diff options
Diffstat (limited to 'util')
-rw-r--r-- | util/Makefile.am | 45 | ||||
-rw-r--r-- | util/Makefile.in | 384 | ||||
-rw-r--r-- | util/hist.c | 2 | ||||
-rw-r--r-- | util/jitter.c | 2 | ||||
-rw-r--r-- | util/jitter.h | 45 | ||||
-rw-r--r-- | util/ntp-keygen-opts.c | 636 | ||||
-rw-r--r-- | util/ntp-keygen-opts.def | 99 | ||||
-rw-r--r-- | util/ntp-keygen-opts.h | 208 | ||||
-rw-r--r-- | util/ntp-keygen-opts.texi | 217 | ||||
-rw-r--r-- | util/ntp-keygen.1 | 72 | ||||
-rw-r--r-- | util/ntp-keygen.c | 1673 | ||||
-rw-r--r-- | util/ntptime.c | 7 | ||||
-rw-r--r-- | util/tickadj.c | 14 |
13 files changed, 1843 insertions, 1561 deletions
diff --git a/util/Makefile.am b/util/Makefile.am index f73121f52bbb..c5d5d66c4b0d 100644 --- a/util/Makefile.am +++ b/util/Makefile.am @@ -1,24 +1,37 @@ +NULL= #AUTOMAKE_OPTIONS = ../ansi2knr no-dependencies -AUTOMAKE_OPTIONS= ansi2knr +AUTOMAKE_OPTIONS= +if NTP_BINSUBDIR_IS_BIN bin_PROGRAMS= @MAKE_NTPTIME@ @MAKE_TICKADJ@ @MAKE_TIMETRIM@ \ ntp-keygen +else +sbin_PROGRAMS= @MAKE_NTPTIME@ @MAKE_TICKADJ@ @MAKE_TIMETRIM@ \ + ntp-keygen +endif + EXTRA_PROGRAMS= audio-pcm byteorder hist jitter kern longsize \ ntptime pps-api precision sht testrs6000 tg tickadj timetrim -AM_CPPFLAGS= -I$(top_srcdir)/include $(LIBOPTS_CFLAGS) +AM_CPPFLAGS= -I$(top_srcdir)/include -I$(top_srcdir)/lib/isc/include \ + -I$(top_srcdir)/lib/isc/nothreads/include \ + -I$(top_srcdir)/lib/isc/unix/include $(LIBOPTS_CFLAGS) + # LDADD might need RESLIB and ADJLIB LDADD= ../libntp/libntp.a ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h -ntp_keygen_LDADD= @LCRYPTO@ $(LIBOPTS_LDADD) ../libntp/libntp.a +ntp_keygen_LDADD= version.o $(LIBOPTS_LDADD) ../libntp/libntp.a @LCRYPTO@ ETAGS_ARGS= Makefile.am #EXTRA_DIST= README TAGS EXTRA_DIST= ntp-keygen-opts.def ntp-keygen.1 ntp-keygen-opts.texi ntp-keygen-opts.menu -BUILT_SOURCES= ntp-keygen-opts.c ntp-keygen-opts.h ntp-keygen.1 \ - ntp-keygen-opts.texi ntp-keygen-opts.menu -man_MANS= ntp-keygen.1 -run_ag= cd $(srcdir) && autogen -L ../include --writable +BUILT_SOURCES= ntp-keygen-opts.c ntp-keygen-opts.h +CLEANFILES= +DISTCLEANFILES= .version version.c +noinst_DATA= $(srcdir)/ntp-keygen-opts.texi $(srcdir)/ntp-keygen-opts.menu +man_MANS= $(srcdir)/ntp-keygen.1 +run_ag= cd $(srcdir) && env PATH="$(abs_builddir):$(PATH)" \ + autogen -L ../include --writable std_def_list= $(top_srcdir)/include/debug-opt.def \ $(top_srcdir)/include/autogen-version.def \ $(top_srcdir)/include/copyright.def \ @@ -26,14 +39,20 @@ std_def_list= $(top_srcdir)/include/debug-opt.def \ $(top_srcdir)/include/version.def $(srcdir)/ntp-keygen-opts.h: $(srcdir)/ntp-keygen-opts.c + @: do-nothing action to avoid default SCCS get, .h built with .c + $(srcdir)/ntp-keygen-opts.c: $(srcdir)/ntp-keygen-opts.def $(std_def_list) $(run_ag) ntp-keygen-opts.def $(srcdir)/ntp-keygen.1: $(srcdir)/ntp-keygen-opts.def $(std_def_list) $(run_ag) -Tagman1.tpl -bntp-keygen ntp-keygen-opts.def -$(srcdir)/ntp-keygen-opts.texi $(srcdir)/ntp-keygen-opts.menu: $(srcdir)/ntp-keygen-opts.def $(std_def_list) +$(srcdir)/ntp-keygen-opts.menu: $(srcdir)/ntp-keygen-opts.texi + @: do-nothing action to avoid default SCCS get, .menu built with .texi + +$(srcdir)/ntp-keygen-opts.texi: $(srcdir)/ntp-keygen-opts.def $(std_def_list) $(run_ag) -Taginfo.tpl -DLEVEL=section ntp-keygen-opts.def + $(top_srcdir)/scripts/check--help $@ jitter_SOURCES= jitter.c jitter.h @@ -44,3 +63,13 @@ jitter_LDADD= kern.o: kern.c $(COMPILE) -DHAVE_TIMEX_H -c kern.c + +$(top_srcdir)/version : + cd $(top_srcdir) && $(MAKE) version + +version.o: $(ntpq_OBJECTS) ../libntp/libntp.a Makefile $(top_srcdir)/version + env CSET=`cat $(top_srcdir)/version` $(top_builddir)/scripts/mkver ntp-keygen + $(COMPILE) -c version.c + +include $(top_srcdir)/bincheck.mf +include $(top_srcdir)/depsver.mf diff --git a/util/Makefile.in b/util/Makefile.in index 75830d0b29e8..84331ad825b2 100644 --- a/util/Makefile.in +++ b/util/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11 from Makefile.am. +# Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -15,6 +15,11 @@ @SET_MAKE@ +# we traditionally installed software in bindir, while it should have gone +# in sbindir. Now that we offer a choice, look in the "other" installation +# subdir to warn folks if there is another version there. + + VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ @@ -34,21 +39,31 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -ANSI2KNR = @ANSI2KNR@ -bin_PROGRAMS = @MAKE_NTPTIME@ @MAKE_TICKADJ@ @MAKE_TIMETRIM@ \ - ntp-keygen$(EXEEXT) +@NTP_BINSUBDIR_IS_BIN_TRUE@bin_PROGRAMS = @MAKE_NTPTIME@ \ +@NTP_BINSUBDIR_IS_BIN_TRUE@ @MAKE_TICKADJ@ @MAKE_TIMETRIM@ \ +@NTP_BINSUBDIR_IS_BIN_TRUE@ ntp-keygen$(EXEEXT) +@NTP_BINSUBDIR_IS_BIN_FALSE@sbin_PROGRAMS = @MAKE_NTPTIME@ \ +@NTP_BINSUBDIR_IS_BIN_FALSE@ @MAKE_TICKADJ@ @MAKE_TIMETRIM@ \ +@NTP_BINSUBDIR_IS_BIN_FALSE@ ntp-keygen$(EXEEXT) EXTRA_PROGRAMS = audio-pcm$(EXEEXT) byteorder$(EXEEXT) hist$(EXEEXT) \ jitter$(EXEEXT) kern$(EXEEXT) longsize$(EXEEXT) \ ntptime$(EXEEXT) pps-api$(EXEEXT) precision$(EXEEXT) \ sht$(EXEEXT) testrs6000$(EXEEXT) tg$(EXEEXT) tickadj$(EXEEXT) \ timetrim$(EXEEXT) -subdir = util DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - ansi2knr.1 ansi2knr.c + $(top_srcdir)/bincheck.mf $(top_srcdir)/depsver.mf ansi2knr.1 \ + ansi2knr.c +subdir = util ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/libopts/m4/libopts.m4 \ - $(top_srcdir)/m4/define_dir.m4 \ - $(top_srcdir)/m4/hs_ulong_const.m4 \ +am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ + $(top_srcdir)/m4/define_dir.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/ntp_cacheversion.m4 \ + $(top_srcdir)/m4/ntp_dir_sep.m4 \ + $(top_srcdir)/m4/ntp_lineeditlibs.m4 \ + $(top_srcdir)/m4/ntp_openssl.m4 \ + $(top_srcdir)/m4/ntp_vpathhack.m4 \ $(top_srcdir)/m4/os_cflags.m4 $(top_srcdir)/version.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ @@ -57,66 +72,67 @@ mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" -PROGRAMS = $(bin_PROGRAMS) +am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \ + "$(DESTDIR)$(man1dir)" +PROGRAMS = $(bin_PROGRAMS) $(sbin_PROGRAMS) audio_pcm_SOURCES = audio-pcm.c -audio_pcm_OBJECTS = audio-pcm$U.$(OBJEXT) +audio_pcm_OBJECTS = audio-pcm.$(OBJEXT) audio_pcm_LDADD = $(LDADD) audio_pcm_DEPENDENCIES = ../libntp/libntp.a byteorder_SOURCES = byteorder.c -byteorder_OBJECTS = byteorder$U.$(OBJEXT) +byteorder_OBJECTS = byteorder.$(OBJEXT) byteorder_LDADD = $(LDADD) byteorder_DEPENDENCIES = ../libntp/libntp.a hist_SOURCES = hist.c -hist_OBJECTS = hist$U.$(OBJEXT) +hist_OBJECTS = hist.$(OBJEXT) hist_LDADD = $(LDADD) hist_DEPENDENCIES = ../libntp/libntp.a -am_jitter_OBJECTS = jitter$U.$(OBJEXT) +am_jitter_OBJECTS = jitter.$(OBJEXT) jitter_OBJECTS = $(am_jitter_OBJECTS) jitter_DEPENDENCIES = kern_SOURCES = kern.c -kern_OBJECTS = kern$U.$(OBJEXT) +kern_OBJECTS = kern.$(OBJEXT) kern_LDADD = $(LDADD) kern_DEPENDENCIES = ../libntp/libntp.a longsize_SOURCES = longsize.c -longsize_OBJECTS = longsize$U.$(OBJEXT) +longsize_OBJECTS = longsize.$(OBJEXT) longsize_LDADD = $(LDADD) longsize_DEPENDENCIES = ../libntp/libntp.a -am_ntp_keygen_OBJECTS = ntp-keygen$U.$(OBJEXT) \ - ntp-keygen-opts$U.$(OBJEXT) +am_ntp_keygen_OBJECTS = ntp-keygen.$(OBJEXT) ntp-keygen-opts.$(OBJEXT) ntp_keygen_OBJECTS = $(am_ntp_keygen_OBJECTS) am__DEPENDENCIES_1 = -ntp_keygen_DEPENDENCIES = $(am__DEPENDENCIES_1) ../libntp/libntp.a +ntp_keygen_DEPENDENCIES = version.o $(am__DEPENDENCIES_1) \ + ../libntp/libntp.a ntptime_SOURCES = ntptime.c -ntptime_OBJECTS = ntptime$U.$(OBJEXT) +ntptime_OBJECTS = ntptime.$(OBJEXT) ntptime_LDADD = $(LDADD) ntptime_DEPENDENCIES = ../libntp/libntp.a pps_api_SOURCES = pps-api.c -pps_api_OBJECTS = pps-api$U.$(OBJEXT) +pps_api_OBJECTS = pps-api.$(OBJEXT) pps_api_LDADD = $(LDADD) pps_api_DEPENDENCIES = ../libntp/libntp.a precision_SOURCES = precision.c -precision_OBJECTS = precision$U.$(OBJEXT) +precision_OBJECTS = precision.$(OBJEXT) precision_LDADD = $(LDADD) precision_DEPENDENCIES = ../libntp/libntp.a sht_SOURCES = sht.c -sht_OBJECTS = sht$U.$(OBJEXT) +sht_OBJECTS = sht.$(OBJEXT) sht_LDADD = $(LDADD) sht_DEPENDENCIES = ../libntp/libntp.a testrs6000_SOURCES = testrs6000.c -testrs6000_OBJECTS = testrs6000$U.$(OBJEXT) +testrs6000_OBJECTS = testrs6000.$(OBJEXT) testrs6000_LDADD = $(LDADD) testrs6000_DEPENDENCIES = ../libntp/libntp.a tg_SOURCES = tg.c -tg_OBJECTS = tg$U.$(OBJEXT) +tg_OBJECTS = tg.$(OBJEXT) tg_LDADD = $(LDADD) tg_DEPENDENCIES = ../libntp/libntp.a tickadj_SOURCES = tickadj.c -tickadj_OBJECTS = tickadj$U.$(OBJEXT) +tickadj_OBJECTS = tickadj.$(OBJEXT) tickadj_LDADD = $(LDADD) tickadj_DEPENDENCIES = ../libntp/libntp.a timetrim_SOURCES = timetrim.c -timetrim_OBJECTS = timetrim$U.$(OBJEXT) +timetrim_OBJECTS = timetrim.$(OBJEXT) timetrim_LDADD = $(LDADD) timetrim_DEPENDENCIES = ../libntp/libntp.a DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) @@ -162,13 +178,13 @@ am__base_list = \ man1dir = $(mandir)/man1 NROFF = nroff MANS = $(man_MANS) +DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ -ARLIB_DIR = @ARLIB_DIR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -185,14 +201,18 @@ CYGPATH_W = @CYGPATH_W@ DCFD = @DCFD@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ -ECHO = @ECHO@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ +EDITLINE_LIBS = @EDITLINE_LIBS@ EF_LIBS = @EF_LIBS@ EF_PROGS = @EF_PROGS@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ +FGREP = @FGREP@ GREP = @GREP@ HAVE_INLINE = @HAVE_INLINE@ INSTALL = @INSTALL@ @@ -201,6 +221,7 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LCRYPTO = @LCRYPTO@ +LD = @LD@ LDFLAGS = @LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ @@ -209,6 +230,7 @@ LIBOPTS_LDADD = @LIBOPTS_LDADD@ LIBPARSE = @LIBPARSE@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ LN_S = @LN_S@ LSCF = @LSCF@ LTLIBOBJS = @LTLIBOBJS@ @@ -220,15 +242,22 @@ MAKE_LIBNTPSIM = @MAKE_LIBNTPSIM@ MAKE_LIBPARSE = @MAKE_LIBPARSE@ MAKE_LIBPARSE_KERNEL = @MAKE_LIBPARSE_KERNEL@ MAKE_NTPDSIM = @MAKE_NTPDSIM@ +MAKE_NTPSNMPD = @MAKE_NTPSNMPD@ MAKE_NTPTIME = @MAKE_NTPTIME@ MAKE_PARSEKMODULE = @MAKE_PARSEKMODULE@ MAKE_TICKADJ = @MAKE_TICKADJ@ MAKE_TIMETRIM = @MAKE_TIMETRIM@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL = @OPENSSL@ OPENSSL_INC = @OPENSSL_INC@ OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ @@ -236,23 +265,32 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ PATH_PERL = @PATH_PERL@ PATH_SEPARATOR = @PATH_SEPARATOR@ PATH_SH = @PATH_SH@ +PATH_TEST = @PATH_TEST@ +POSIX_SHELL = @POSIX_SHELL@ PROPDELAY = @PROPDELAY@ RANLIB = @RANLIB@ -READLINE_LIBS = @READLINE_LIBS@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ +SNMP_CFLAGS = @SNMP_CFLAGS@ +SNMP_CPPFLAGS = @SNMP_CPPFLAGS@ +SNMP_LIBS = @SNMP_LIBS@ STRIP = @STRIP@ TESTDCF = @TESTDCF@ -U = @U@ VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ @@ -299,22 +337,29 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ - +NULL = #AUTOMAKE_OPTIONS = ../ansi2knr no-dependencies -AUTOMAKE_OPTIONS = ansi2knr -AM_CPPFLAGS = -I$(top_srcdir)/include $(LIBOPTS_CFLAGS) +AUTOMAKE_OPTIONS = +AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/lib/isc/include \ + -I$(top_srcdir)/lib/isc/nothreads/include \ + -I$(top_srcdir)/lib/isc/unix/include $(LIBOPTS_CFLAGS) + + # LDADD might need RESLIB and ADJLIB LDADD = ../libntp/libntp.a ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h -ntp_keygen_LDADD = @LCRYPTO@ $(LIBOPTS_LDADD) ../libntp/libntp.a +ntp_keygen_LDADD = version.o $(LIBOPTS_LDADD) ../libntp/libntp.a @LCRYPTO@ ETAGS_ARGS = Makefile.am #EXTRA_DIST= README TAGS EXTRA_DIST = ntp-keygen-opts.def ntp-keygen.1 ntp-keygen-opts.texi ntp-keygen-opts.menu -BUILT_SOURCES = ntp-keygen-opts.c ntp-keygen-opts.h ntp-keygen.1 \ - ntp-keygen-opts.texi ntp-keygen-opts.menu +BUILT_SOURCES = ntp-keygen-opts.c ntp-keygen-opts.h .deps-ver +CLEANFILES = .deps-ver +DISTCLEANFILES = .version version.c +noinst_DATA = $(srcdir)/ntp-keygen-opts.texi $(srcdir)/ntp-keygen-opts.menu +man_MANS = $(srcdir)/ntp-keygen.1 +run_ag = cd $(srcdir) && env PATH="$(abs_builddir):$(PATH)" \ + autogen -L ../include --writable -man_MANS = ntp-keygen.1 -run_ag = cd $(srcdir) && autogen -L ../include --writable std_def_list = $(top_srcdir)/include/debug-opt.def \ $(top_srcdir)/include/autogen-version.def \ $(top_srcdir)/include/copyright.def \ @@ -328,7 +373,7 @@ all: $(BUILT_SOURCES) .SUFFIXES: .SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(top_srcdir)/bincheck.mf $(top_srcdir)/depsver.mf $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ @@ -401,6 +446,49 @@ clean-binPROGRAMS: list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list +install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-sbinPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files + +clean-sbinPROGRAMS: + @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list audio-pcm$(EXEEXT): $(audio_pcm_OBJECTS) $(audio_pcm_DEPENDENCIES) @rm -f audio-pcm$(EXEEXT) $(LINK) $(audio_pcm_OBJECTS) $(audio_pcm_LDADD) $(LIBS) @@ -452,32 +540,23 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -./ansi2knr: ansi2knr.$(OBJEXT) - $(LINK) ansi2knr.$(OBJEXT) $(LIBS) -ansi2knr.$(OBJEXT): $(CONFIG_HEADER) - -clean-krextra: - -rm -f ansi2knr - -mostlyclean-kr: - -test "$U" = "" || rm -f *_.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audio-pcm$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/byteorder$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hist$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitter$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kern$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/longsize$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntp-keygen$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntp-keygen-opts$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntptime$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pps-api$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/precision$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sht$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testrs6000$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tg$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tickadj$U.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/timetrim$U.Po@am__quote@ + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/audio-pcm.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/byteorder.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hist.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitter.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kern.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/longsize.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntp-keygen-opts.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntp-keygen.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntptime.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pps-api.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/precision.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sht.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testrs6000.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tg.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tickadj.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/timetrim.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -499,47 +578,6 @@ mostlyclean-kr: @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -audio-pcm_.c: audio-pcm.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/audio-pcm.c; then echo $(srcdir)/audio-pcm.c; else echo audio-pcm.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -byteorder_.c: byteorder.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/byteorder.c; then echo $(srcdir)/byteorder.c; else echo byteorder.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -hist_.c: hist.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/hist.c; then echo $(srcdir)/hist.c; else echo hist.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -jitter_.c: jitter.