -M generate MD5 keys
|
||||||
@ -343,7 +368,7 @@ main(
|
|||||||
md5key++;
|
md5key++;
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -m select modulus (256-2048)
|
* -m select modulus (256-2048)
|
||||||
*/
|
*/
|
||||||
@ -352,49 +377,63 @@ main(
|
|||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"invalid option -m %s\n", optarg);
|
"invalid option -m %s\n", optarg);
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -P generate PC private certificate
|
* -P generate PC private certificate
|
||||||
*/
|
*/
|
||||||
case 'P':
|
case 'P':
|
||||||
exten = EXT_KEY_PRIVATE;
|
exten = EXT_KEY_PRIVATE;
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -p output private key password
|
* -p output private key password
|
||||||
*/
|
*/
|
||||||
case 'p':
|
case 'p':
|
||||||
passwd2 = optarg;
|
passwd2 = optarg;
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -q input private key password
|
* -q input private key password
|
||||||
*/
|
*/
|
||||||
case 'q':
|
case 'q':
|
||||||
passwd1 = optarg;
|
passwd1 = optarg;
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -S generate sign key (RSA or DSA)
|
* -S generate sign key (RSA or DSA)
|
||||||
*/
|
*/
|
||||||
case 'S':
|
case 'S':
|
||||||
sign = optarg;
|
sign = optarg;
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -s set subject name
|
* -s set subject name
|
||||||
*/
|
*/
|
||||||
case 's':
|
case 's':
|
||||||
hostname = optarg;
|
hostname = optarg;
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -T trusted certificate (TC scheme)
|
* -T trusted certificate (TC scheme)
|
||||||
*/
|
*/
|
||||||
case 'T':
|
case 'T':
|
||||||
exten = EXT_KEY_TRUST;
|
exten = EXT_KEY_TRUST;
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -V <keys> generate MV parameters
|
* -V <keys> generate MV parameters
|
||||||
*/
|
*/
|
||||||
@ -404,7 +443,9 @@ main(
|
|||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"invalid option -V %s\n", optarg);
|
"invalid option -V %s\n", optarg);
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifdef OPENSSL
|
||||||
/*
|
/*
|
||||||
* -v <key> update MV keys
|
* -v <key> update MV keys
|
||||||
*/
|
*/
|
||||||
@ -414,6 +455,7 @@ main(
|
|||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"invalid option -v %s\n", optarg);
|
"invalid option -v %s\n", optarg);
|
||||||
continue;
|
continue;
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* None of the above.
|
* None of the above.
|
||||||
@ -446,6 +488,7 @@ main(
|
|||||||
fprintf(stderr,
|
fprintf(stderr,
|
||||||
"Random seed file %s %u bytes\n", pathbuf, temp);
|
"Random seed file %s %u bytes\n", pathbuf, temp);
|
||||||
RAND_add(&epoch, sizeof(epoch), 4.0);
|
RAND_add(&epoch, sizeof(epoch), 4.0);
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Generate new parameters and keys as requested. These replace
|
* Generate new parameters and keys as requested. These replace
|
||||||
@ -453,6 +496,7 @@ main(
|
|||||||
*/
|
*/
|
||||||
if (md5key)
|
if (md5key)
|
||||||
gen_md5("MD5");
|
gen_md5("MD5");
|
||||||
|
#ifdef OPENSSL
|
||||||
if (hostkey)
|
if (hostkey)
|
||||||
pkey_host = genkey("RSA", "host");
|
pkey_host = genkey("RSA", "host");
|
||||||
if (sign != NULL)
|
if (sign != NULL)
|
||||||
@ -714,7 +758,7 @@ gen_md5(
|
|||||||
}
|
}
|
||||||
md5key[j] = (u_char)temp;
|
md5key[j] = (u_char)temp;
|
||||||
}
|
}
|
||||||
md5key[16] = '\0';
|
md5key[15] = '\0';
|
||||||
