![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ssl_init.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ntp / libntp|
Return to ssl_init.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ntp / libntp |
1.1 misho 1: /*
2: * ssl_init.c Common OpenSSL initialization code for the various
3: * programs which use it.
4: *
5: * Moved from ntpd/ntp_crypto.c crypto_setup()
6: */
7: #ifdef HAVE_CONFIG_H
8: #include <config.h>
9: #endif
10: #include <ctype.h>
11: #include <ntp.h>
12: #include <ntp_debug.h>
13: #include <lib_strbuf.h>
14:
15: #ifdef OPENSSL
16: #include "openssl/err.h"
17: #include "openssl/evp.h"
18:
19:
20: int ssl_init_done;
21:
22: void
23: ssl_init(void)
24: {
25: if (ssl_init_done)
26: return;
27:
28: ERR_load_crypto_strings();
29: OpenSSL_add_all_algorithms();
30:
31: ssl_init_done = 1;
32: }
33:
34:
35: void
36: ssl_check_version(void)
37: {
38: if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) {
39: msyslog(LOG_WARNING,
40: "OpenSSL version mismatch. Built against %lx, you have %lx",
41: OPENSSL_VERSION_NUMBER, SSLeay());
42: fprintf(stderr,
43: "OpenSSL version mismatch. Built against %lx, you have %lx\n",
44: OPENSSL_VERSION_NUMBER, SSLeay());
45: }
46:
47: INIT_SSL();
48: }
49: #endif /* OPENSSL */
50:
51:
52: /*
53: * keytype_from_text returns OpenSSL NID for digest by name, and
54: * optionally the associated digest length.
55: *
56: * Used by ntpd authreadkeys(), ntpq and ntpdc keytype()
57: */
58: int
59: keytype_from_text(
60: const char *text,
61: size_t *pdigest_len
62: )
63: {
64: const u_long max_digest_len = MAX_MAC_LEN - sizeof(keyid_t);
65: int key_type;
66: u_int digest_len;
67: #ifdef OPENSSL
68: u_char digest[EVP_MAX_MD_SIZE];
69: char * upcased;
70: char * pch;
71: EVP_MD_CTX ctx;
72:
73: /*
74: * OpenSSL digest short names are capitalized, so uppercase the
75: * digest name before passing to OBJ_sn2nid(). If it is not
76: * recognized but begins with 'M' use NID_md5 to be consistent
77: * with past behavior.
78: */
79: INIT_SSL();
80: LIB_GETBUF(upcased);
81: strncpy(upcased, text, LIB_BUFLENGTH);
82: for (pch = upcased; '\0' != *pch; pch++)
83: *pch = (char)toupper(*pch);
84: key_type = OBJ_sn2nid(upcased);
85: #else
86: key_type = 0;
87: #endif
88:
89: if (!key_type && 'm' == tolower(text[0]))
90: key_type = NID_md5;
91:
92: if (!key_type)
93: return 0;
94:
95: if (NULL != pdigest_len) {
96: #ifdef OPENSSL
97: EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type));
98: EVP_DigestFinal(&ctx, digest, &digest_len);
99: if (digest_len + sizeof(keyid_t) > MAX_MAC_LEN) {
100: fprintf(stderr,
101: "key type %s %u octet digests are too big, max %lu\n",
102: keytype_name(key_type), digest_len,
103: max_digest_len);
104: msyslog(LOG_ERR,
105: "key type %s %u octet digests are too big, max %lu\n",
106: keytype_name(key_type), digest_len,
107: max_digest_len);
108: return 0;
109: }
110: #else
111: digest_len = 16;
112: #endif
113: *pdigest_len = digest_len;
114: }
115:
116: return key_type;
117: }
118:
119:
120: /*
121: * keytype_name returns OpenSSL short name for digest by NID.
122: *
123: * Used by ntpq and ntpdc keytype()
124: */
125: const char *
126: keytype_name(
127: int nid
128: )
129: {
130: static const char unknown_type[] = "(unknown key type)";
131: const char *name;
132:
133: #ifdef OPENSSL
134: INIT_SSL();
135: name = OBJ_nid2sn(nid);
136: if (NULL == name)
137: name = unknown_type;
138: #else /* !OPENSSL follows */
139: if (NID_md5 == nid)
140: name = "MD5";
141: else
142: name = unknown_type;
143: #endif
144: return name;
145: }
146:
147:
148: /*
149: * Use getpassphrase() if configure.ac detected it, as Suns that
150: * have it truncate the password in getpass() to 8 characters.
151: */
152: #ifdef HAVE_GETPASSPHRASE
153: # define getpass(str) getpassphrase(str)
154: #endif
155:
156: /*
157: * getpass_keytype() -- shared between ntpq and ntpdc, only vaguely
158: * related to the rest of ssl_init.c.
159: */
160: char *
161: getpass_keytype(
162: int keytype
163: )
164: {
165: char pass_prompt[64 + 11 + 1]; /* 11 for " Password: " */
166:
167: snprintf(pass_prompt, sizeof(pass_prompt),
168: "%.64s Password: ", keytype_name(keytype));
169:
170: return getpass(pass_prompt);
171: }