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/jitter.c; then echo $(srcdir)/jitter.c; else echo jitter.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -kern_.c: kern.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/kern.c; then echo $(srcdir)/kern.c; else echo kern.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -longsize_.c: longsize.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/longsize.c; then echo $(srcdir)/longsize.c; else echo longsize.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -ntp-keygen_.c: ntp-keygen.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/ntp-keygen.c; then echo $(srcdir)/ntp-keygen.c; else echo ntp-keygen.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -ntp-keygen-opts_.c: ntp-keygen-opts.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/ntp-keygen-opts.c; then echo $(srcdir)/ntp-keygen-opts.c; else echo ntp-keygen-opts.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -ntptime_.c: ntptime.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/ntptime.c; then echo $(srcdir)/ntptime.c; else echo ntptime.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -pps-api_.c: pps-api.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/pps-api.c; then echo $(srcdir)/pps-api.c; else echo pps-api.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -precision_.c: precision.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/precision.c; then echo $(srcdir)/precision.c; else echo precision.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -sht_.c: sht.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/sht.c; then echo $(srcdir)/sht.c; else echo sht.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -testrs6000_.c: testrs6000.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/testrs6000.c; then echo $(srcdir)/testrs6000.c; else echo testrs6000.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -tg_.c: tg.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/tg.c; then echo $(srcdir)/tg.c; else echo tg.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -tickadj_.c: tickadj.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/tickadj.c; then echo $(srcdir)/tickadj.c; else echo tickadj.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -timetrim_.c: timetrim.c $(ANSI2KNR) - $(CPP) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) `if test -f $(srcdir)/timetrim.c; then echo $(srcdir)/timetrim.c; else echo timetrim.c; fi` | sed 's/^# \([0-9]\)/#line \1/' | $(ANSI2KNR) > $@ || rm -f $@ -audio-pcm_.$(OBJEXT) audio-pcm_.lo byteorder_.$(OBJEXT) byteorder_.lo \ -hist_.$(OBJEXT) hist_.lo jitter_.$(OBJEXT) jitter_.lo kern_.$(OBJEXT) \ -kern_.lo longsize_.$(OBJEXT) longsize_.lo ntp-keygen_.$(OBJEXT) \ -ntp-keygen_.lo ntp-keygen-opts_.$(OBJEXT) ntp-keygen-opts_.lo \ -ntptime_.$(OBJEXT) ntptime_.lo pps-api_.$(OBJEXT) pps-api_.lo \ -precision_.$(OBJEXT) precision_.lo sht_.$(OBJEXT) sht_.lo \ -testrs6000_.$(OBJEXT) testrs6000_.lo tg_.$(OBJEXT) tg_.lo \ -tickadj_.$(OBJEXT) tickadj_.lo timetrim_.$(OBJEXT) timetrim_.lo : \ -$(ANSI2KNR) mostlyclean-libtool: -rm -f *.lo @@ -683,9 +721,9 @@ distdir: $(DISTFILES) check-am: all-am check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am -all-am: Makefile $(ANSI2KNR) $(PROGRAMS) $(MANS) +all-am: Makefile $(PROGRAMS) $(MANS) $(DATA) installdirs: - for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)"; do \ + for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man1dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: $(BUILT_SOURCES) @@ -706,10 +744,12 @@ install-strip: mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -717,8 +757,8 @@ maintainer-clean-generic: -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-am -clean-am: clean-binPROGRAMS clean-generic clean-krextra clean-libtool \ - mostlyclean-am +clean-am: clean-binPROGRAMS clean-generic clean-libtool \ + clean-sbinPROGRAMS mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -744,8 +784,9 @@ install-dvi: install-dvi-am install-dvi-am: -install-exec-am: install-binPROGRAMS - +install-exec-am: install-binPROGRAMS install-sbinPROGRAMS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook install-html: install-html-am install-html-am: @@ -773,7 +814,7 @@ maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am -mostlyclean-am: mostlyclean-compile mostlyclean-generic mostlyclean-kr \ +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am @@ -784,37 +825,45 @@ ps: ps-am ps-am: -uninstall-am: uninstall-binPROGRAMS uninstall-man +uninstall-am: uninstall-binPROGRAMS uninstall-man \ + uninstall-sbinPROGRAMS uninstall-man: uninstall-man1 -.MAKE: all check install install-am install-strip +.MAKE: all check install install-am install-exec-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \ - clean-generic clean-krextra clean-libtool ctags distclean \ + clean-generic clean-libtool clean-sbinPROGRAMS ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-binPROGRAMS install-data \ install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-man1 install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ + install-exec-am install-exec-hook install-html install-html-am \ + install-info install-info-am install-man install-man1 \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-sbinPROGRAMS install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-kr mostlyclean-libtool pdf \ - pdf-am ps ps-am tags uninstall uninstall-am \ - uninstall-binPROGRAMS uninstall-man uninstall-man1 + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-binPROGRAMS \ + uninstall-man uninstall-man1 uninstall-sbinPROGRAMS $(srcdir)/ntp-keygen-opts.h: $(srcdir)/ntp-keygen-opts.c + @: do-nothing action to avoid default SCCS get, .h built with .c + $(srcdir)/ntp-keygen-opts.c: $(srcdir)/ntp-keygen-opts.def $(std_def_list) $(run_ag) ntp-keygen-opts.def $(srcdir)/ntp-keygen.1: $(srcdir)/ntp-keygen-opts.def $(std_def_list) $(run_ag) -Tagman1.tpl -bntp-keygen ntp-keygen-opts.def -$(srcdir)/ntp-keygen-opts.texi $(srcdir)/ntp-keygen-opts.menu: $(srcdir)/ntp-keygen-opts.def $(std_def_list) +$(srcdir)/ntp-keygen-opts.menu: $(srcdir)/ntp-keygen-opts.texi + @: do-nothing action to avoid default SCCS get, .menu built with .texi + +$(srcdir)/ntp-keygen-opts.texi: $(srcdir)/ntp-keygen-opts.def $(std_def_list) $(run_ag) -Taginfo.tpl -DLEVEL=section ntp-keygen-opts.def + $(top_srcdir)/scripts/check--help $@ ../libntp/libntp.a: cd ../libntp && $(MAKE) @@ -822,6 +871,89 @@ $(srcdir)/ntp-keygen-opts.texi $(srcdir)/ntp-keygen-opts.menu: $(srcdir)/ntp-key kern.o: kern.c $(COMPILE) -DHAVE_TIMEX_H -c kern.c +$(top_srcdir)/version : + cd $(top_srcdir) && $(MAKE) version + +version.o: $(ntpq_OBJECTS) ../libntp/libntp.a Makefile $(top_srcdir)/version + env CSET=`cat $(top_srcdir)/version` $(top_builddir)/scripts/mkver ntp-keygen + $(COMPILE) -c version.c + +install-exec-hook: + @case ${BINSUBDIR} in \ + bin) ODIR=${sbindir} ;; \ + sbin) ODIR=${bindir} ;; \ + esac; \ + test -z "${bin_PROGRAMS}${bin_SCRIPTS}" \ + || for i in ${bin_PROGRAMS} ${bin_SCRIPTS} " "; do \ + test ! -f $$ODIR/$$i || echo "*** $$i is also in $$ODIR!"; \ + done + +# +$(DEPDIR)/deps-ver: $(top_srcdir)/deps-ver + @[ -f $@ ] || \ + cp $(top_srcdir)/deps-ver $@ + @[ -w $@ ] || \ + chmod ug+w $@ + @cmp $(top_srcdir)/deps-ver $@ > /dev/null || ( \ + $(MAKE) clean && \ + echo -n "Prior $(subdir)/$(DEPDIR) version " && \ + cat $@ && \ + rm -rf $(DEPDIR) && \ + mkdir $(DEPDIR) && \ + case "$(top_builddir)" in \ + .) \ + ./config.status Makefile depfiles \ + ;; \ + ..) \ + cd .. && \ + ./config.status $(subdir)/Makefile depfiles && \ + cd $(subdir) \ + ;; \ + *) \ + echo 'Fatal: depsver.mf Automake fragment limited' \ + 'to immediate subdirectories.' && \ + echo "top_builddir: $(top_builddir)" && \ + echo "subdir: $(subdir)" && \ + exit 1 \ + ;; \ + esac && \ + echo -n "Cleaned $(subdir)/$(DEPDIR) version " && \ + cat $(top_srcdir)/deps-ver \ + ) + cp $(top_srcdir)/deps-ver $@ + +.deps-ver: $(top_srcdir)/deps-ver + @[ ! -d $(DEPDIR) ] || $(MAKE) $(DEPDIR)/deps-ver + @touch $@ + +# +# depsver.mf included in Makefile.am for directories with .deps +# +# When building in the same directory with sources that change over +# time, such as when tracking using bk, the .deps files can become +# stale with respect to moved, deleted, or superceded headers. Most +# commonly, this would exhibit as make reporting a failure to make a +# header file which is no longer in the location given. To address +# this issue, we use a deps-ver file which is updated with each change +# that breaks old .deps files. A copy of deps-ver is made into +# $(DEPDIR) if not already present. If $(DEPDIR)/deps-ver is present +# with different contents than deps-ver, we make clean to ensure all +# .o files built before the incompatible change are rebuilt along with +# their updated .deps files, then remove $(DEPDIR) and recreate it as +# empty stubs. +# +# It is normal when configured with --disable-dependency-tracking for +# the DEPDIR to not have been created. For this reason, we use the +# intermediate target .deps-ver, which invokes make recursively if +# DEPDIR exists. +# +# If you modify depsver.mf, please make the changes to the master +# copy, the one in sntp is copied by the bootstrap script from it. +# +# This comment block follows rather than leads the related code so that +# it stays with it in the generated Makefile.in and Makefile. +# + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/util/hist.c b/util/hist.c index 9453b6c0dca4..244f595fe7ce 100644 --- a/util/hist.c +++ b/util/hist.c @@ -20,7 +20,7 @@ #define NSRT 20000 /* size of overflow histogram */ #define NCNT (600 * 1000000) /* sample interval (us) */ -int col P((long *, long *)); +int col (long *, long *); int main( diff --git a/util/jitter.c b/util/jitter.c index dda26551ec9a..20c63ad7d01a 100644 --- a/util/jitter.c +++ b/util/jitter.c @@ -16,7 +16,7 @@ #include <stdlib.h> #include "jitter.h" -#define NBUF 80002 +#define NBUF 800002 #define FRAC 4294967296. /* a bbbbillion */ #define JAN_1970 2208988800UL /* Unix base epoch */ #define CLOCK_GETTIME /* Solaris hires clock */ diff --git a/util/jitter.h b/util/jitter.h index d0fba44b4bb3..8c774b090988 100644 --- a/util/jitter.h +++ b/util/jitter.h @@ -7,17 +7,6 @@ #define SIZEOF_INT 4 /* - * Set up for prototyping - */ -#ifndef P -#if defined(__STDC__) || defined(HAVE_PROTOTYPES) -#define P(x) x -#else /* not __STDC__ and not HAVE_PROTOTYPES */ -#define P(x) () -#endif /* not __STDC__ and HAVE_PROTOTYPES */ -#endif /* P */ - -/* * VMS DECC (v4.1), {u_char,u_short,u_long} are only in SOCKET.H, * and u_int isn't defined anywhere */ @@ -382,25 +371,25 @@ typedef u_int32 u_fp; * Prototypes */ #if 0 -extern char * dofptoa P((u_fp, int, short, int)); -extern char * dolfptoa P((u_long, u_long, int, short, int)); +extern char * dofptoa (u_fp, int, short, int); +extern char * dolfptoa (u_long, u_long, int, short, int); #endif -extern int atolfp P((const char *, l_fp *)); -extern int buftvtots P((const char *, l_fp *)); -extern char * fptoa P((s_fp, short)); -extern char * fptoms P((s_fp, short)); -extern int hextolfp P((const char *, l_fp *)); -extern void gpstolfp P((int, int, unsigned long, l_fp *)); -extern int mstolfp P((const char *, l_fp *)); -extern char * prettydate P((l_fp *)); -extern char * gmprettydate P((l_fp *)); -extern char * uglydate P((l_fp *)); -extern void mfp_mul P((int32 *, u_int32 *, int32, u_int32, int32, u_int32)); - -extern void get_systime P((l_fp *)); -extern int step_systime P((double)); -extern int adj_systime P((double)); +extern int atolfp (const char *, l_fp *); +extern int buftvtots (const char *, l_fp *); +extern char * fptoa (s_fp, short); +extern char * fptoms (s_fp, short); +extern int hextolfp (const char *, l_fp *); +extern void gpstolfp (int, int, unsigned long, l_fp *); +extern int mstolfp (const char *, l_fp *); +extern char * prettydate (l_fp *); +extern char * gmprettydate (l_fp *); +extern char * uglydate (l_fp *); +extern void mfp_mul (int32 *, u_int32 *, int32, u_int32, int32, u_int32); + +extern void get_systime (l_fp *); +extern int step_systime (double); +extern int adj_systime (double); #define lfptoa(_fpv, _ndec) mfptoa((_fpv)->l_ui, (_fpv)->l_uf, (_ndec)) #define lfptoms(_fpv, _ndec) mfptoms((_fpv)->l_ui, (_fpv)->l_uf, (_ndec)) diff --git a/util/ntp-keygen-opts.c b/util/ntp-keygen-opts.c index cb242c07ae14..c60210bae116 100644 --- a/util/ntp-keygen-opts.c +++ b/util/ntp-keygen-opts.c @@ -1,44 +1,48 @@ /* * EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.c) * - * It has been AutoGen-ed Tuesday December 8, 2009 at 08:14:56 AM EST + * It has been AutoGen-ed December 24, 2011 at 06:34:40 PM by AutoGen 5.12 * From the definitions ntp-keygen-opts.def * and the template file options * - * Generated from AutoOpts 29:0:4 templates. - */ - -/* - * This file was produced by an AutoOpts template. AutoOpts is a - * copyrighted work. This source file is not encumbered by AutoOpts - * licensing, but is provided under the licensing terms chosen by the - * ntp-keygen author or copyright holder. AutoOpts is licensed under - * the terms of the LGPL. The redistributable library (``libopts'') is - * licensed under the terms of either the LGPL or, at the users discretion, - * the BSD license. See the AutoOpts and/or libopts sources for details. + * Generated from AutoOpts 35:0:10 templates. * - * This source file is copyrighted and licensed under the following terms: + * AutoOpts is a copyrighted work. This source file is not encumbered + * by AutoOpts licensing, but is provided under the licensing terms chosen + * by the ntp-keygen author or copyright holder. AutoOpts is + * licensed under the terms of the LGPL. The redistributable library + * (``libopts'') is licensed under the terms of either the LGPL or, at the + * users discretion, the BSD license. See the AutoOpts and/or libopts sources + * for details. * - * ntp-keygen copyright 1970-2009 David L. Mills and/or others - all rights reserved + * This source file is copyrighted and licensed under the following terms: * - * see html/copyright.html + * see html/copyright.html + * */ +#include <sys/types.h> #include <limits.h> #include <stdio.h> +#include <stdlib.h> +#include <errno.h> #define OPTION_CODE_COMPILE 1 #include "ntp-keygen-opts.h" #ifdef __cplusplus extern "C" { #endif -tSCC zCopyright[] = - "ntp-keygen copyright (c) 1970-2009 David L. Mills and/or others, all rights reserved"; -tSCC zCopyrightNotice[] = - -/* extracted from ../include/copyright.def near line 8 */ -"see html/copyright.html"; +extern FILE * option_usage_fp; + +/* TRANSLATORS: choose the translation for option names wisely because you + cannot ever change your mind. */ +static char const zCopyright[50] = +"ntp-keygen (ntp) 4.2.6p5\n\ +see html/copyright.html\n"; +static char const zLicenseDescrip[25] = +"see html/copyright.html\n"; + extern tUsageProc optionUsage; /* @@ -54,83 +58,58 @@ extern tUsageProc optionUsage; #ifndef NULL # define NULL 0 #endif -#ifndef EXIT_SUCCESS -# define EXIT_SUCCESS 0 -#endif -#ifndef EXIT_FAILURE -# define EXIT_FAILURE 1 -#endif + /* * Certificate option description: */ #ifdef OPENSSL -tSCC zCertificateText[] = +static char const zCertificateText[] = "certificate scheme"; -tSCC zCertificate_NAME[] = "CERTIFICATE"; -tSCC zCertificate_Name[] = "certificate"; +static char const zCertificate_NAME[] = "CERTIFICATE"; +static char const zCertificate_Name[] = "certificate"; #define CERTIFICATE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) #else /* disable Certificate */ -#define VALUE_OPT_CERTIFICATE NO_EQUIVALENT #define CERTIFICATE_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zCertificateText NULL #define zCertificate_NAME NULL +#define zCertificateText NULL #define zCertificate_Name NULL #endif /* OPENSSL */ /* * Debug_Level option description: */ -#ifdef DEBUG -tSCC zDebug_LevelText[] = +static char const zDebug_LevelText[] = "Increase output debug message level"; -tSCC zDebug_Level_NAME[] = "DEBUG_LEVEL"; -tSCC zDebug_Level_Name[] = "debug-level"; +static char const zDebug_Level_NAME[] = "DEBUG_LEVEL"; +static