fprintf(str, "%2d MD5 %16s # MD5 key\n", i,
|
fprintf(str, "%2d MD5 %16s # MD5 key\n", i,
|
||||||
md5key);
|
md5key);
|
||||||
}
|
}
|
||||||
@ -1245,7 +1289,7 @@ gen_mv(
|
|||||||
char *id /* file name id */
|
char *id /* file name id */
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
EVP_PKEY *pkey; /* private key */
|
EVP_PKEY *pkey, *pkey1; /* private key */
|
||||||
DSA *dsa; /* DSA parameters */
|
DSA *dsa; /* DSA parameters */
|
||||||
DSA *sdsa; /* DSA parameters */
|
DSA *sdsa; /* DSA parameters */
|
||||||
BN_CTX *ctx; /* BN working space */
|
BN_CTX *ctx; /* BN working space */
|
||||||
@ -1284,7 +1328,7 @@ gen_mv(
|
|||||||
modulus / n);
|
modulus / n);
|
||||||
ctx = BN_CTX_new(); u = BN_new(); v = BN_new(); w = BN_new();
|
ctx = BN_CTX_new(); u = BN_new(); v = BN_new(); w = BN_new();
|
||||||
b = BN_new(); b1 = BN_new();
|
b = BN_new(); b1 = BN_new();
|
||||||
dsa = malloc(sizeof(DSA));
|
dsa = DSA_new();
|
||||||
dsa->p = BN_new();
|
dsa->p = BN_new();
|
||||||
dsa->q = BN_new();
|
dsa->q = BN_new();
|
||||||
dsa->g = BN_new();
|
dsa->g = BN_new();
|
||||||
@ -1589,7 +1633,7 @@ gen_mv(
|
|||||||
* the designated recipient(s) who pay a suitably outrageous fee
|
* the designated recipient(s) who pay a suitably outrageous fee
|
||||||
* for its use.
|
* for its use.
|
||||||
*/
|
*/
|
||||||
sdsa = malloc(sizeof(DSA));
|
sdsa = DSA_new();
|
||||||
sdsa->p = BN_dup(dsa->p);
|
sdsa->p = BN_dup(dsa->p);
|
||||||
sdsa->q = BN_dup(BN_value_one());
|
sdsa->q = BN_dup(BN_value_one());
|
||||||
sdsa->g = BN_dup(BN_value_one());
|
sdsa->g = BN_dup(BN_value_one());
|
||||||
@ -1622,15 +1666,16 @@ gen_mv(
|
|||||||
*/
|
*/
|
||||||
sprintf(ident, "MVkey%d", j);
|
sprintf(ident, "MVkey%d", j);
|
||||||
str = fheader(ident, trustname);
|
str = fheader(ident, trustname);
|
||||||
pkey = EVP_PKEY_new();
|
pkey1 = EVP_PKEY_new();
|
||||||
EVP_PKEY_assign_DSA(pkey, sdsa);
|
EVP_PKEY_set1_DSA(pkey1, sdsa);
|
||||||
PEM_write_PrivateKey(str, pkey, passwd2 ?
|
PEM_write_PrivateKey(str, pkey1, passwd2 ?
|
||||||
EVP_des_cbc() : NULL, NULL, 0, NULL, passwd2);
|
EVP_des_cbc() : NULL, NULL, 0, NULL, passwd2);
|
||||||
fclose(str);
|
fclose(str);
|
||||||
fprintf(stderr, "ntpkey_%s_%s.%lu\n", ident, trustname,
|
fprintf(stderr, "ntpkey_%s_%s.%lu\n", ident, trustname,
|
||||||
epoch + JAN_1970);
|
epoch + JAN_1970);
|
||||||
if (debug)
|
if (debug)
|
||||||
DSA_print_fp(stdout, sdsa, 0);
|
DSA_print_fp(stdout, sdsa, 0);
|
||||||
|
EVP_PKEY_free(pkey1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -1643,7 +1688,7 @@ gen_mv(
|
|||||||
BN_free(u); BN_free(v); BN_free(w); BN_CTX_free(ctx);
|
BN_free(u); BN_free(v); BN_free(w); BN_CTX_free(ctx);
|
||||||
BN_free(b); BN_free(b1); BN_free(biga); BN_free(bige);
|
BN_free(b); BN_free(b1); BN_free(biga); BN_free(bige);
|
||||||
BN_free(ss); BN_free(gbar); BN_free(ghat);
|
BN_free(ss); BN_free(gbar); BN_free(ghat);
|
||||||
DSA_free(dsa); DSA_free(sdsa);
|
DSA_free(sdsa);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Free the world.
|
* Free the world.
|
||||||
@ -1883,7 +1928,6 @@ cb (
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL */
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -1907,6 +1951,7 @@ genkey(
|
|||||||
rval = -1;
|
rval = -1;
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
|
#endif /* OPENSSL */
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
Loading…
Reference in New Issue
Block a user