Annotation of embedaddon/ntp/libntp/ssl_init.c, revision 1.1
1.1 ! misho 1: /*
! 2: * ssl_init.c Common OpenSSL initialization code for the various
! 3: * programs which use it.
! 4: *
! 5: * Moved from ntpd/ntp_crypto.c crypto_setup()
! 6: */
! 7: #ifdef HAVE_CONFIG_H
! 8: #include <config.h>
! 9: #endif
! 10: #include <ctype.h>
! 11: #include <ntp.h>
! 12: #include <ntp_debug.h>
! 13: #include <lib_strbuf.h>
! 14:
! 15: #ifdef OPENSSL
! 16: #include "openssl/err.h"
! 17: #include "openssl/evp.h"
! 18:
! 19:
! 20: int ssl_init_done;
! 21:
! 22: void
! 23: ssl_init(void)
! 24: {
! 25: if (ssl_init_done)
! 26: return;
! 27:
! 28: ERR_load_crypto_strings();
! 29: OpenSSL_add_all_algorithms();
! 30:
! 31: ssl_init_done = 1;
! 32: }
! 33:
! 34:
! 35: void
! 36: ssl_check_version(void)
! 37: {
! 38: if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) {
! 39: msyslog(LOG_WARNING,
! 40: "OpenSSL version mismatch. Built against %lx, you have %lx",
! 41: OPENSSL_VERSION_NUMBER, SSLeay());
! 42: fprintf(stderr,
! 43: "OpenSSL version mismatch. Built against %lx, you have %lx\n",
! 44: OPENSSL_VERSION_NUMBER, SSLeay());
! 45: }
! 46:
! 47: INIT_SSL();
! 48: }
! 49: #endif /* OPENSSL */
! 50:
! 51:
! 52: /*
! 53: * keytype_from_text returns OpenSSL NID for digest by name, and
! 54: * optionally the associated digest length.
! 55: *
! 56: * Used by ntpd authreadkeys(), ntpq and ntpdc keytype()
! 57: */
! 58: int
! 59: keytype_from_text(
! 60: const char *text,
! 61: size_t *pdigest_len
! 62: )
! 63: {
! 64: const u_long max_digest_len = MAX_MAC_LEN - sizeof(keyid_t);
! 65: int key_type;
! 66: u_int digest_len;
! 67: #ifdef OPENSSL
! 68: u_char digest[EVP_MAX_MD_SIZE];
! 69: char * upcased;
! 70: char * pch;
! 71: EVP_MD_CTX ctx;
! 72:
! 73: /*
! 74: * OpenSSL digest short names are capitalized, so uppercase the
! 75: * digest name before passing to OBJ_sn2nid(). If it is not
! 76: * recognized but begins with 'M' use NID_md5 to be consistent
! 77: * with past behavior.
! 78: */
! 79: INIT_SSL();
! 80: LIB_GETBUF(upcased);
! 81: strncpy(upcased, text, LIB_BUFLENGTH);
! 82: for (pch = upcased; '\0' != *pch; pch++)
! 83: *pch = (char)toupper(*pch);
! 84: key_type = OBJ_sn2nid(upcased);
! 85: #else
! 86: key_type = 0;
! 87: #endif
! 88:
! 89: if (!key_type && 'm' == tolower(text[0]))
! 90: key_type = NID_md5;
! 91:
! 92: if (!key_type)
! 93: return 0;
! 94:
! 95: if (NULL != pdigest_len) {
! 96: #ifdef OPENSSL
! 97: EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type));
! 98: EVP_DigestFinal(&ctx, digest, &digest_len);
! 99: if (digest_len + sizeof(keyid_t) > MAX_MAC_LEN) {
! 100: fprintf(stderr,
! 101: "key type %s %u octet digests are too big, max %lu\n",
! 102: keytype_name(key_type), digest_len,
! 103: max_digest_len);
! 104: msyslog(LOG_ERR,
! 105: "key type %s %u octet digests are too big, max %lu\n",
! 106: keytype_name(key_type), digest_len,
! 107: max_digest_len);
! 108: return 0;
! 109: }
! 110: #else
! 111: digest_len = 16;
! 112: #endif
! 113: *pdigest_len = digest_len;
! 114: }
! 115:
! 116: return key_type;
! 117: }
! 118:
! 119:
! 120: /*
! 121: * keytype_name returns OpenSSL short name for digest by NID.
! 122: *
! 123: * Used by ntpq and ntpdc keytype()
! 124: */
! 125: const char *
! 126: keytype_name(
! 127: int nid
! 128: )
! 129: {
! 130: static const char unknown_type[] = "(unknown key type)";
! 131: const char *name;
! 132:
! 133: #ifdef OPENSSL
! 134: INIT_SSL();
! 135: name = OBJ_nid2sn(nid);
! 136: if (NULL == name)
! 137: name = unknown_type;
! 138: #else /* !OPENSSL follows */
! 139: if (NID_md5 == nid)
! 140: name = "MD5";
! 141: else
! 142: name = unknown_type;
! 143: #endif
! 144: return name;
! 145: }
! 146:
! 147:
! 148: /*
! 149: * Use getpassphrase() if configure.ac detected it, as Suns that
! 150: * have it truncate the password in getpass() to 8 characters.
! 151: */
! 152: #ifdef HAVE_GETPASSPHRASE
! 153: # define getpass(str) getpassphrase(str)
! 154: #endif
! 155:
! 156: /*
! 157: * getpass_keytype() -- shared between ntpq and ntpdc, only vaguely
! 158: * related to the rest of ssl_init.c.
! 159: */
! 160: char *
! 161: getpass_keytype(
! 162: int keytype
! 163: )
! 164: {
! 165: char pass_prompt[64 + 11 + 1]; /* 11 for " Password: " */
! 166:
! 167: snprintf(pass_prompt, sizeof(pass_prompt),
! 168: "%.64s Password: ", keytype_name(keytype));
! 169:
! 170: return getpass(pass_prompt);
! 171: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>