char const zDebug_Level_Name[] = "debug-level"; #define DEBUG_LEVEL_FLAGS (OPTST_DISABLED) -#else /* disable Debug_Level */ -#define VALUE_OPT_DEBUG_LEVEL NO_EQUIVALENT -#define DEBUG_LEVEL_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zDebug_LevelText NULL -#define zDebug_Level_NAME NULL -#define zDebug_Level_Name NULL -#endif /* DEBUG */ - /* * Set_Debug_Level option description: */ -#ifdef DEBUG -tSCC zSet_Debug_LevelText[] = +static char const zSet_Debug_LevelText[] = "Set the output debug message level"; -tSCC zSet_Debug_Level_NAME[] = "SET_DEBUG_LEVEL"; -tSCC zSet_Debug_Level_Name[] = "set-debug-level"; +static char const zSet_Debug_Level_NAME[] = "SET_DEBUG_LEVEL"; +static char const zSet_Debug_Level_Name[] = "set-debug-level"; #define SET_DEBUG_LEVEL_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) -#else /* disable Set_Debug_Level */ -#define VALUE_OPT_SET_DEBUG_LEVEL NO_EQUIVALENT -#define SET_DEBUG_LEVEL_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zSet_Debug_LevelText NULL -#define zSet_Debug_Level_NAME NULL -#define zSet_Debug_Level_Name NULL -#endif /* DEBUG */ - /* * Id_Key option description: */ #ifdef OPENSSL -tSCC zId_KeyText[] = - "Write identity keys"; -tSCC zId_Key_NAME[] = "ID_KEY"; -tSCC zId_Key_Name[] = "id-key"; +static char const zId_KeyText[] = + "Write IFF or GQ identity keys"; +static char const zId_Key_NAME[] = "ID_KEY"; +static char const zId_Key_Name[] = "id-key"; #define ID_KEY_FLAGS (OPTST_DISABLED) #else /* disable Id_Key */ -#define VALUE_OPT_ID_KEY NO_EQUIVALENT #define ID_KEY_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zId_KeyText NULL #define zId_Key_NAME NULL +#define zId_KeyText NULL #define zId_Key_Name NULL #endif /* OPENSSL */ @@ -138,53 +117,33 @@ tSCC zId_Key_Name[] = "id-key"; * Gq_Params option description: */ #ifdef OPENSSL -tSCC zGq_ParamsText[] = +static char const zGq_ParamsText[] = "Generate GQ parameters and keys"; -tSCC zGq_Params_NAME[] = "GQ_PARAMS"; -tSCC zGq_Params_Name[] = "gq-params"; +static char const zGq_Params_NAME[] = "GQ_PARAMS"; +static char const zGq_Params_Name[] = "gq-params"; #define GQ_PARAMS_FLAGS (OPTST_DISABLED) #else /* disable Gq_Params */ -#define VALUE_OPT_GQ_PARAMS NO_EQUIVALENT #define GQ_PARAMS_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zGq_ParamsText NULL #define zGq_Params_NAME NULL +#define zGq_ParamsText NULL #define zGq_Params_Name NULL #endif /* OPENSSL */ /* - * Gq_Keys option description: - */ -#ifdef OPENSSL -tSCC zGq_KeysText[] = - "update GQ keys"; -tSCC zGq_Keys_NAME[] = "GQ_KEYS"; -tSCC zGq_Keys_Name[] = "gq-keys"; -#define GQ_KEYS_FLAGS (OPTST_DISABLED) - -#else /* disable Gq_Keys */ -#define VALUE_OPT_GQ_KEYS NO_EQUIVALENT -#define GQ_KEYS_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zGq_KeysText NULL -#define zGq_Keys_NAME NULL -#define zGq_Keys_Name NULL -#endif /* OPENSSL */ - -/* * Host_Key option description: */ #ifdef OPENSSL -tSCC zHost_KeyText[] = +static char const zHost_KeyText[] = "generate RSA host key"; -tSCC zHost_Key_NAME[] = "HOST_KEY"; -tSCC zHost_Key_Name[] = "host-key"; +static char const zHost_Key_NAME[] = "HOST_KEY"; +static char const zHost_Key_Name[] = "host-key"; #define HOST_KEY_FLAGS (OPTST_DISABLED) #else /* disable Host_Key */ -#define VALUE_OPT_HOST_KEY NO_EQUIVALENT #define HOST_KEY_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zHost_KeyText NULL #define zHost_Key_NAME NULL +#define zHost_KeyText NULL #define zHost_Key_Name NULL #endif /* OPENSSL */ @@ -192,17 +151,16 @@ tSCC zHost_Key_Name[] = "host-key"; * Iffkey option description: */ #ifdef OPENSSL -tSCC zIffkeyText[] = +static char const zIffkeyText[] = "generate IFF parameters"; -tSCC zIffkey_NAME[] = "IFFKEY"; -tSCC zIffkey_Name[] = "iffkey"; +static char const zIffkey_NAME[] = "IFFKEY"; +static char const zIffkey_Name[] = "iffkey"; #define IFFKEY_FLAGS (OPTST_DISABLED) #else /* disable Iffkey */ -#define VALUE_OPT_IFFKEY NO_EQUIVALENT #define IFFKEY_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zIffkeyText NULL #define zIffkey_NAME NULL +#define zIffkeyText NULL #define zIffkey_Name NULL #endif /* OPENSSL */ @@ -210,45 +168,44 @@ tSCC zIffkey_Name[] = "iffkey"; * Issuer_Name option description: */ #ifdef OPENSSL -tSCC zIssuer_NameText[] = +static char const zIssuer_NameText[] = "set issuer name"; -tSCC zIssuer_Name_NAME[] = "ISSUER_NAME"; -tSCC zIssuer_Name_Name[] = "issuer-name"; -#define ISSUER_NAME_FLAGS (OPTST_DISABLED) +static char const zIssuer_Name_NAME[] = "ISSUER_NAME"; +static char const zIssuer_Name_Name[] = "issuer-name"; +#define ISSUER_NAME_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) #else /* disable Issuer_Name */ -#define VALUE_OPT_ISSUER_NAME NO_EQUIVALENT #define ISSUER_NAME_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zIssuer_NameText NULL #define zIssuer_Name_NAME NULL +#define zIssuer_NameText NULL #define zIssuer_Name_Name NULL #endif /* OPENSSL */ /* * Md5key option description: */ -tSCC zMd5keyText[] = +static char const zMd5keyText[] = "generate MD5 keys"; -tSCC zMd5key_NAME[] = "MD5KEY"; -tSCC zMd5key_Name[] = "md5key"; +static char const zMd5key_NAME[] = "MD5KEY"; +static char const zMd5key_Name[] = "md5key"; #define MD5KEY_FLAGS (OPTST_DISABLED) /* * Modulus option description: */ #ifdef OPENSSL -tSCC zModulusText[] = +static char const zModulusText[] = "modulus"; -tSCC zModulus_NAME[] = "MODULUS"; -tSCC zModulus_Name[] = "modulus"; +static char const zModulus_NAME[] = "MODULUS"; +static char const zModulus_Name[] = "modulus"; #define MODULUS_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) #else /* disable Modulus */ -#define VALUE_OPT_MODULUS NO_EQUIVALENT #define MODULUS_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zModulusText NULL #define zModulus_NAME NULL +#define zModulusText NULL #define zModulus_Name NULL #endif /* OPENSSL */ @@ -256,17 +213,16 @@ tSCC zModulus_Name[] = "modulus"; * Pvt_Cert option description: */ #ifdef OPENSSL -tSCC zPvt_CertText[] = +static char const zPvt_CertText[] = "generate PC private certificate"; -tSCC zPvt_Cert_NAME[] = "PVT_CERT"; -tSCC zPvt_Cert_Name[] = "pvt-cert"; +static char const zPvt_Cert_NAME[] = "PVT_CERT"; +static char const zPvt_Cert_Name[] = "pvt-cert"; #define PVT_CERT_FLAGS (OPTST_DISABLED) #else /* disable Pvt_Cert */ -#define VALUE_OPT_PVT_CERT NO_EQUIVALENT #define PVT_CERT_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zPvt_CertText NULL #define zPvt_Cert_NAME NULL +#define zPvt_CertText NULL #define zPvt_Cert_Name NULL #endif /* OPENSSL */ @@ -274,18 +230,17 @@ tSCC zPvt_Cert_Name[] = "pvt-cert"; * Pvt_Passwd option description: */ #ifdef OPENSSL -tSCC zPvt_PasswdText[] = +static char const zPvt_PasswdText[] = "output private password"; -tSCC zPvt_Passwd_NAME[] = "PVT_PASSWD"; -tSCC zPvt_Passwd_Name[] = "pvt-passwd"; +static char const zPvt_Passwd_NAME[] = "PVT_PASSWD"; +static char const zPvt_Passwd_Name[] = "pvt-passwd"; #define PVT_PASSWD_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) #else /* disable Pvt_Passwd */ -#define VALUE_OPT_PVT_PASSWD NO_EQUIVALENT #define PVT_PASSWD_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zPvt_PasswdText NULL #define zPvt_Passwd_NAME NULL +#define zPvt_PasswdText NULL #define zPvt_Passwd_Name NULL #endif /* OPENSSL */ @@ -293,18 +248,17 @@ tSCC zPvt_Passwd_Name[] = "pvt-passwd"; * Get_Pvt_Passwd option description: */ #ifdef OPENSSL -tSCC zGet_Pvt_PasswdText[] = +static char const zGet_Pvt_PasswdText[] = "input private password"; -tSCC zGet_Pvt_Passwd_NAME[] = "GET_PVT_PASSWD"; -tSCC zGet_Pvt_Passwd_Name[] = "get-pvt-passwd"; +static char const zGet_Pvt_Passwd_NAME[] = "GET_PVT_PASSWD"; +static char const zGet_Pvt_Passwd_Name[] = "get-pvt-passwd"; #define GET_PVT_PASSWD_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) #else /* disable Get_Pvt_Passwd */ -#define VALUE_OPT_GET_PVT_PASSWD NO_EQUIVALENT #define GET_PVT_PASSWD_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zGet_Pvt_PasswdText NULL #define zGet_Pvt_Passwd_NAME NULL +#define zGet_Pvt_PasswdText NULL #define zGet_Pvt_Passwd_Name NULL #endif /* OPENSSL */ @@ -312,18 +266,17 @@ tSCC zGet_Pvt_Passwd_Name[] = "get-pvt-passwd"; * Sign_Key option description: */ #ifdef OPENSSL -tSCC zSign_KeyText[] = +static char const zSign_KeyText[] = "generate sign key (RSA or DSA)"; -tSCC zSign_Key_NAME[] = "SIGN_KEY"; -tSCC zSign_Key_Name[] = "sign-key"; +static char const zSign_Key_NAME[] = "SIGN_KEY"; +static char const zSign_Key_Name[] = "sign-key"; #define SIGN_KEY_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) #else /* disable Sign_Key */ -#define VALUE_OPT_SIGN_KEY NO_EQUIVALENT #define SIGN_KEY_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zSign_KeyText NULL #define zSign_Key_NAME NULL +#define zSign_KeyText NULL #define zSign_Key_Name NULL #endif /* OPENSSL */ @@ -331,18 +284,17 @@ tSCC zSign_Key_Name[] = "sign-key"; * Subject_Name option description: */ #ifdef OPENSSL -tSCC zSubject_NameText[] = +static char const zSubject_NameText[] = "set subject name"; -tSCC zSubject_Name_NAME[] = "SUBJECT_NAME"; -tSCC zSubject_Name_Name[] = "subject-name"; +static char const zSubject_Name_NAME[] = "SUBJECT_NAME"; +static char const zSubject_Name_Name[] = "subject-name"; #define SUBJECT_NAME_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) #else /* disable Subject_Name */ -#define VALUE_OPT_SUBJECT_NAME NO_EQUIVALENT #define SUBJECT_NAME_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zSubject_NameText NULL #define zSubject_Name_NAME NULL +#define zSubject_NameText NULL #define zSubject_Name_Name NULL #endif /* OPENSSL */ @@ -350,17 +302,16 @@ tSCC zSubject_Name_Name[] = "subject-name"; * Trusted_Cert option description: */ #ifdef OPENSSL -tSCC zTrusted_CertText[] = +static char const zTrusted_CertText[] = "trusted certificate (TC scheme)"; -tSCC zTrusted_Cert_NAME[] = "TRUSTED_CERT"; -tSCC zTrusted_Cert_Name[] = "trusted-cert"; +static char const zTrusted_Cert_NAME[] = "TRUSTED_CERT"; +static char const zTrusted_Cert_Name[] = "trusted-cert"; #define TRUSTED_CERT_FLAGS (OPTST_DISABLED) #else /* disable Trusted_Cert */ -#define VALUE_OPT_TRUSTED_CERT NO_EQUIVALENT #define TRUSTED_CERT_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zTrusted_CertText NULL #define zTrusted_Cert_NAME NULL +#define zTrusted_CertText NULL #define zTrusted_Cert_Name NULL #endif /* OPENSSL */ @@ -368,18 +319,17 @@ tSCC zTrusted_Cert_Name[] = "trusted-cert"; * Mv_Params option description: */ #ifdef OPENSSL -tSCC zMv_ParamsText[] = +static char const zMv_ParamsText[] = "generate <num> MV parameters"; -tSCC zMv_Params_NAME[] = "MV_PARAMS"; -tSCC zMv_Params_Name[] = "mv-params"; +static char const zMv_Params_NAME[] = "MV_PARAMS"; +static char const zMv_Params_Name[] = "mv-params"; #define MV_PARAMS_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) #else /* disable Mv_Params */ -#define VALUE_OPT_MV_PARAMS NO_EQUIVALENT #define MV_PARAMS_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zMv_ParamsText NULL #define zMv_Params_NAME NULL +#define zMv_ParamsText NULL #define zMv_Params_Name NULL #endif /* OPENSSL */ @@ -387,77 +337,65 @@ tSCC zMv_Params_Name[] = "mv-params"; * Mv_Keys option description: */ #ifdef OPENSSL -tSCC zMv_KeysText[] = +static char const zMv_KeysText[] = "update <num> MV keys"; -tSCC zMv_Keys_NAME[] = "MV_KEYS"; -tSCC zMv_Keys_Name[] = "mv-keys"; +static char const zMv_Keys_NAME[] = "MV_KEYS"; +static char const zMv_Keys_Name[] = "mv-keys"; #define MV_KEYS_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) #else /* disable Mv_Keys */ -#define VALUE_OPT_MV_KEYS NO_EQUIVALENT #define MV_KEYS_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) -#define zMv_KeysText NULL #define zMv_Keys_NAME NULL +#define zMv_KeysText NULL #define zMv_Keys_Name NULL #endif /* OPENSSL */ /* * Help/More_Help/Version option descriptions: */ -tSCC zHelpText[] = "Display usage information and exit"; -tSCC zHelp_Name[] = "help"; - -tSCC zMore_HelpText[] = "Extended usage information passed thru pager"; -tSCC zMore_Help_Name[] = "more-help"; - -tSCC zVersionText[] = "Output version information and exit"; -tSCC zVersion_Name[] = "version"; - -/* - * Save/Load_Opts option description: - */ -tSCC zSave_OptsText[] = "Save the option state to a config file"; -tSCC zSave_Opts_Name[] = "save-opts"; - -tSCC zLoad_OptsText[] = "Load options from a config file"; -tSCC zLoad_Opts_NAME[] = "LOAD_OPTS"; +static char const zHelpText[] = "Display extended usage information and exit"; +static char const zHelp_Name[] = "help"; +#ifdef HAVE_WORKING_FORK +#define OPTST_MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT) +static char const zMore_Help_Name[] = "more-help"; +static char const zMore_HelpText[] = "Extended usage information passed thru pager"; +#else +#define OPTST_MORE_HELP_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) +#define zMore_Help_Name NULL +#define zMore_HelpText NULL +#endif +#ifdef NO_OPTIONAL_OPT_ARGS +# define OPTST_VERSION_FLAGS OPTST_IMM | OPTST_NO_INIT +#else +# define OPTST_VERSION_FLAGS OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \ + OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT +#endif -tSCC zNotLoad_Opts_Name[] = "no-load-opts"; -tSCC zNotLoad_Opts_Pfx[] = "no"; +static char const zVersionText[] = "Output version information and exit"; +static char const zVersion_Name[] = "version"; +static char const zSave_OptsText[] = "Save the option state to a config file"; +static char const zSave_Opts_Name[] = "save-opts"; +static char const zLoad_OptsText[] = "Load options from a config file"; +static char const zLoad_Opts_NAME[] = "LOAD_OPTS"; +static char const zNotLoad_Opts_Name[] = "no-load-opts"; +static char const zNotLoad_Opts_Pfx[] = "no"; #define zLoad_Opts_Name (zNotLoad_Opts_Name + 3) /* * Declare option callback procedures */ -#ifdef DEBUG - static tOptProc doOptSet_Debug_Level; -#else /* not DEBUG */ -# define doOptSet_Debug_Level NULL -#endif /* def/not DEBUG */ #ifdef OPENSSL static tOptProc doOptModulus; #else /* not OPENSSL */ # define doOptModulus NULL #endif /* def/not OPENSSL */ -#ifdef OPENSSL - extern tOptProc optionNumericVal; -#else /* not OPENSSL */ -# define optionNumericVal NULL -#endif /* def/not OPENSSL */ -#ifdef OPENSSL - extern tOptProc optionNumericVal; -#else /* not OPENSSL */ -# define optionNumericVal NULL -#endif /* def/not OPENSSL */ #if defined(TEST_NTP_KEYGEN_OPTS) /* * Under test, omit argument processing, or call optionStackArg, * if multiple copies are allowed. */ -extern tOptProc - optionNumericVal, optionPagedUsage, optionVersionStderr; static tOptProc - doOptModulus, doUsageOpt; + doUsageOpt; /* * #define map the "normal" callout procs to the test ones... @@ -470,9 +408,12 @@ static tOptProc * When not under test, there are different procs to use */ extern tOptProc - optionPagedUsage, optionPrintVersion; + optionBooleanVal, optionNestedVal, optionNumericVal, + optionPagedUsage, optionPrintVersion, optionResetOpt, + optionStackArg, optionTimeDate, optionTimeVal, + optionUnstackArg, optionVersionStderr; static tOptProc - doUsageOpt; + doOptSet_Debug_Level, doUsageOpt; /* * #define map the "normal" callout procs @@ -491,7 +432,7 @@ static tOptProc * * Define the Ntp_Keygen Option Descriptions. */ -static tOptDesc optDesc[ OPTION_CT ] = { +static tOptDesc optDesc[OPTION_CT] = { { /* entry idx, value */ 0, VALUE_OPT_CERTIFICATE, /* equiv idx, value */ 0, VALUE_OPT_CERTIFICATE, /* equivalenced to */ NO_EQUIVALENT, @@ -552,20 +493,8 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zGq_ParamsText, zGq_Params_NAME, zGq_Params_Name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 5, VALUE_OPT_GQ_KEYS, - /* equiv idx, value */ 5, VALUE_OPT_GQ_KEYS, - /* equivalenced to */ NO_EQUIVALENT, - /* min, max, act ct */ 0, 1, 0, - /* opt state flags */ GQ_KEYS_FLAGS, 0, - /* last opt argumnt */ { NULL }, - /* arg list/cookie */ NULL, - /* must/cannot opts */ NULL, NULL, - /* option proc */ NULL, - /* desc, NAME, name */ zGq_KeysText, zGq_Keys_NAME, zGq_Keys_Name, - /* disablement strs */ NULL, NULL }, - - { /* entry idx, value */ 6, VALUE_OPT_HOST_KEY, - /* equiv idx, value */ 6, VALUE_OPT_HOST_KEY, + { /* entry idx, value */ 5, VALUE_OPT_HOST_KEY, + /* equiv idx, value */ 5, VALUE_OPT_HOST_KEY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ HOST_KEY_FLAGS, 0, @@ -576,8 +505,8 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zHost_KeyText, zHost_Key_NAME, zHost_Key_Name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 7, VALUE_OPT_IFFKEY, - /* equiv idx, value */ 7, VALUE_OPT_IFFKEY, + { /* entry idx, value */ 6, VALUE_OPT_IFFKEY, + /* equiv idx, value */ 6, VALUE_OPT_IFFKEY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ IFFKEY_FLAGS, 0, @@ -588,8 +517,8 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zIffkeyText, zIffkey_NAME, zIffkey_Name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 8, VALUE_OPT_ISSUER_NAME, - /* equiv idx, value */ 8, VALUE_OPT_ISSUER_NAME, + { /* entry idx, value */ 7, VALUE_OPT_ISSUER_NAME, + /* equiv idx, value */ 7, VALUE_OPT_ISSUER_NAME, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ ISSUER_NAME_FLAGS, 0, @@ -600,8 +529,8 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zIssuer_NameText, zIssuer_Name_NAME, zIssuer_Name_Name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 9, VALUE_OPT_MD5KEY, - /* equiv idx, value */ 9, VALUE_OPT_MD5KEY, + { /* entry idx, value */ 8, VALUE_OPT_MD5KEY, + /* equiv idx, value */ 8, VALUE_OPT_MD5KEY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ MD5KEY_FLAGS, 0, @@ -612,8 +541,8 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zMd5keyText, zMd5key_NAME, zMd5key_Name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 10, VALUE_OPT_MODULUS, - /* equiv idx, value */ 10, VALUE_OPT_MODULUS, + { /* entry idx, value */ 9, VALUE_OPT_MODULUS, + /* equiv idx, value */ 9, VALUE_OPT_MODULUS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ MODULUS_FLAGS, 0, @@ -624,8 +553,8 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zModulusText, zModulus_NAME, zModulus_Name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 11, VALUE_OPT_PVT_CERT, - /* equiv idx, value */ 11, VALUE_OPT_PVT_CERT, + { /* entry idx, value */ 10, VALUE_OPT_PVT_CERT, + /* equiv idx, value */ 10, VALUE_OPT_PVT_CERT, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PVT_CERT_FLAGS, 0, @@ -636,8 +565,8 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zPvt_CertText, zPvt_Cert_NAME, zPvt_Cert_Name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 12, VALUE_OPT_PVT_PASSWD, - /* equiv idx, value */ 12, VALUE_OPT_PVT_PASSWD, + { /* entry idx, value */ 11, VALUE_OPT_PVT_PASSWD, + /* equiv idx, value */ 11, VALUE_OPT_PVT_PASSWD, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PVT_PASSWD_FLAGS, 0, @@ -648,8 +577,8 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zPvt_PasswdText, zPvt_Passwd_NAME, zPvt_Passwd_Name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 13, VALUE_OPT_GET_PVT_PASSWD, - /* equiv idx, value */ 13, VALUE_OPT_GET_PVT_PASSWD, + { /* entry idx, value */ 12, VALUE_OPT_GET_PVT_PASSWD, + /* equiv idx, value */ 12, VALUE_OPT_GET_PVT_PASSWD, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ GET_PVT_PASSWD_FLAGS, 0, @@ -660,8 +589,8 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zGet_Pvt_PasswdText, zGet_Pvt_Passwd_NAME, zGet_Pvt_Passwd_Name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 14, VALUE_OPT_SIGN_KEY, - /* equiv idx, value */ 14, VALUE_OPT_SIGN_KEY, + { /* entry idx, value */ 13, VALUE_OPT_SIGN_KEY, + /* equiv idx, value */ 13, VALUE_OPT_SIGN_KEY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SIGN_KEY_FLAGS, 0, @@ -672,8 +601,8 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zSign_KeyText, zSign_Key_NAME, zSign_Key_Name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 15, VALUE_OPT_SUBJECT_NAME, - /* equiv idx, value */ 15, VALUE_OPT_SUBJECT_NAME, + { /* entry idx, value */ 14, VALUE_OPT_SUBJECT_NAME, + /* equiv idx, value */ 14, VALUE_OPT_SUBJECT_NAME, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SUBJECT_NAME_FLAGS, 0, @@ -684,8 +613,8 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zSubject_NameText, zSubject_Name_NAME, zSubject_Name_Name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 16, VALUE_OPT_TRUSTED_CERT, - /* equiv idx, value */ 16, VALUE_OPT_TRUSTED_CERT, + { /* entry idx, value */ 15, VALUE_OPT_TRUSTED_CERT, + /* equiv idx, value */ 15, VALUE_OPT_TRUSTED_CERT, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ TRUSTED_CERT_FLAGS, 0, @@ -696,8 +625,8 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zTrusted_CertText, zTrusted_Cert_NAME, zTrusted_Cert_Name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 17, VALUE_OPT_MV_PARAMS, - /* equiv idx, value */ 17, VALUE_OPT_MV_PARAMS, + { /* entry idx, value */ 16, VALUE_OPT_MV_PARAMS, + /* equiv idx, value */ 16, VALUE_OPT_MV_PARAMS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ MV_PARAMS_FLAGS, 0, @@ -708,8 +637,8 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zMv_ParamsText, zMv_Params_NAME, zMv_Params_Name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 18, VALUE_OPT_MV_KEYS, - /* equiv idx, value */ 18, VALUE_OPT_MV_KEYS, + { /* entry idx, value */ 17, VALUE_OPT_MV_KEYS, + /* equiv idx, value */ 17, VALUE_OPT_MV_KEYS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ MV_KEYS_FLAGS, 0, @@ -720,18 +649,11 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zMv_KeysText, zMv_Keys_NAME, zMv_Keys_Name, /* disablement strs */ NULL, NULL }, -#ifdef NO_OPTIONAL_OPT_ARGS -# define VERSION_OPT_FLAGS OPTST_IMM | OPTST_NO_INIT -#else -# define VERSION_OPT_FLAGS OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \ - OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT -#endif - { /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION, /* equiv idx value */ NO_EQUIVALENT, 0, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, - /* opt state flags */ VERSION_OPT_FLAGS, 0, + /* opt state flags */ OPTST_VERSION_FLAGS, 0, /* last opt argumnt */ { NULL }, /* arg list/cookie */ NULL, /* must/cannot opts */ NULL, NULL, @@ -739,7 +661,6 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* desc, NAME, name */ zVersionText, NULL, zVersion_Name, /* disablement strs */ NULL, NULL }, -#undef VERSION_OPT_FLAGS { /* entry idx, value */ INDEX_OPT_HELP, VALUE_OPT_HELP, @@ -758,7 +679,7 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* equiv idx value */ NO_EQUIVALENT, 0, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, - /* opt state flags */ OPTST_IMM | OPTST_NO_INIT, 0, + /* opt state flags */ OPTST_MORE_HELP_FLAGS, 0, /* last opt argumnt */ { NULL }, /* arg list/cookie */ NULL, /* must/cannot opts */ NULL, NULL, @@ -783,7 +704,7 @@ static tOptDesc optDesc[ OPTION_CT ] = { /* equiv idx value */ NO_EQUIVALENT, 0, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, NOLIMIT, 0, - /* opt state flags */ OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) \ + /* opt state flags */ OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | OPTST_DISABLE_IMM, 0, /* last opt argumnt */ { NULL }, /* arg list/cookie */ NULL, @@ -797,23 +718,23 @@ static tOptDesc optDesc[ OPTION_CT ] = { * * Define the Ntp_Keygen Option Environment */ -tSCC zPROGNAME[] = "NTP_KEYGEN"; -tSCC zUsageTitle[] = -"ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.4p8\n\ +static char const zPROGNAME[11] = "NTP_KEYGEN"; +static char const zUsageTitle[114] = +"ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.6p5\n\ USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n"; -tSCC zRcName[] = ".ntprc"; -tSCC* apzHomeList[] = { - "$HOME", - ".", - NULL }; +static char const zRcName[7] = ".ntprc"; +static char const * const apzHomeList[3] = { + "$HOME", + ".", + NULL }; -tSCC zBugsAddr[] = "http://bugs.ntp.org, bugs@ntp.org"; +static char const zBugsAddr[34] = "http://bugs.ntp.org, bugs@ntp.org"; #define zExplain NULL -tSCC zDetail[] = "\n\ -If there is no new host key, look for an existing one.\n\ -If one is not found, create it.\n"; -tSCC zFullVersion[] = NTP_KEYGEN_FULL_VERSION; -/* extracted from /usr/local/gnu/autogen-5.9.1/share/autogen/optcode.tpl near line 408 */ +static char const zDetail[99] = "\n\ +If there is no new host key, look for an existing one. If one is not\n\ +found, create it.\n"; +static char const zFullVersion[] = NTP_KEYGEN_FULL_VERSION; +/* extracted from optcode.tlib near line 515 */ #if defined(ENABLE_NLS) # define OPTPROC_BASE OPTPROC_TRANSLATE @@ -823,6 +744,29 @@ tSCC zFullVersion[] = NTP_KEYGEN_FULL_VERSION; # define translate_option_strings NULL #endif /* ENABLE_NLS */ + +#define ntp_keygen_full_usage NULL +#define ntp_keygen_short_usage NULL +#ifndef PKGDATADIR +# define PKGDATADIR "" +#endif + +#ifndef WITH_PACKAGER +# define ntp_keygen_packager_info NULL +#else +static char const ntp_keygen_packager_info[] = + "Packaged by " WITH_PACKAGER + +# ifdef WITH_PACKAGER_VERSION + " ("WITH_PACKAGER_VERSION")" +# endif + +# ifdef WITH_PACKAGER_BUG_REPORTS + "\nReport ntp_keygen bugs to " WITH_PACKAGER_BUG_REPORTS +# endif + "\n"; +#endif + tOptions ntp_keygenOptions = { OPTIONS_STRUCT_VERSION, 0, NULL, /* original argc + argv */ @@ -833,127 +777,107 @@ tOptions ntp_keygenOptions = { + OPTPROC_NO_REQ_OPT + OPTPROC_ENVIRON + OPTPROC_NO_ARGS - + OPTPROC_HAS_IMMED ), + + OPTPROC_MISUSE ), 0, NULL, /* current option index, current option */ NULL, NULL, zPROGNAME, - zRcName, zCopyright, zCopyrightNotice, + zRcName, zCopyright, zLicenseDescrip, zFullVersion, apzHomeList, zUsageTitle, zExplain, zDetail, optDesc, zBugsAddr, /* address to send bugs to */ NULL, NULL, /* extensions/saved state */ - optionUsage, /* usage procedure */ + optionUsage, /* usage procedure */ translate_option_strings, /* translation procedure */ /* * Indexes to special options */ - { INDEX_OPT_MORE_HELP, - INDEX_OPT_SAVE_OPTS, - NO_EQUIVALENT /* index of '-#' option */, + { INDEX_OPT_MORE_HELP, /* more-help option index */ + INDEX_OPT_SAVE_OPTS, /* save option index */ + NO_EQUIVALENT, /* '-#' option index */ NO_EQUIVALENT /* index of default opt */ }, - 24 /* full option count */, 19 /* user option count */ + 23 /* full option count */, 18 /* user option count */, + ntp_keygen_full_usage, ntp_keygen_short_usage, + NULL, NULL, + PKGDATADIR, ntp_keygen_packager_info }; /* * Create the static procedure(s) declared above. */ static void -doUsageOpt( - tOptions* pOptions, - tOptDesc* pOptDesc ) +doUsageOpt(tOptions * pOptions, tOptDesc * pOptDesc) { - USAGE( EXIT_SUCCESS ); + (void)pOptions; + USAGE(NTP_KEYGEN_EXIT_SUCCESS); } #if ! defined(TEST_NTP_KEYGEN_OPTS) -/* * * * * * * +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * - * For the set-debug-level option, when DEBUG is #define-d. + * For the set-debug-level option. */ -#ifdef DEBUG static void -doOptSet_Debug_Level( - tOptions* pOptions, - tOptDesc* pOptDesc ) +doOptSet_Debug_Level(tOptions* pOptions, tOptDesc* pOptDesc) { - /* extracted from ../include/debug-opt.def, line 29 */ + /* extracted from debug-opt.def, line 27 */ DESC(DEBUG_LEVEL).optOccCt = atoi( pOptDesc->pzLastArg ); } -#endif /* defined DEBUG */ - #endif /* defined(TEST_NTP_KEYGEN_OPTS) */ -/* * * * * * * +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * For the modulus option, when OPENSSL is #define-d. */ #ifdef OPENSSL static void -doOptModulus( - tOptions* pOptions, - tOptDesc* pOptDesc ) +doOptModulus(tOptions* pOptions, tOptDesc* pOptDesc) { - static const struct {const int rmin, rmax;} rng[ 1 ] = { + static const struct {long const rmin, rmax;} rng[1] = { { 256, 2048 } }; - int val; - int ix; - char const* pzIndent = "\t\t\t\t "; - extern FILE* option_usage_fp; + int ix; - if (pOptDesc == NULL) /* usage is requesting range list - option_usage_fp has already been set */ + if (pOptions <= OPTPROC_EMIT_LIMIT) goto emit_ranges; + optionNumericVal(pOptions, pOptDesc); - val = atoi( pOptDesc->optArg.argString ); for (ix = 0; ix < 1; ix++) { - if (val < rng[ix].rmin) + if (pOptDesc->optArg.argInt < rng[ix].rmin) continue; /* ranges need not be ordered. */ - if (val == rng[ix].rmin) - goto valid_return; - if (rng[ix].rmax == INT_MIN) + if (pOptDesc->optArg.argInt == rng[ix].rmin) + return; + if (rng[ix].rmax == LONG_MIN) continue; - if (val <= rng[ix].rmax) - goto valid_return; + if (pOptDesc->optArg.argInt <= rng[ix].rmax) + return; } option_usage_fp = stderr; - fprintf(stderr, _("%s error: %s option value ``%s''is out of range.\n"), - pOptions->pzProgName, pOptDesc->pz_Name, pOptDesc->optArg.argString); - pzIndent = "\t"; - - emit_ranges: - fprintf( option_usage_fp, _("%sit must lie in the range: %d to %d\n"), - pzIndent, rng[0].rmin, rng[0].rmax ); - if (pOptDesc == NULL) - return; - - USAGE( EXIT_FAILURE ); - /* NOTREACHED */ - return; - - valid_return: - pOptDesc->optArg.argInt = val; + +emit_ranges: + + optionShowRange(pOptions, pOptDesc, (void *)rng, 1); } #endif /* defined OPENSSL */ - -/* extracted from /usr/local/gnu/autogen-5.9.1/share/autogen/optmain.tpl near line 92 */ +/* extracted from optmain.tlib near line 128 */ #if defined(TEST_NTP_KEYGEN_OPTS) /* TEST MAIN PROCEDURE: */ +extern void optionPutShell(tOptions*); + int -main( int argc, char** argv ) +main(int argc, char ** argv) { - int res = EXIT_SUCCESS; - (void)optionProcess( &ntp_keygenOptions, argc, argv ); - { - void optionPutShell( tOptions* ); - optionPutShell( &ntp_keygenOptions ); - } + int res = NTP_KEYGEN_EXIT_SUCCESS; + (void)optionProcess(&ntp_keygenOptions, argc, argv); + optionPutShell(&ntp_keygenOptions); + res = ferror(stdout); + if (res != 0) + fputs("output error writing to stdout\n", stderr); return res; } #endif /* defined TEST_NTP_KEYGEN_OPTS */ -/* extracted from /usr/local/gnu/autogen-5.9.1/share/autogen/optcode.tpl near line 514 */ +/* extracted from optcode.tlib near line 666 */ #if ENABLE_NLS #include <stdio.h> @@ -962,11 +886,11 @@ main( int argc, char** argv ) #include <unistd.h> #include <autoopts/usage-txt.h> -static char* AO_gettext( char const* pz ); +static char* AO_gettext(char const* pz); static void coerce_it(void** s); static char* -AO_gettext( char const* pz ) +AO_gettext(char const* pz) { char* pzRes; if (pz == NULL) @@ -974,66 +898,68 @@ AO_gettext( char const* pz ) pzRes = _(pz); if (pzRes == pz) return pzRes; - pzRes = strdup( pzRes ); + pzRes = strdup(pzRes); if (pzRes == NULL) { - fputs( _("No memory for duping translated strings\n"), stderr ); - exit( EXIT_FAILURE ); + fputs(_("No memory for duping translated strings\n"), stderr); + exit(NTP_KEYGEN_EXIT_FAILURE); } return pzRes; } -static void coerce_it(void** s) { *s = AO_gettext(*s); } -#define COERSION(_f) \ - coerce_it((void*)&(ntp_keygenOptions._f)) +static void coerce_it(void** s) { *s = AO_gettext(*s); +} /* * This invokes the translation code (e.g. gettext(3)). */ static void -translate_option_strings( void ) +translate_option_strings(void) { + tOptions * const pOpt = &ntp_keygenOptions; + /* * Guard against re-translation. It won't work. The strings will have * been changed by the first pass through this code. One shot only. */ - if (option_usage_text.field_ct == 0) - return; - /* - * Do the translations. The first pointer follows the field count field. - * The field count field is the size of a pointer. - */ - { - char** ppz = (char**)(void*)&(option_usage_text); - int ix = option_usage_text.field_ct; + if (option_usage_text.field_ct != 0) { + /* + * Do the translations. The first pointer follows the field count + * field. The field count field is the size of a pointer. + */ + tOptDesc * pOD = pOpt->pOptDesc; + char ** ppz = (char**)(void*)&(option_usage_text); + int ix = option_usage_text.field_ct; do { ppz++; *ppz = AO_gettext(*ppz); } while (--ix > 0); + + coerce_it((void*)&(pOpt->pzCopyright)); + coerce_it((void*)&(pOpt->pzCopyNotice)); + coerce_it((void*)&(pOpt->pzFullVersion)); + coerce_it((void*)&(pOpt->pzUsageTitle)); + coerce_it((void*)&(pOpt->pzExplain)); + coerce_it((void*)&(pOpt->pzDetail)); + coerce_it((void*)&(pOpt->pzPackager)); + option_usage_text.field_ct = 0; + + for (ix = pOpt->optCt; ix > 0; ix--, pOD++) + coerce_it((void*)&(pOD->pzText)); } - option_usage_text.field_ct = 0; - - { - tOptDesc* pOD = ntp_keygenOptions.pOptDesc; - int ix = ntp_keygenOptions.optCt; - - for (;;) { - pOD->pzText = AO_gettext(pOD->pzText); - pOD->pz_NAME = AO_gettext(pOD->pz_NAME); - pOD->pz_Name = AO_gettext(pOD->pz_Name); - pOD->pz_DisableName = AO_gettext(pOD->pz_DisableName); - pOD->pz_DisablePfx = AO_gettext(pOD->pz_DisablePfx); - if (--ix <= 0) - break; - pOD++; + + if ((pOpt->fOptSet & OPTPROC_NXLAT_OPT_CFG) == 0) { + tOptDesc * pOD = pOpt->pOptDesc; + int ix; + + for (ix = pOpt->optCt; ix > 0; ix--, pOD++) { + coerce_it((void*)&(pOD->pz_Name)); + coerce_it((void*)&(pOD->pz_DisableName)); + coerce_it((void*)&(pOD->pz_DisablePfx)); } + /* prevent re-translation */ + ntp_keygenOptions.fOptSet |= OPTPROC_NXLAT_OPT_CFG | OPTPROC_NXLAT_OPT; } - COERSION(pzCopyright); - COERSION(pzCopyNotice); - COERSION(pzFullVersion); - COERSION(pzUsageTitle); - COERSION(pzExplain); - COERSION(pzDetail); } #endif /* ENABLE_NLS */ diff --git a/util/ntp-keygen-opts.def b/util/ntp-keygen-opts.def index 1e5d988c2967..61cf2721e587 100644 --- a/util/ntp-keygen-opts.def +++ b/util/ntp-keygen-opts.def @@ -16,191 +16,198 @@ include = '#include <stdlib.h>'; #include version.def flag = { - name = certificate; value = c; + name = certificate; arg-type = string; arg-name = scheme; ifdef = OPENSSL; descrip = "certificate scheme"; doc = <<- _EndOfDoc_ - Just some descriptive text. + scheme is one of + RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, RSA-RIPEMD160, + DSA-SHA, or DSA-SHA1. + + Select the certificate message digest/signature encryption scheme. + Note that RSA schemes must be used with a RSA sign key and DSA + schemes must be used with a DSA sign key. The default without + this option is RSA-MD5. _EndOfDoc_; }; #include debug-opt.def flag = { - name = id-key; value = e; + name = id-key; ifdef = OPENSSL; - descrip = "Write identity keys"; + descrip = "Write IFF or GQ identity keys"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Write the IFF or GQ client keys to the standard output. This is + intended for automatic key distribution by mail. _EndOfDoc_; }; flag = { - name = gq-params; value = G; + name = gq-params; ifdef = OPENSSL; descrip = "Generate GQ parameters and keys"; doc = <<- _EndOfDoc_ - Just some descriptive text. - _EndOfDoc_; -}; - -flag = { - name = gq-keys; - value = g; - ifdef = OPENSSL; - descrip = "update GQ keys"; - doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate parameters and keys for the GQ identification scheme, + obsoleting any that may exist. _EndOfDoc_; }; flag = { - name = host-key; value = H; + name = host-key; ifdef = OPENSSL; descrip = "generate RSA host key"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate new host keys, obsoleting any that may exist. _EndOfDoc_; }; flag = { - name = iffkey; value = I; + name = iffkey; ifdef = OPENSSL; descrip = "generate IFF parameters"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate parameters for the IFF identification scheme, obsoleting + any that may exist. _EndOfDoc_; }; flag = { - name = issuer-name; value = i; + name = issuer-name; ifdef = OPENSSL; + arg-type = string; + arg-name = issuer-name; descrip = "set issuer name"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Set the suject name to name. This is used as the subject field + in certificates and in the file name for host and sign keys. _EndOfDoc_; }; flag = { - name = md5key; value = M; + name = md5key; descrip = "generate MD5 keys"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate MD5 keys, obsoleting any that may exist. _EndOfDoc_; }; flag = { - name = modulus; value = m; + name = modulus; arg-type = number; arg-name = modulus; arg-range = '256->2048'; ifdef = OPENSSL; descrip = "modulus"; doc = <<- _EndOfDoc_ - Just some descriptive text. + The number of bits in the prime modulus. The default is 512. _EndOfDoc_; }; flag = { - name = pvt-cert; value = P; + name = pvt-cert; ifdef = OPENSSL; descrip = "generate PC private certificate"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate a private certificate. By default, the program generates + public certificates. _EndOfDoc_; }; flag = { - name = pvt-passwd; value = p; + name = pvt-passwd; ifdef = OPENSSL; arg-type = string; arg-name = passwd; descrip = "output private password"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Encrypt generated files containing private data with the specified + password and the DES-CBC algorithm. _EndOfDoc_; }; flag = { - name = get-pvt-passwd; value = q; + name = get-pvt-passwd; ifdef = OPENSSL; arg-type = string; arg-name = passwd; descrip = "input private password"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Set the password for reading files to the specified password. _EndOfDoc_; }; flag = { - name = sign-key; value = S; + name = sign-key; arg-type = string; arg-name = sign; ifdef = OPENSSL; descrip = "generate sign key (RSA or DSA)"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate a new sign key of the designated type, obsoleting any + that may exist. By default, the program uses the host key as the + sign key. _EndOfDoc_; }; flag = { - name = subject-name; value = s; + name = subject-name; arg-type = string; arg-name = host; ifdef = OPENSSL; descrip = "set subject name"; doc = <<- _EndOfDoc_ - Just some descriptive text. - _EndOfDoc_; + Set the issuer name to name. This is used for the issuer field + in certificates and in the file name for identity files. + _EndOfDoc_; }; flag = { - name = trusted-cert; value = T; + name = trusted-cert; ifdef = OPENSSL; descrip = "trusted certificate (TC scheme)"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate a trusted certificate. By default, the program generates + a non-trusted certificate. _EndOfDoc_; }; flag = { - name = mv-params; value = V; + name = mv-params; arg-type = number; arg-name = num; ifdef = OPENSSL; descrip = "generate <num> MV parameters"; doc = <<- _EndOfDoc_ - Just some descriptive text. + Generate parameters and keys for the Mu-Varadharajan (MV) + identification scheme. _EndOfDoc_; }; flag = { - name = mv-keys; value = v; + name = mv-keys; arg-type = number; arg-name = num; ifdef = OPENSSL; descrip = "update <num> MV keys"; - doc = <<- _EndOfDoc_ - Just some descriptive text. - _EndOfDoc_; }; detail = <<- _EODetail_ diff --git a/util/ntp-keygen-opts.h b/util/ntp-keygen-opts.h index e34a0a7e0366..4ee5f220f476 100644 --- a/util/ntp-keygen-opts.h +++ b/util/ntp-keygen-opts.h @@ -1,27 +1,24 @@ /* * EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.h) * - * It has been AutoGen-ed Tuesday December 8, 2009 at 08:14:55 AM EST + * It has been AutoGen-ed December 24, 2011 at 06:34:40 PM by AutoGen 5.12 * From the definitions ntp-keygen-opts.def * and the template file options * - * Generated from AutoOpts 29:0:4 templates. - */ - -/* - * This file was produced by an AutoOpts template. AutoOpts is a - * copyrighted work. This header file is not encumbered by AutoOpts - * licensing, but is provided under the licensing terms chosen by the - * ntp-keygen author or copyright holder. AutoOpts is licensed under - * the terms of the LGPL. The redistributable library (``libopts'') is - * licensed under the terms of either the LGPL or, at the users discretion, - * the BSD license. See the AutoOpts and/or libopts sources for details. + * Generated from AutoOpts 35:0:10 templates. * - * This source file is copyrighted and licensed under the following terms: + * AutoOpts is a copyrighted work. This header file is not encumbered + * by AutoOpts licensing, but is provided under the licensing terms chosen + * by the ntp-keygen author or copyright holder. AutoOpts is + * licensed under the terms of the LGPL. The redistributable library + * (``libopts'') is licensed under the terms of either the LGPL or, at the + * users discretion, the BSD license. See the AutoOpts and/or libopts sources + * for details. * - * ntp-keygen copyright 1970-2009 David L. Mills and/or others - all rights reserved + * This source file is copyrighted and licensed under the following terms: * - * see html/copyright.html + * see html/copyright.html + * */ /* * This file contains the programmatic interface to the Automated @@ -30,7 +27,7 @@ * "AutoOpts" chapter. Please refer to that doc for usage help. */ #ifndef AUTOOPTS_NTP_KEYGEN_OPTS_H_GUARD -#define AUTOOPTS_NTP_KEYGEN_OPTS_H_GUARD +#define AUTOOPTS_NTP_KEYGEN_OPTS_H_GUARD 1 #include "config.h" #include <autoopts/options.h> @@ -41,7 +38,7 @@ * tolerable version is at least as old as what was current when the header * template was released. */ -#define AO_TEMPLATE_VERSION 118784 +#define AO_TEMPLATE_VERSION 143360 #if (AO_TEMPLATE_VERSION < OPTIONS_MINIMUM_VERSION) \ || (AO_TEMPLATE_VERSION > OPTIONS_STRUCT_VERSION) # error option template version mismatches autoopts/options.h header @@ -52,40 +49,39 @@ * Enumeration of each option: */ typedef enum { - INDEX_OPT_CERTIFICATE = 0, - INDEX_OPT_DEBUG_LEVEL = 1, - INDEX_OPT_SET_DEBUG_LEVEL = 2, - INDEX_OPT_ID_KEY = 3, - INDEX_OPT_GQ_PARAMS = 4, - INDEX_OPT_GQ_KEYS = 5, - INDEX_OPT_HOST_KEY = 6, - INDEX_OPT_IFFKEY = 7, - INDEX_OPT_ISSUER_NAME = 8, - INDEX_OPT_MD5KEY = 9, - INDEX_OPT_MODULUS = 10, - INDEX_OPT_PVT_CERT = 11, - INDEX_OPT_PVT_PASSWD = 12, - INDEX_OPT_GET_PVT_PASSWD = 13, - INDEX_OPT_SIGN_KEY = 14, - INDEX_OPT_SUBJECT_NAME = 15, - INDEX_OPT_TRUSTED_CERT = 16, - INDEX_OPT_MV_PARAMS = 17, - INDEX_OPT_MV_KEYS = 18, - INDEX_OPT_VERSION = 19, - INDEX_OPT_HELP = 20, - INDEX_OPT_MORE_HELP = 21, - INDEX_OPT_SAVE_OPTS = 22, - INDEX_OPT_LOAD_OPTS = 23 + INDEX_OPT_CERTIFICATE = 0, + INDEX_OPT_DEBUG_LEVEL = 1, + INDEX_OPT_SET_DEBUG_LEVEL = 2, + INDEX_OPT_ID_KEY = 3, + INDEX_OPT_GQ_PARAMS = 4, + INDEX_OPT_HOST_KEY = 5, + INDEX_OPT_IFFKEY = 6, + INDEX_OPT_ISSUER_NAME = 7, + INDEX_OPT_MD5KEY = 8, + INDEX_OPT_MODULUS = 9, + INDEX_OPT_PVT_CERT = 10, + INDEX_OPT_PVT_PASSWD = 11, + INDEX_OPT_GET_PVT_PASSWD = 12, + INDEX_OPT_SIGN_KEY = 13, + INDEX_OPT_SUBJECT_NAME = 14, + INDEX_OPT_TRUSTED_CERT = 15, + INDEX_OPT_MV_PARAMS = 16, + INDEX_OPT_MV_KEYS = 17, + INDEX_OPT_VERSION = 18, + INDEX_OPT_HELP = 19, + INDEX_OPT_MORE_HELP = 20, + INDEX_OPT_SAVE_OPTS = 21, + INDEX_OPT_LOAD_OPTS = 22 } teOptIndex; -#define OPTION_CT 24 -#define NTP_KEYGEN_VERSION "4.2.4p8" -#define NTP_KEYGEN_FULL_VERSION "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.4p8" +#define OPTION_CT 23 +#define NTP_KEYGEN_VERSION "4.2.6p5" +#define NTP_KEYGEN_FULL_VERSION "ntp-keygen (ntp) 4.2.6p5" /* * Interface defines for all options. Replace "n" with the UPPER_CASED * option name (as in the teOptIndex enumeration above). - * e.g. HAVE_OPT( CERTIFICATE ) + * e.g. HAVE_OPT(CERTIFICATE) */ #define DESC(n) (ntp_keygenOptions.pOptDesc[INDEX_OPT_## n]) #define HAVE_OPT(n) (! UNUSED_OPT(& DESC(n))) @@ -99,10 +95,18 @@ typedef enum { #define STACKLST_OPT(n) (((tArgList*)(DESC(n).optCookie))->apzArgs) #define CLEAR_OPT(n) STMTS( \ DESC(n).fOptState &= OPTST_PERSISTENT_MASK; \ - if ( (DESC(n).fOptState & OPTST_INITENABLED) == 0) \ + if ((DESC(n).fOptState & OPTST_INITENABLED) == 0) \ DESC(n).fOptState |= OPTST_DISABLED; \ DESC(n).optCookie = NULL ) +/* * * * * * + * + * Enumeration of ntp-keygen exit codes + */ +typedef enum { + NTP_KEYGEN_EXIT_SUCCESS = 0, + NTP_KEYGEN_EXIT_FAILURE = 1 +} ntp_keygen_exit_code_t; /* * Make sure there are no #define name conflicts with the option names */ @@ -127,10 +131,6 @@ typedef enum { # warning undefining GQ_PARAMS due to option name conflict # undef GQ_PARAMS # endif -# ifdef GQ_KEYS -# warning undefining GQ_KEYS due to option name conflict -# undef GQ_KEYS -# endif # ifdef HOST_KEY # warning undefining HOST_KEY due to option name conflict # undef HOST_KEY @@ -189,7 +189,6 @@ typedef enum { # undef SET_DEBUG_LEVEL # undef ID_KEY # undef GQ_PARAMS -# undef GQ_KEYS # undef HOST_KEY # undef IFFKEY # undef ISSUER_NAME @@ -205,71 +204,43 @@ typedef enum { # undef MV_KEYS #endif /* NO_OPTION_NAME_WARNINGS */ -/* +/* * * * * * + * * Interface defines for specific options. */ -#ifdef OPENSSL #define VALUE_OPT_CERTIFICATE 'c' -#endif /* OPENSSL */ -#ifdef DEBUG #define VALUE_OPT_DEBUG_LEVEL 'd' -#endif /* DEBUG */ -#ifdef DEBUG #define VALUE_OPT_SET_DEBUG_LEVEL 'D' -#endif /* DEBUG */ -#ifdef OPENSSL #define VALUE_OPT_ID_KEY 'e' -#endif /* OPENSSL */ -#ifdef OPENSSL #define VALUE_OPT_GQ_PARAMS 'G' -#endif /* OPENSSL */ -#ifdef OPENSSL -#define VALUE_OPT_GQ_KEYS 'g' -#endif /* OPENSSL */ -#ifdef OPENSSL #define VALUE_OPT_HOST_KEY 'H' -#endif /* OPENSSL */ -#ifdef OPENSSL #define VALUE_OPT_IFFKEY 'I' -#endif /* OPENSSL */ -#ifdef OPENSSL #define VALUE_OPT_ISSUER_NAME 'i' -#endif /* OPENSSL */ #define VALUE_OPT_MD5KEY 'M' -#ifdef OPENSSL #define VALUE_OPT_MODULUS 'm' +#ifdef OPENSSL + #define OPT_VALUE_MODULUS (DESC(MODULUS).optArg.argInt) #endif /* OPENSSL */ -#ifdef OPENSSL #define VALUE_OPT_PVT_CERT 'P' -#endif /* OPENSSL */ -#ifdef OPENSSL #define VALUE_OPT_PVT_PASSWD 'p' -#endif /* OPENSSL */ -#ifdef OPENSSL #define VALUE_OPT_GET_PVT_PASSWD 'q' -#endif /* OPENSSL */ -#ifdef OPENSSL #define VALUE_OPT_SIGN_KEY 'S' -#endif /* OPENSSL */ -#ifdef OPENSSL #define VALUE_OPT_SUBJECT_NAME 's' -#endif /* OPENSSL */ -#ifdef OPENSSL #define VALUE_OPT_TRUSTED_CERT 'T' -#endif /* OPENSSL */ -#ifdef OPENSSL #define VALUE_OPT_MV_PARAMS 'V' +#ifdef OPENSSL + #define OPT_VALUE_MV_PARAMS (DESC(MV_PARAMS).optArg.argInt) #endif /* OPENSSL */ -#ifdef OPENSSL #define VALUE_OPT_MV_KEYS 'v' +#ifdef OPENSSL + #define OPT_VALUE_MV_KEYS (DESC(MV_KEYS).optArg.argInt) #endif /* OPENSSL */ - -#define VALUE_OPT_VERSION 'v' #define VALUE_OPT_HELP '?' #define VALUE_OPT_MORE_HELP '!' +#define VALUE_OPT_VERSION INDEX_OPT_VERSION #define VALUE_OPT_SAVE_OPTS '>' #define VALUE_OPT_LOAD_OPTS '<' #define SET_OPT_SAVE_OPTS(a) STMTS( \ @@ -279,37 +250,56 @@ typedef enum { /* * Interface defines not associated with particular options */ -#define ERRSKIP_OPTERR STMTS( ntp_keygenOptions.fOptSet &= ~OPTPROC_ERRSTOP ) -#define ERRSTOP_OPTERR STMTS( ntp_keygenOptions.fOptSet |= OPTPROC_ERRSTOP ) +#define ERRSKIP_OPTERR STMTS(ntp_keygenOptions.fOptSet &= ~OPTPROC_ERRSTOP) +#define ERRSTOP_OPTERR STMTS(ntp_keygenOptions.fOptSet |= OPTPROC_ERRSTOP) #define RESTART_OPT(n) STMTS( \ ntp_keygenOptions.curOptIdx = (n); \ - ntp_keygenOptions.pzCurOpt = NULL ) + ntp_keygenOptions.pzCurOpt = NULL) #define START_OPT RESTART_OPT(1) -#define USAGE(c) (*ntp_keygenOptions.pUsageProc)( &ntp_keygenOptions, c ) -/* extracted from /usr/local/gnu/autogen-5.9.1/share/autogen/opthead.tpl near line 360 */ +#define USAGE(c) (*ntp_keygenOptions.pUsageProc)(&ntp_keygenOptions, c) +/* extracted from opthead.tlib near line 451 */ + +#ifdef __cplusplus +extern "C" { +#endif /* * * * * * * * Declare the ntp-keygen option descriptor. */ -#ifdef __cplusplus -extern "C" { -#endif +extern tOptions ntp_keygenOptions; + +#if defined(ENABLE_NLS) +# ifndef _ +# include <stdio.h> +static inline char* aoGetsText(char const* pz) { + if (pz == NULL) return NULL; + return (char*)gettext(pz); +} +# define _(s) aoGetsText(s) +# endif /* _() */ -extern tOptions ntp_keygenOptions; +# define OPT_NO_XLAT_CFG_NAMES STMTS(ntp_keygenOptions.fOptSet |= \ + OPTPROC_NXLAT_OPT_CFG;) +# define OPT_NO_XLAT_OPT_NAMES STMTS(ntp_keygenOptions.fOptSet |= \ + OPTPROC_NXLAT_OPT|OPTPROC_NXLAT_OPT_CFG;) -#ifndef _ -# if ENABLE_NLS -# include <stdio.h> - static inline char* aoGetsText( char const* pz ) { - if (pz == NULL) return NULL; - return (char*)gettext( pz ); - } -# define _(s) aoGetsText(s) -# else /* ENABLE_NLS */ -# define _(s) s -# endif /* ENABLE_NLS */ -#endif +# define OPT_XLAT_CFG_NAMES STMTS(ntp_keygenOptions.fOptSet &= \ + ~(OPTPROC_NXLAT_OPT|OPTPROC_NXLAT_OPT_CFG);) +# define OPT_XLAT_OPT_NAMES STMTS(ntp_keygenOptions.fOptSet &= \ + ~OPTPROC_NXLAT_OPT;) + +#else /* ENABLE_NLS */ +# define OPT_NO_XLAT_CFG_NAMES +# define OPT_NO_XLAT_OPT_NAMES + +# define OPT_XLAT_CFG_NAMES +# define OPT_XLAT_OPT_NAMES + +# ifndef _ +# define _(_s) _s +# endif +#endif /* ENABLE_NLS */ #ifdef __cplusplus } diff --git a/util/ntp-keygen-opts.texi b/util/ntp-keygen-opts.texi index d54e9ba5a102..a907c0e7bde9 100644 --- a/util/ntp-keygen-opts.texi +++ b/util/ntp-keygen-opts.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.texi) # -# It has been AutoGen-ed Tuesday December 8, 2009 at 08:14:57 AM EST +# It has been AutoGen-ed December 24, 2011 at 06:34:45 PM by AutoGen 5.12 # From the definitions ntp-keygen-opts.def # and the template file aginfo.tpl @end ignore @@ -16,31 +16,30 @@ If there is no new host key, look for an existing one. If one is not found, create it. This section was generated by @strong{AutoGen}, -the aginfo template and the option descriptions for the @command{ntp-keygen} program. It documents the ntp-keygen usage text and option meanings. +the aginfo template and the option descriptions for the @command{ntp-keygen} program. It documents the @command{ntp-keygen} usage text and option meanings. This software is released under a specialized copyright license. @menu * ntp-keygen usage:: ntp-keygen usage help (-?) -* ntp-keygen certificate:: certificate option (-c) -* ntp-keygen debug-level:: debug-level option (-d) -* ntp-keygen get-pvt-passwd:: get-pvt-passwd option (-q) -* ntp-keygen gq-keys:: gq-keys option (-g) -* ntp-keygen gq-params:: gq-params option (-G) -* ntp-keygen host-key:: host-key option (-H) -* ntp-keygen id-key:: id-key option (-e) -* ntp-keygen iffkey:: iffkey option (-I) -* ntp-keygen issuer-name:: issuer-name option (-i) -* ntp-keygen md5key:: md5key option (-M) -* ntp-keygen modulus:: modulus option (-m) -* ntp-keygen mv-keys:: mv-keys option (-v) -* ntp-keygen mv-params:: mv-params option (-V) -* ntp-keygen pvt-cert:: pvt-cert option (-P) -* ntp-keygen pvt-passwd:: pvt-passwd option (-p) -* ntp-keygen set-debug-level:: set-debug-level option (-D) -* ntp-keygen sign-key:: sign-key option (-S) -* ntp-keygen subject-name:: subject-name option (-s) -* ntp-keygen trusted-cert:: trusted-cert option (-T) +* ntp-keygen certificate:: certificate option (-c) +* ntp-keygen debug-level:: debug-level option (-d) +* ntp-keygen get-pvt-passwd:: get-pvt-passwd option (-q) +* ntp-keygen gq-params:: gq-params option (-G) +* ntp-keygen host-key:: host-key option (-H) +* ntp-keygen id-key:: id-key option (-e) +* ntp-keygen iffkey:: iffkey option (-I) +* ntp-keygen issuer-name:: issuer-name option (-i) +* ntp-keygen md5key:: md5key option (-M) +* ntp-keygen modulus:: modulus option (-m) +* ntp-keygen mv-keys:: mv-keys option (-v) +* ntp-keygen mv-params:: mv-params option (-V) +* ntp-keygen pvt-cert:: pvt-cert option (-P) +* ntp-keygen pvt-passwd:: pvt-passwd option (-p) +* ntp-keygen set-debug-level:: set-debug-level option (-D) +* ntp-keygen sign-key:: sign-key option (-S) +* ntp-keygen subject-name:: subject-name option (-s) +* ntp-keygen trusted-cert:: trusted-cert option (-T) @end menu @node ntp-keygen usage @@ -51,8 +50,7 @@ This is the automatically generated usage text for ntp-keygen: @exampleindent 0 @example -Using OpenSSL version 90704f -ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.5p247-RC +ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.6p5 USAGE: ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... Flg Arg Option-Name Description -c Str certificate certificate scheme @@ -67,7 +65,8 @@ USAGE: ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -i Str issuer-name set issuer name -M no md5key generate MD5 keys -m Num modulus modulus - - it must be: 256 to 2048 + - It must be in the range: + 256 to 2048 -P no pvt-cert generate PC private certificate -p Str pvt-passwd output private password -q Str get-pvt-passwd input private password @@ -84,16 +83,16 @@ USAGE: ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... - disabled as --no-load-opts - may appear multiple times -Options are specified by doubled hyphens and their name -or by a single hyphen and the flag character. +Options are specified by doubled hyphens and their name or by a single +hyphen and the flag character. The following option preset mechanisms are supported: - - reading file /users/stenn/.ntprc - - reading file /deacon/backroom/snaps/ntp-stable/util/.ntprc + - reading file $HOME/.ntprc + - reading file ./.ntprc - examining environment variables named NTP_KEYGEN_* -If there is no new host key, look for an existing one. -If one is not found, create it. +If there is no new host key, look for an existing one. If one is not +found, create it. please send bug reports to: http://bugs.ntp.org, bugs@@ntp.org @end example @@ -111,7 +110,14 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +scheme is one of +RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, RSA-RIPEMD160, +DSA-SHA, or DSA-SHA1. + +Select the certificate message digest/signature encryption scheme. +Note that RSA schemes must be used with a RSA sign key and DSA +schemes must be used with a DSA sign key. The default without +this option is RSA-MD5. @node ntp-keygen debug-level @subsection debug-level option (-d) @@ -123,34 +129,15 @@ This option has some usage constraints. It: @itemize @bullet @item may appear an unlimited number of times. -@item -must be compiled in by defining @code{DEBUG} during the compilation. @end itemize Increase the debugging message output level. -@node ntp-keygen set-debug-level -@subsection set-debug-level option (-D) -@cindex ntp-keygen-set-debug-level - -This is the ``set the output debug message level'' option. - -This option has some usage constraints. It: -@itemize @bullet -@item -may appear an unlimited number of times. -@item -must be compiled in by defining @code{DEBUG} during the compilation. -@end itemize - -Set the output debugging level. Can be supplied multiple times, -but each overrides the previous value(s). - -@node ntp-keygen id-key -@subsection id-key option (-e) -@cindex ntp-keygen-id-key +@node ntp-keygen get-pvt-passwd +@subsection get-pvt-passwd option (-q) +@cindex ntp-keygen-get-pvt-passwd -This is the ``write identity keys'' option. +This is the ``input private password'' option. This option has some usage constraints. It: @itemize @bullet @@ -158,7 +145,7 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Set the password for reading files to the specified password. @node ntp-keygen gq-params @subsection gq-params option (-G) @@ -172,13 +159,14 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Generate parameters and keys for the GQ identification scheme, +obsoleting any that may exist. -@node ntp-keygen gq-keys -@subsection gq-keys option (-g) -@cindex ntp-keygen-gq-keys +@node ntp-keygen host-key +@subsection host-key option (-H) +@cindex ntp-keygen-host-key -This is the ``update gq keys'' option. +This is the ``generate rsa host key'' option. This option has some usage constraints. It: @itemize @bullet @@ -186,13 +174,13 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Generate new host keys, obsoleting any that may exist. -@node ntp-keygen host-key -@subsection host-key option (-H) -@cindex ntp-keygen-host-key +@node ntp-keygen id-key +@subsection id-key option (-e) +@cindex ntp-keygen-id-key -This is the ``generate rsa host key'' option. +This is the ``write iff or gq identity keys'' option. This option has some usage constraints. It: @itemize @bullet @@ -200,7 +188,8 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Write the IFF or GQ client keys to the standard output. This is +intended for automatic key distribution by mail. @node ntp-keygen iffkey @subsection iffkey option (-I) @@ -214,7 +203,8 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Generate parameters for the IFF identification scheme, obsoleting +any that may exist. @node ntp-keygen issuer-name @subsection issuer-name option (-i) @@ -228,14 +218,15 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Set the suject name to name. This is used as the subject field +in certificates and in the file name for host and sign keys. @node ntp-keygen md5key @subsection md5key option (-M) @cindex ntp-keygen-md5key This is the ``generate md5 keys'' option. -Just some descriptive text. +Generate MD5 keys, obsoleting any that may exist. @node ntp-keygen modulus @subsection modulus option (-m) @@ -249,7 +240,36 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +The number of bits in the prime modulus. The default is 512. + +@node ntp-keygen mv-keys +@subsection mv-keys option (-v) +@cindex ntp-keygen-mv-keys + +This is the ``update <num> mv keys'' option. + +This option has some usage constraints. It: +@itemize @bullet +@item +must be compiled in by defining @code{OPENSSL} during the compilation. +@end itemize + +This option has no @samp{doc} documentation. + +@node ntp-keygen mv-params +@subsection mv-params option (-V) +@cindex ntp-keygen-mv-params + +This is the ``generate <num> mv parameters'' option. + +This option has some usage constraints. It: +@itemize @bullet +@item +must be compiled in by defining @code{OPENSSL} during the compilation. +@end itemize + +Generate parameters and keys for the Mu-Varadharajan (MV) +identification scheme. @node ntp-keygen pvt-cert @subsection pvt-cert option (-P) @@ -263,7 +283,8 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Generate a private certificate. By default, the program generates +public certificates. @node ntp-keygen pvt-passwd @subsection pvt-passwd option (-p) @@ -277,21 +298,23 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Encrypt generated files containing private data with the specified +password and the DES-CBC algorithm. -@node ntp-keygen get-pvt-passwd -@subsection get-pvt-passwd option (-q) -@cindex ntp-keygen-get-pvt-passwd +@node ntp-keygen set-debug-level +@subsection set-debug-level option (-D) +@cindex ntp-keygen-set-debug-level -This is the ``input private password'' option. +This is the ``set the output debug message level'' option. This option has some usage constraints. It: @itemize @bullet @item -must be compiled in by defining @code{OPENSSL} during the compilation. +may appear an unlimited number of times. @end itemize -Just some descriptive text. +Set the output debugging level. Can be supplied multiple times, +but each overrides the previous value(s). @node ntp-keygen sign-key @subsection sign-key option (-S) @@ -305,7 +328,9 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Generate a new sign key of the designated type, obsoleting any +that may exist. By default, the program uses the host key as the +sign key. @node ntp-keygen subject-name @subsection subject-name option (-s) @@ -319,7 +344,8 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. +Set the issuer name to name. This is used for the issuer field +in certificates and in the file name for identity files. @node ntp-keygen trusted-cert @subsection trusted-cert option (-T) @@ -333,32 +359,5 @@ This option has some usage constraints. It: must be compiled in by defining @code{OPENSSL} during the compilation. @end itemize -Just some descriptive text. - -@node ntp-keygen mv-params -@subsection mv-params option (-V) -@cindex ntp-keygen-mv-params - -This is the ``generate <num> mv parameters'' option. - -This option has some usage constraints. It: -@itemize @bullet -@item -must be compiled in by defining @code{OPENSSL} during the compilation. -@end itemize - -Just some descriptive text. - -@node ntp-keygen mv-keys -@subsection mv-keys option (-v) -@cindex ntp-keygen-mv-keys - -This is the ``update <num> mv keys'' option. - -This option has some usage constraints. It: -@itemize @bullet -@item -must be compiled in by defining @code{OPENSSL} during the compilation. -@end itemize - -Just some descriptive text. +Generate a trusted certificate. By default, the program generates +a non-trusted certificate. diff --git a/util/ntp-keygen.1 b/util/ntp-keygen.1 index 90f8d5cceaec..edf4c75ae1f0 100644 --- a/util/ntp-keygen.1 +++ b/util/ntp-keygen.1 @@ -1,7 +1,7 @@ -.TH NTP-KEYGEN 1 2009-12-08 "(ntp 4.2.4p8)" "Programmer's Manual" +.TH NTP-KEYGEN 1 2011-12-24 "(ntp 4.2.6p5)" "Programmer's Manual" .\" EDIT THIS FILE WITH CAUTION (ntp-keygen.1) .\" -.\" It has been AutoGen-ed Tuesday December 8, 2009 at 08:14:57 AM EST +.\" It has been AutoGen-ed December 24, 2011 at 06:34:45 PM by AutoGen 5.12 .\" From the definitions ntp-keygen-opts.def .\" and the template file agman1.tpl .\" @@ -14,7 +14,7 @@ ntp-keygen \- Create a NTP host key .PP All arguments must be options. .SH "DESCRIPTION" -This manual page documents, briefly, the \fBntp-keygen\fP command. +This manual page briefly documents the \fBntp-keygen\fP command. If there is no new host key, look for an existing one. If one is not found, create it. .SH OPTIONS @@ -22,7 +22,14 @@ If one is not found, create it. .BR \-c " \fIscheme\fP, " \--certificate "=" \fIscheme\fP certificate scheme. .sp -Just some descriptive text. +scheme is one of +RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, RSA-RIPEMD160, +DSA-SHA, or DSA-SHA1. + +Select the certificate message digest/signature encryption scheme. +Note that RSA schemes must be used with a RSA sign key and DSA +schemes must be used with a DSA sign key. The default without +this option is RSA-MD5. .TP .BR \-d ", " \--debug-level Increase output debug message level. @@ -38,39 +45,38 @@ Set the output debugging level. Can be supplied multiple times, but each overrides the previous value(s). .TP .BR \-e ", " \--id-key -Write identity keys. +Write IFF or GQ identity keys. .sp -Just some descriptive text. +Write the IFF or GQ client keys to the standard output. This is +intended for automatic key distribution by mail. .TP .BR \-G ", " \--gq-params Generate GQ parameters and keys. .sp -Just some descriptive text. -.TP -.BR \-g ", " \--gq-keys -update GQ keys. -.sp -Just some descriptive text. +Generate parameters and keys for the GQ identification scheme, +obsoleting any that may exist. .TP .BR \-H ", " \--host-key generate RSA host key. .sp -Just some descriptive text. +Generate new host keys, obsoleting any that may exist. .TP .BR \-I ", " \--iffkey generate IFF parameters. .sp -Just some descriptive text. +Generate parameters for the IFF identification scheme, obsoleting +any that may exist. .TP -.BR \-i ", " \--issuer-name +.BR \-i " \fIissuer-name\fP, " \--issuer-name "=" \fIissuer-name\fP set issuer name. .sp -Just some descriptive text. +Set the suject name to name. This is used as the subject field +in certificates and in the file name for host and sign keys. .TP .BR \-M ", " \--md5key generate MD5 keys. .sp -Just some descriptive text. +Generate MD5 keys, obsoleting any that may exist. .TP .BR \-m " \fImodulus\fP, " \--modulus "=" \fImodulus\fP modulus. @@ -83,52 +89,59 @@ in the range 256 through 2048 .fi .in -4 .sp -Just some descriptive text. +The number of bits in the prime modulus. The default is 512. .TP .BR \-P ", " \--pvt-cert generate PC private certificate. .sp -Just some descriptive text. +Generate a private certificate. By default, the program generates +public certificates. .TP .BR \-p " \fIpasswd\fP, " \--pvt-passwd "=" \fIpasswd\fP output private password. .sp -Just some descriptive text. +Encrypt generated files containing private data with the specified +password and the DES-CBC algorithm. .TP .BR \-q " \fIpasswd\fP, " \--get-pvt-passwd "=" \fIpasswd\fP input private password. .sp -Just some descriptive text. +Set the password for reading files to the specified password. .TP .BR \-S " \fIsign\fP, " \--sign-key "=" \fIsign\fP generate sign key (RSA or DSA). .sp -Just some descriptive text. +Generate a new sign key of the designated type, obsoleting any +that may exist. By default, the program uses the host key as the +sign key. .TP .BR \-s " \fIhost\fP, " \--subject-name "=" \fIhost\fP set subject name. .sp -Just some descriptive text. +Set the issuer name to name. This is used for the issuer field +in certificates and in the file name for identity files. .TP .BR \-T ", " \--trusted-cert trusted certificate (TC scheme). .sp -Just some descriptive text. +Generate a trusted certificate. By default, the program generates +a non-trusted certificate. .TP .BR \-V " \fInum\fP, " \--mv-params "=" \fInum\fP generate <num> MV parameters. This option takes an integer number as its argument. .sp -Just some descriptive text. +Generate parameters and keys for the Mu-Varadharajan (MV) +identification scheme. .TP .BR \-v " \fInum\fP, " \--mv-keys "=" \fInum\fP update <num> MV keys. This option takes an integer number as its argument. .sp -Just some descriptive text. +This option has not been fully documented. .TP .BR \-? , " \--help" -Display usage information and exit. +Display extended usage information and exit. .TP .BR \-! , " \--more-help" Extended usage information passed thru pager. @@ -143,7 +156,7 @@ The \fIno-load-opts\fP form will disable the loading of earlier RC/INI files. \fI--no-load-opts\fP is handled early, out of order. .TP -.BR \-v " [{\fIv|c|n\fP}]," " \--version" "[=\fI{v|c|n}\fP]" +.BR \- " [{\fIv|c|n\fP}]," " \--version" "[=\fI{v|c|n}\fP]" Output version of program and exit. The default mode is `v', a simple version. The `c' mode will print copyright information and `n' will print the full copyright notice. @@ -154,7 +167,7 @@ environment variables named: .nf \fBNTP_KEYGEN_<option-name>\fP or \fBNTP_KEYGEN\fP .fi -.aj +.ad The environmental presets take precedence (are processed later than) the configuration files. The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP". @@ -169,6 +182,7 @@ Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org .nf .na see html/copyright.html + .fi .ad .PP diff --git a/util/ntp-keygen.c b/util/ntp-keygen.c index 6c1451889551..66d074f3fcfa 100644 --- a/util/ntp-keygen.c +++ b/util/ntp-keygen.c @@ -1,70 +1,65 @@ /* - * Program to generate cryptographic keys for NTP clients and servers + * Program to generate cryptographic keys for ntp clients and servers * - * This program generates files "ntpkey_<type>_<hostname>.<filestamp>", - * where <type> is the file type, <hostname> is the generating host and - * <filestamp> is the NTP seconds in decimal format. The NTP programs - * expect generic names such as "ntpkey_<type>_whimsy.udel.edu" with the - * association maintained by soft links. - * - * Files are prefixed with a header giving the name and date of creation + * This program generates password encrypted data files for use with the + * Autokey security protocol and Network Time Protocol Version 4. Files + * are prefixed with a header giving the name and date of creation * followed by a type-specific descriptive label and PEM-encoded data - * string compatible with programs of the OpenSSL library. + * structure compatible with programs of the OpenSSL library. * - * Note that private keys can be password encrypted as per OpenSSL - * conventions. - * - * The file types include + * All file names are like "ntpkey_<type>_<hostname>.<filestamp>", where + * <type> is the file type, <hostname> the generating host name and + * <filestamp> the generation time in NTP seconds. The NTP programs + * expect generic names such as "ntpkey_<type>_whimsy.udel.edu" with the + * association maintained by soft links. Following is a list of file + * types; the first line is the file name and the second link name. * * ntpkey_MD5key_<hostname>.<filestamp> * MD5 (128-bit) keys used to compute message digests in symmetric * key cryptography * - * ntpkey_RSAkey_<hostname>.<filestamp> - * ntpkey_host_<hostname> (RSA) link + * ntpkey_RSAhost_<hostname>.<filestamp> + * ntpkey_host_<hostname> * RSA private/public host key pair used for public key signatures - * and data encryption * - * ntpkey_DSAkey_<hostname>.<filestamp> - * ntpkey_sign_<hostname> (RSA or DSA) link - * DSA private/public sign key pair used for public key signatures, - * but not data encryption + * ntpkey_RSAsign_<hostname>.<filestamp> + * ntpkey_sign_<hostname> + * RSA private/public sign key pair used for public key signatures * - * ntpkey_IFFpar_<hostname>.<filestamp> - * ntpkey_iff_<hostname> (IFF server/client) link - * ntpkey_iffkey_<hostname> (IFF client) link - * Schnorr (IFF) server/client identity parameters + * ntpkey_DSAsign_<hostname>.<filestamp> + * ntpkey_sign_<hostname> + * DSA Private/public sign key pair used for public key signatures * - * ntpkey_IFFkey_<hostname>.<filestamp> - * Schnorr (IFF) client identity parameters - * - * ntpkey_GQpar_<hostname>.<filestamp>, - * ntpkey_gq_<hostname> (GQ) link - * Guillou-Quisquater (GQ) identity parameters - * - * ntpkey_MVpar_<hostname>.<filestamp>, - * Mu-Varadharajan (MV) server identity parameters + * Available digest/signature schemes * - * ntpkey_MVkeyX_<hostname>.<filestamp>, - * ntpkey_mv_<hostname> (MV server) link - * ntpkey_mvkey_<hostname> (MV client) link - * Mu-Varadharajan (MV) client identity parameters + * RSA: RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, EVP-RIPEMD160 + * DSA: DSA-SHA, DSA-SHA1 * * ntpkey_XXXcert_<hostname>.<filestamp> - * ntpkey_cert_<hostname> (RSA or DSA) link + * ntpkey_cert_<hostname> * X509v3 certificate using RSA or DSA public keys and signatures. * XXX is a code identifying the message digest and signature * encryption algorithm * - * Available digest/signature schemes + * Identity schemes. The key type par is used for the challenge; the key + * type key is used for the response. * - * RSA: RSA-MD2, RSA-MD5, RSA-SHA, RSA-SHA1, RSA-MDC2, EVP-RIPEMD160 - * DSA: DSA-SHA, DSA-SHA1 + * ntpkey_IFFkey_<groupname>.<filestamp> + * ntpkey_iffkey_<groupname> + * Schnorr (IFF) identity parameters and keys + * + * ntpkey_GQkey_<groupname>.<filestamp>, + * ntpkey_gqkey_<groupname> + * Guillou-Quisquater (GQ) identity parameters and keys + * + * ntpkey_MVkeyX_<groupname>.<filestamp>, + * ntpkey_mvkey_<groupname> + * Mu-Varadharajan (MV) identity parameters and keys * * Note: Once in a while because of some statistical fluke this program * fails to generate and verify some cryptographic data, as indicated by * exit status -1. In this case simply run the program again. If the - * program does complete with return code 0, the data are correct as + * program does complete with exit code 0, the data are correct as * verified. * * These cryptographic routines are characterized by the prime modulus @@ -92,21 +87,15 @@ #include <unistd.h> #include <sys/stat.h> #include <sys/time.h> -#if HAVE_SYS_TYPES_H -# include <sys/types.h> -#endif +#include <sys/types.h> #include "ntp_types.h" #include "ntp_random.h" -#include "l_stdlib.h" +#include "ntp_stdlib.h" +#include "ntp_assert.h" +#include "ntp_libopts.h" #include "ntp-keygen-opts.h" -#ifdef SYS_WINNT -extern int ntp_getopt P((int, char **, const char *)); -#define getopt ntp_getopt -#define optarg ntp_optarg -#endif - #ifdef OPENSSL #include "openssl/bn.h" #include "openssl/evp.h" @@ -116,17 +105,21 @@ extern int ntp_getopt P((int, char **, const char *)); #include "openssl/x509v3.h" #include <openssl/objects.h> #endif /* OPENSSL */ +#include <ssl_applink.c> /* * Cryptodefines */ -#define MD5KEYS 16 /* number of MD5 keys generated */ -#define JAN_1970 ULONG_CONST(2208988800) /* NTP seconds */ +#define MD5KEYS 10 /* number of keys generated of each type */ +#define MD5SIZE 20 /* maximum key size */ +#define JAN_1970 2208988800UL /* NTP seconds */ #define YEAR ((long)60*60*24*365) /* one year in seconds */ #define MAXFILENAME 256 /* max file name length */ #define MAXHOSTNAME 256 /* max host name length */ #ifdef OPENSSL #define PLEN 512 /* default prime modulus size (bits) */ +#define ILEN 256 /* default identity modulus size (bits) */ +#define MVMAX 100 /* max MV parameters */ /* * Strings used in X509v3 extension fields @@ -140,35 +133,39 @@ extern int ntp_getopt P((int, char **, const char *)); /* * Prototypes */ -FILE *fheader P((const char *, const char *)); -void fslink P((const char *, const char *)); -int gen_md5 P((char *)); +FILE *fheader (const char *, const char *, const char *); +int gen_md5 (char *); #ifdef OPENSSL -EVP_PKEY *gen_rsa P((char *)); -EVP_PKEY *gen_dsa P((char *)); -EVP_PKEY *gen_iff P((char *)); -EVP_PKEY *gen_gqpar P((char *)); -EVP_PKEY *gen_gqkey P((char *, EVP_PKEY *)); -EVP_PKEY *gen_mv P((char *)); -int x509 P((EVP_PKEY *, const EVP_MD *, char *, char *)); -void cb P((int, int, void *)); -EVP_PKEY *genkey P((char *, char *)); -u_long asn2ntp P((ASN1_TIME *)); +EVP_PKEY *gen_rsa (char *); +EVP_PKEY *gen_dsa (char *); +EVP_PKEY *gen_iffkey (char *); +EVP_PKEY *gen_gqkey (char *); +EVP_PKEY *gen_mvkey (char *, EVP_PKEY **); +void gen_mvserv (char *, EVP_PKEY **); +int x509 (EVP_PKEY *, const EVP_MD *, char *, char *, + char *); +void cb (int, int, void *); +EVP_PKEY *genkey (char *, char *); +EVP_PKEY *readkey (char *, char *, u_int *, EVP_PKEY **); +void writekey (char *, char *, u_int *, EVP_PKEY **); +u_long asn2ntp (ASN1_TIME *); #endif /* OPENSSL */ /* * Program variables */ extern char *optarg; /* command line argument */ -int debug = 0; /* debug, not de bug */ -int rval; /* return status */ +char *progname; +volatile int debug = 0; /* debug, not de bug */ #ifdef OPENSSL u_int modulus = PLEN; /* prime modulus size (bits) */ +u_int modulus2 = ILEN; /* identity modulus size (bits) */ #endif -int nkeys = 0; /* MV keys */ +int nkeys; /* MV keys */ time_t epoch; /* Unix epoch (seconds) since 1970 */ -char *hostname; /* host name (subject name) */ -char *trustname; /* trusted host name (issuer name) */ +u_int fstamp; /* NTP filestamp */ +char *hostname = NULL; /* host name (subject name) */ +char *groupname = NULL; /* trusted host name (issuer name) */ char filename[MAXFILENAME + 1]; /* file name */ char *passwd1 = NULL; /* input private key password */ char *passwd2 = NULL; /* output private key password */ @@ -183,9 +180,11 @@ BOOL init_randfile(); * Don't try to follow symbolic links */ int -readlink(char * link, char * file, int len) { +readlink(char *link, char *file, int len) +{ return (-1); } + /* * Don't try to create a symbolic link for now. * Just move the file to the name you need. @@ -194,7 +193,7 @@ int symlink(char *filename, char *linkname) { DeleteFile(linkname); MoveFile(filename, linkname); - return 0; + return (0); } void InitWin32Sockets() { @@ -203,7 +202,7 @@ InitWin32Sockets() { wVersionRequested = MAKEWORD(2,0); if (WSAStartup(wVersionRequested, &wsaData)) { - fprintf(stderr, "No useable winsock.dll"); + fprintf(stderr, "No useable winsock.dll\n"); exit(1); } } @@ -222,17 +221,18 @@ main( int md5key = 0; /* generate MD5 keys */ #ifdef OPENSSL X509 *cert = NULL; /* X509 certificate */ + X509_EXTENSION *ext; /* X509v3 extension */ EVP_PKEY *pkey_host = NULL; /* host key */ EVP_PKEY *pkey_sign = NULL; /* sign key */ - EVP_PKEY *pkey_iff = NULL; /* IFF parameters */ - EVP_PKEY *pkey_gq = NULL; /* GQ parameters */ - EVP_PKEY *pkey_mv = NULL; /* MV parameters */ + EVP_PKEY *pkey_iffkey = NULL; /* IFF sever keys */ + EVP_PKEY *pkey_gqkey = NULL; /* GQ server keys */ + EVP_PKEY *pkey_mvkey = NULL; /* MV trusted agen keys */ + EVP_PKEY *pkey_mvpar[MVMAX]; /* MV cleient keys */ int hostkey = 0; /* generate RSA keys */ - int iffkey = 0; /* generate IFF parameters */ - int gqpar = 0; /* generate GQ parameters */ - int gqkey = 0; /* update GQ keys */ - int mvpar = 0; /* generate MV parameters */ + int iffkey = 0; /* generate IFF keys */ + int gqkey = 0; /* generate GQ keys */ int mvkey = 0; /* update MV keys */ + int mvpar = 0; /* generate MV parameters */ char *sign = NULL; /* sign key */ EVP_PKEY *pkey = NULL; /* temp key */ const EVP_MD *ectx; /* EVP digest */ @@ -242,33 +242,23 @@ main( char *grpkey = NULL; /* identity extension */ int nid; /* X509 digest/signature scheme */ FILE *fstr = NULL; /* file handle */ - u_int temp; #define iffsw HAVE_OPT(ID_KEY) #endif /* OPENSSL */ char hostbuf[MAXHOSTNAME + 1]; + char groupbuf[MAXHOSTNAME + 1]; + + progname = argv[0]; #ifdef SYS_WINNT /* Initialize before OpenSSL checks */ InitWin32Sockets(); - if(!init_randfile()) + if (!init_randfile()) fprintf(stderr, "Unable to initialize .rnd file\n"); + ssl_applink(); #endif #ifdef OPENSSL - /* - * OpenSSL version numbers: MNNFFPPS: major minor fix patch status - * We match major, minor, fix and status (not patch) - */ - if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) { - fprintf(stderr, - "OpenSSL version mismatch. Built against %lx, you have %lx\n", - OPENSSL_VERSION_NUMBER, SSLeay()); - return (-1); - - } else { - fprintf(stderr, - "Using OpenSSL version %lx\n", SSLeay()); - } + ssl_check_version(); #endif /* OPENSSL */ /* @@ -276,393 +266,585 @@ main( */ gethostname(hostbuf, MAXHOSTNAME); hostname = hostbuf; -#ifdef OPENSSL - trustname = hostbuf; - passwd1 = hostbuf; -#endif -#ifndef SYS_WINNT gettimeofday(&tv, 0); -#else - gettimeofday(&tv); -#endif + epoch = tv.tv_sec; - rval = 0; { - int optct = optionProcess(&ntp_keygenOptions, argc, argv); + int optct = ntpOptionProcess(&ntp_keygenOptions, + argc, argv); argc -= optct; argv += optct; } #ifdef OPENSSL - if (HAVE_OPT( CERTIFICATE )) - scheme = OPT_ARG( CERTIFICATE ); -#endif + if (SSLeay() == SSLEAY_VERSION_NUMBER) + fprintf(stderr, "Using OpenSSL version %s\n", + SSLeay_version(SSLEAY_VERSION)); + else + fprintf(stderr, "Built against OpenSSL %s, using version %s\n", + OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION)); +#endif /* OPENSSL */ debug = DESC(DEBUG_LEVEL).optOccCt; - -#ifdef OPENSSL - if (HAVE_OPT( GQ_PARAMS )) - gqpar++; - - if (HAVE_OPT( GQ_KEYS )) - gqkey++; - - if (HAVE_OPT( HOST_KEY )) - hostkey++; - - if (HAVE_OPT( IFFKEY )) - iffkey++; - - if (HAVE_OPT( ISSUER_NAME )) - trustname = OPT_ARG( ISSUER_NAME ); -#endif - if (HAVE_OPT( MD5KEY )) - md5key++; + md5key++; #ifdef OPENSSL - if (HAVE_OPT( MODULUS )) - modulus = OPT_VALUE_MODULUS; - - if (HAVE_OPT( PVT_CERT )) - exten = EXT_KEY_PRIVATE; - + passwd1 = hostbuf; if (HAVE_OPT( PVT_PASSWD )) - passwd2 = OPT_ARG( PVT_PASSWD ); + passwd1 = strdup(OPT_ARG( PVT_PASSWD )); if (HAVE_OPT( GET_PVT_PASSWD )) - passwd1 = OPT_ARG( GET_PVT_PASSWD ); + passwd2 = strdup(OPT_ARG( GET_PVT_PASSWD )); + + if (HAVE_OPT( HOST_KEY )) + hostkey++; if (HAVE_OPT( SIGN_KEY )) - sign = OPT_ARG( SIGN_KEY ); + sign = strdup(OPT_ARG( SIGN_KEY )); - if (HAVE_OPT( SUBJECT_NAME )) - hostname = OPT_ARG( SUBJECT_NAME ); + if (HAVE_OPT( GQ_PARAMS )) + gqkey++; - if (HAVE_OPT( TRUSTED_CERT )) - exten = EXT_KEY_TRUST; + if (HAVE_OPT( IFFKEY )) + iffkey++; if (HAVE_OPT( MV_PARAMS )) { - mvpar++; + mvkey++; nkeys = OPT_VALUE_MV_PARAMS; } - if (HAVE_OPT( MV_KEYS )) { - mvkey++; + mvpar++; nkeys = OPT_VALUE_MV_KEYS; } -#endif + if (HAVE_OPT( MODULUS )) + modulus = OPT_VALUE_MODULUS; + + if (HAVE_OPT( CERTIFICATE )) + scheme = OPT_ARG( CERTIFICATE ); + + if (HAVE_OPT( SUBJECT_NAME )) + hostname = strdup(OPT_ARG( SUBJECT_NAME )); + + if (HAVE_OPT( ISSUER_NAME )) + groupname = strdup(OPT_ARG( ISSUER_NAME )); + + if (HAVE_OPT( PVT_CERT )) + exten = EXT_KEY_PRIVATE; + + if (HAVE_OPT( TRUSTED_CERT )) + exten = EXT_KEY_TRUST; - if (passwd1 != NULL && passwd2 == NULL) - passwd2 = passwd1; -#ifdef OPENSSL /* * Seed random number generator and grow weeds. */ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); - if (RAND_file_name(pathbuf, MAXFILENAME) == NULL) { - fprintf(stderr, "RAND_file_name %s\n", - ERR_error_string(ERR_get_error(), NULL)); - return (-1); - } - temp = RAND_load_file(pathbuf, -1); - if (temp == 0) { + if (!RAND_status()) { + u_int temp; + + if (RAND_file_name(pathbuf, MAXFILENAME) == NULL) { + fprintf(stderr, "RAND_file_name %s\n", + ERR_error_string(ERR_get_error(), NULL)); + exit (-1); + } + temp = RAND_load_file(pathbuf, -1); + if (temp == 0) { + fprintf(stderr, + "RAND_load_file %s not found or empty\n", + pathbuf); + exit (-1); + } fprintf(stderr, - "RAND_load_file %s not found or empty\n", pathbuf); - return (-1); + "Random seed file %s %u bytes\n", pathbuf, temp); + RAND_add(&epoch, sizeof(epoch), 4.0); } - fprintf(stderr, - "Random seed file %s %u bytes\n", pathbuf, temp); - RAND_add(&epoch, sizeof(epoch), 4.0); -#endif /* - * Generate new parameters and keys as requested. These replace - * any values already generated. + * Load previous certificate if available. */ - if (md5key) - gen_md5("MD5"); -#ifdef OPENSSL - if (hostkey) - pkey_host = genkey("RSA", "host"); - if (sign != NULL) - pkey_sign = genkey(sign, "sign"); - if (iffkey) - pkey_iff = gen_iff("iff"); - if (gqpar) - pkey_gq = gen_gqpar("gq"); - if (mvpar) - pkey_mv = gen_mv("mv"); + sprintf(filename, "ntpkey_cert_%s", hostname); + if ((fstr = fopen(filename, "r")) != NULL) { + cert = PEM_read_X509(fstr, NULL, NULL, NULL); + fclose(fstr); + } + if (cert != NULL) { + + /* + * Extract subject name. + */ + X509_NAME_oneline(X509_get_subject_name(cert), groupbuf, + MAXFILENAME); + + /* + * Extract digest/signature scheme. + */ + if (scheme == NULL) { + nid = OBJ_obj2nid(cert->cert_info-> + signature->algorithm); + scheme = OBJ_nid2sn(nid); + } + + /* + * If a key_usage extension field is present, determine + * whether this is a trusted or private certificate. + */ + if (exten == NULL) { + BIO *bp; + int i, cnt; + char *ptr; + + ptr = strstr(groupbuf, "CN="); + cnt = X509_get_ext_count(cert); + for (i = 0; i < cnt; i++) { + ext = X509_get_ext(cert, i); + if (OBJ_obj2nid(ext->object) == + NID_ext_key_usage) { + bp = BIO_new(BIO_s_mem()); + X509V3_EXT_print(bp, ext, 0, 0); + BIO_gets(bp, pathbuf, + MAXFILENAME); + BIO_free(bp); + if (strcmp(pathbuf, + "Trust Root") == 0) + exten = EXT_KEY_TRUST; + else if (strcmp(pathbuf, + "Private") == 0) + exten = EXT_KEY_PRIVATE; + if (groupname == NULL) + groupname = ptr + 3; + } + } + } + } + if (scheme == NULL) + scheme = "RSA-MD5"; + if (groupname == NULL) + groupname = hostname; + fprintf(stderr, "Using host %s group %s\n", hostname, + groupname); + if ((iffkey || gqkey || mvkey) && exten == NULL) + fprintf(stderr, + "Warning: identity files may not be useful with a nontrusted certificate.\n"); +#endif /* OPENSSL */ /* - * If there is no new host key, look for an existing one. If not - * found, create it. + * Create new unencrypted MD5 keys file if requested. If this + * option is selected, ignore all other options. */ - while (pkey_host == NULL && rval == 0 && !HAVE_OPT(ID_KEY)) { - sprintf(filename, "ntpkey_host_%s", hostname); - if ((fstr = fopen(filename, "r")) != NULL) { - pkey_host = PEM_read_PrivateKey(fstr, NULL, - NULL, passwd1); - fclose(fstr); - readlink(filename, filename, sizeof(filename)); - if (pkey_host == NULL) { - fprintf(stderr, "Host key\n%s\n", - ERR_error_string(ERR_get_error(), - NULL)); - rval = -1; - } else { - fprintf(stderr, - "Using host key %s\n", filename); - } - break; + if (md5key) { + gen_md5("md5"); + exit (0); + } - } else if ((pkey_host = genkey("RSA", "host")) == - NULL) { - rval = -1; - break; +#ifdef OPENSSL + /* + * Create a new encrypted RSA host key file if requested; + * otherwise, look for an existing host key file. If not found, + * create a new encrypted RSA host key file. If that fails, go + * no further. + */ + if (hostkey) + pkey_host = genkey("RSA", "host"); + if (pkey_host == NULL) { + sprintf(filename, "ntpkey_host_%s", hostname); + pkey_host = readkey(filename, passwd1, &fstamp, NULL); + if (pkey_host != NULL) { + readlink(filename, filename, sizeof(filename)); + fprintf(stderr, "Using host key %s\n", + filename); + } else { + pkey_host = genkey("RSA", "host"); } } + if (pkey_host == NULL) { + fprintf(stderr, "Generating host key fails\n"); + exit (-1); + } /* - * If there is no new sign key, look for an existing one. If not - * found, use the host key instead. + * Create new encrypted RSA or DSA sign keys file if requested; + * otherwise, look for an existing sign key file. If not found, + * use the host key instead. */ - pkey = pkey_sign; - while (pkey_sign == NULL && rval == 0 && !HAVE_OPT(ID_KEY)) { + if (sign != NULL) + pkey_sign = genkey(sign, "sign"); + if (pkey_sign == NULL) { sprintf(filename, "ntpkey_sign_%s", hostname); - if ((fstr = fopen(filename, "r")) != NULL) { - pkey_sign = PEM_read_PrivateKey(fstr, NULL, - NULL, passwd1); - fclose(fstr); + pkey_sign = readkey(filename, passwd1, &fstamp, NULL); + if (pkey_sign != NULL) { readlink(filename, filename, sizeof(filename)); - if (pkey_sign == NULL) { - fprintf(stderr, "Sign key\n%s\n", - ERR_error_string(ERR_get_error(), - NULL)); - rval = -1; - } else { - fprintf(stderr, "Using sign key %s\n", - filename); - } - break; - } else { - pkey = pkey_host; + fprintf(stderr, "Using sign key %s\n", + filename); + } else if (pkey_host != NULL) { + pkey_sign = pkey_host; fprintf(stderr, "Using host key as sign key\n"); - break; } } /* - * If there is no new IFF file, look for an existing one. + * Create new encrypted GQ server keys file if requested; + * otherwise, look for an exisiting file. If found, fetch the + * public key for the certificate. */ - if (pkey_iff == NULL && rval == 0) { - sprintf(filename, "ntpkey_iff_%s", hostname); - if ((fstr = fopen(filename, "r")) != NULL) { - pkey_iff = PEM_read_PrivateKey(fstr, NULL, - NULL, passwd1); - fclose(fstr); + if (gqkey) + pkey_gqkey = gen_gqkey("gqkey"); + if (pkey_gqkey == NULL) { + sprintf(filename, "ntpkey_gqkey_%s", groupname); + pkey_gqkey = readkey(filename, passwd1, &fstamp, NULL); + if (pkey_gqkey != NULL) { readlink(filename, filename, sizeof(filename)); - if (pkey_iff == NULL) { - fprintf(stderr, "IFF parameters\n%s\n", - ERR_error_string(ERR_get_error(), - NULL)); - rval = -1; - } else { - fprintf(stderr, - "Using IFF parameters %s\n", - filename); - } + fprintf(stderr, "Using GQ parameters %s\n", + filename); } } + if (pkey_gqkey != NULL) + grpkey = BN_bn2hex(pkey_gqkey->pkey.rsa->q); /* - * If there is no new GQ file, look for an existing one. + * Write the nonencrypted GQ client parameters to the stdout + * stream. The parameter file is the server key file with the + * private key obscured. */ - if (pkey_gq == NULL && rval == 0 && !HAVE_OPT(ID_KEY)) { - sprintf(filename, "ntpkey_gq_%s", hostname); - if ((fstr = fopen(filename, "r")) != NULL) { - pkey_gq = PEM_read_PrivateKey(fstr, NULL, NULL, - passwd1); - fclose(fstr); - readlink(filename, filename, sizeof(filename)); - if (pkey_gq == NULL) { - fprintf(stderr, "GQ parameters\n%s\n", - ERR_error_string(ERR_get_error(), - NULL)); - rval = -1; - } else { - fprintf(stderr, - "Using GQ parameters %s\n", - filename); - } - } + if (pkey_gqkey != NULL && HAVE_OPT(ID_KEY)) { + RSA *rsa; + + epoch = fstamp - JAN_1970; + sprintf(filename, "ntpkey_gqpar_%s.%u", groupname, + fstamp); + fprintf(stderr, "Writing GQ parameters %s to stdout\n", + filename); + fprintf(stdout, "# %s\n# %s\n", filename, + ctime(&epoch)); + rsa = pkey_gqkey->pkey.rsa; + BN_copy(rsa->p, BN_value_one()); + BN_copy(rsa->q, BN_value_one()); + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(pkey, rsa); + PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, + NULL); + fclose(stdout); + if (debug) + RSA_print_fp(stderr, rsa, 0); } /* - * If there is a GQ parameter file, create GQ private/public - * keys and extract the public key for the certificate. + * Write the encrypted GQ server keys to the stdout stream. */ - if (pkey_gq != NULL && rval == 0) { - gen_gqkey("gq", pkey_gq); - grpkey = BN_bn2hex(pkey_gq->pkey.rsa->q); + if (pkey_gqkey != NULL && passwd2 != NULL) { + RSA *rsa; + + sprintf(filename, "ntpkey_gqkey_%s.%u", groupname, + fstamp); + fprintf(stderr, "Writing GQ keys %s to stdout\n", + filename); + fprintf(stdout, "# %s\n# %s\n", filename, + ctime(&epoch)); + rsa = pkey_gqkey->pkey.rsa; + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(pkey, rsa); + PEM_write_PrivateKey(stdout, pkey, + EVP_des_cbc(), NULL, 0, NULL, passwd2); + fclose(stdout); + if (debug) + RSA_print_fp(stderr, rsa, 0); } /* - * Generate a X509v3 certificate. + * Create new encrypted IFF server keys file if requested; + * otherwise, look for existing file. */ - while (scheme == NULL && rval == 0 && !HAVE_OPT(ID_KEY)) { - sprintf(filename, "ntpkey_cert_%s", hostname); - if ((fstr = fopen(filename, "r")) != NULL) { - cert = PEM_read_X509(fstr, NULL, NULL, NULL); - fclose(fstr); + if (iffkey) + pkey_iffkey = gen_iffkey("iffkey"); + if (pkey_iffkey == NULL) { + sprintf(filename, "ntpkey_iffkey_%s", groupname); + pkey_iffkey = readkey(filename, passwd1, &fstamp, NULL); + if (pkey_iffkey != NULL) { readlink(filename, filename, sizeof(filename)); - if (cert == NULL) { - fprintf(stderr, "Cert \n%s\n", - ERR_error_string(ERR_get_error(), - NULL)); - rval = -1; - } else { - nid = OBJ_obj2nid( - cert->cert_info->signature->algorithm); - scheme = OBJ_nid2sn(nid); - fprintf(stderr, - "Using scheme %s from %s\n", scheme, - filename); - break; - } - } - scheme = "RSA-MD5"; - } - if (pkey != NULL && rval == 0 && !HAVE_OPT(ID_KEY)) { - ectx = EVP_get_digestbyname(scheme); - if (ectx == NULL) { - fprintf(stderr, - "Invalid digest/signature combination %s\n", - scheme); - rval = -1; - } else { - x509(pkey, ectx, grpkey, exten); + fprintf(stderr, "Using IFF keys %s\n", + filename); } } /* - * Write the IFF client parameters and keys as a DSA private key - * encoded in PEM. Note the private key is obscured. + * Write the nonencrypted IFF client parameters to the stdout + * stream. The parameter file is the server key file with the + * private key obscured. */ - if (pkey_iff != NULL && rval == 0 && HAVE_OPT(ID_KEY)) { + if (pkey_iffkey != NULL && HAVE_OPT(ID_KEY)) { DSA *dsa; - char *sptr; - char *tld; - - sptr = strrchr(filename, '.'); - tld = malloc(strlen(sptr)); /* we have an extra byte ... */ - strcpy(tld, 1+sptr); /* ... see? */ - sprintf(filename, "ntpkey_IFFkey_%s.%s", trustname, - tld); - free(tld); - fprintf(stderr, "Writing new IFF key %s\n", filename); - fprintf(stdout, "# %s\n# %s", filename, ctime(&epoch)); - dsa = pkey_iff->pkey.dsa; + + epoch = fstamp - JAN_1970; + sprintf(filename, "ntpkey_iffpar_%s.%u", groupname, + fstamp); + fprintf(stderr, "Writing IFF parameters %s to stdout\n", + filename); + fprintf(stdout, "# %s\n# %s\n", filename, + ctime(&epoch)); + dsa = pkey_iffkey->pkey.dsa; BN_copy(dsa->priv_key, BN_value_one()); pkey = EVP_PKEY_new(); EVP_PKEY_assign_DSA(pkey, dsa); - PEM_write_PrivateKey(stdout, pkey, passwd2 ? - EVP_des_cbc() : NULL, NULL, 0, NULL, passwd2); + PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, + NULL); fclose(stdout); if (debug) - DSA_print_fp(stdout, dsa, 0); + DSA_print_fp(stderr, dsa, 0); } /* - * Return the marbles. - */ - if (grpkey != NULL) - OPENSSL_free(grpkey); - if (pkey_host != NULL) - EVP_PKEY_free(pkey_host); - if (pkey_sign != NULL) - EVP_PKEY_free(pkey_sign); - if (pkey_iff != NULL) - EVP_PKEY_free(pkey_iff); - if (pkey_gq != NULL) - EVP_PKEY_free(pkey_gq); - if (pkey_mv != NULL) - EVP_PKEY_free(pkey_mv); -#endif /* OPENSSL */ - return (rval); -} + * Write the encrypted IFF server keys to the stdout stream. + */ + if (pkey_iffkey != NULL && passwd2 != NULL) { + DSA *dsa; + epoch = fstamp - JAN_1970; + sprintf(filename, "ntpkey_iffkey_%s.%u", groupname, + fstamp); + fprintf(stderr, "Writing IFF keys %s to stdout\n", + filename); + fprintf(stdout, "# %s\n# %s\n", filename, + ctime(&epoch)); + dsa = pkey_iffkey->pkey.dsa; + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_DSA(pkey, dsa); + PEM_write_PrivateKey(stdout, pkey, EVP_des_cbc(), NULL, + 0, NULL, passwd2); + fclose(stdout); + if (debug) + DSA_print_fp(stderr, dsa, 0); + } -#if 0 -/* - * Generate random MD5 key with password. - */ -int -gen_md5( - char *id /* file name id */ - ) -{ - BIGNUM *key; - BIGNUM *keyid; - FILE *str; - u_char bin[16]; - - fprintf(stderr, "Generating MD5 keys...\n"); - str = fheader("MD5key", hostname); - keyid = BN_new(); key = BN_new(); - BN_rand(keyid, 16, -1, 0); - BN_rand(key, 128, -1, 0); - BN_bn2bin(key, bin); - PEM_write_fp(str, MD5, NULL, bin); - fclose(str); - fslink(id, hostname); - return (1); + /* + * Create new encrypted MV trusted-authority keys file if + * requested; otherwise, look for existing keys file. + */ + if (mvkey) + pkey_mvkey = gen_mvkey("mv", pkey_mvpar); + if (pkey_mvkey == NULL) { + sprintf(filename, "ntpkey_mvta_%s", groupname); + pkey_mvkey = readkey(filename, passwd1, &fstamp, + pkey_mvpar); + if (pkey_mvkey != NULL) { + readlink(filename, filename, sizeof(filename)); + fprintf(stderr, "Using MV keys %s\n", + filename); + } + } + + /* + * Write the nonencrypted MV client parameters to the stdout + * stream. For the moment, we always use the client parameters + * associated with client key 1. + */ + if (pkey_mvkey != NULL && HAVE_OPT(ID_KEY)) { + epoch = fstamp - JAN_1970; + sprintf(filename, "ntpkey_mvpar_%s.%u", groupname, + fstamp); + fprintf(stderr, "Writing MV parameters %s to stdout\n", + filename); + fprintf(stdout, "# %s\n# %s\n", filename, + ctime(&epoch)); + pkey = pkey_mvpar[2]; + PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, + NULL); + fclose(stdout); + if (debug) + DSA_print_fp(stderr, pkey->pkey.dsa, 0); + } + + /* + * Write the encrypted MV server keys to the stdout stream. + */ + if (pkey_mvkey != NULL && passwd2 != NULL) { + epoch = fstamp - JAN_1970; + sprintf(filename, "ntpkey_mvkey_%s.%u", groupname, + fstamp); + fprintf(stderr, "Writing MV keys %s to stdout\n", + filename); + fprintf(stdout, "# %s\n# %s\n", filename, + ctime(&epoch)); + pkey = pkey_mvpar[1]; + PEM_write_PrivateKey(stdout, pkey, EVP_des_cbc(), NULL, + 0, NULL, passwd2); + fclose(stdout); + if (debug) + DSA_print_fp(stderr, pkey->pkey.dsa, 0); + } + + /* + * Don't generate a certificate if no host keys or extracting + * encrypted or nonencrypted keys to the standard output stream. + */ + if (pkey_host == NULL || HAVE_OPT(ID_KEY) || passwd2 != NULL) + exit (0); + + /* + * Decode the digest/signature scheme. If trusted, set the + * subject and issuer names to the group name; if not set both + * to the host name. + */ + ectx = EVP_get_digestbyname(scheme); + if (ectx == NULL) { + fprintf(stderr, + "Invalid digest/signature combination %s\n", + scheme); + exit (-1); + } + if (exten == NULL) + x509(pkey_sign, ectx, grpkey, exten, hostname); + else + x509(pkey_sign, ectx, grpkey, exten, groupname); +#endif /* OPENSSL */ + exit (0); } -#else /* - * Generate semi-random MD5 keys compatible with NTPv3 and NTPv4 + * Generate semi-random MD5 keys compatible with NTPv3 and NTPv4. Also, + * if OpenSSL is around, generate random SHA1 keys compatible with + * symmetric key cryptography. */ int gen_md5( char *id /* file name id */ ) { - u_char md5key[16]; /* MD5 key */ + u_char md5key[MD5SIZE + 1]; /* MD5 key */ FILE *str; - u_int temp = 0; /* Initialize to prevent warnings during compile */ int i, j; +#ifdef OPENSSL + u_char keystr[MD5SIZE]; + u_char hexstr[2 * MD5SIZE + 1]; + u_char hex[] = "0123456789abcdef"; +#endif /* OPENSSL */ - fprintf(stderr, "Generating MD5 keys...\n"); - str = fheader("MD5key", hostname); - ntp_srandom(epoch); + str = fheader("MD5key", id, groupname); + ntp_srandom((u_long)epoch); for (i = 1; i <= MD5KEYS; i++) { - for (j = 0; j < 16; j++) { + for (j = 0; j < MD5SIZE; j++) { + int temp; + while (1) { temp = ntp_random() & 0xff; if (temp == '#') continue; + if (temp > 0x20 && temp < 0x7f) break; } md5key[j] = (u_char)temp; } - md5key[15] = '\0'; - fprintf(str, "%2d MD5 %16s # MD5 key\n", i, + md5key[j] = '\0'; + fprintf(str, "%2d MD5 %s # MD5 key\n", i, md5key); } +#ifdef OPENSSL + for (i = 1; i <= MD5KEYS; i++) { + RAND_bytes(keystr, 20); + for (j = 0; j < MD5SIZE; j++) { + hexstr[2 * j] = hex[keystr[j] >> 4]; + hexstr[2 * j + 1] = hex[keystr[j] & 0xf]; + } + hexstr[2 * MD5SIZE] = '\0'; + fprintf(str, "%2d SHA1 %s # SHA1 key\n", i + MD5KEYS, + hexstr); + } +#endif /* OPENSSL */ fclose(str); - fslink(id, hostname); return (1); } -#endif /* OPENSSL */ #ifdef OPENSSL /* + * readkey - load cryptographic parameters and keys + * + * This routine loads a PEM-encoded file of given name and password and + * extracts the filestamp from the file name. It returns a pointer to + * the first key if valid, NULL if not. + */ +EVP_PKEY * /* public/private key pair */ +readkey( + char *cp, /* file name */ + char *passwd, /* password */ + u_int *estamp, /* file stamp */ + EVP_PKEY **evpars /* parameter list pointer */ + ) +{ + FILE *str; /* file handle */ + EVP_PKEY *pkey = NULL; /* public/private key */ + u_int gstamp; /* filestamp */ + char linkname[MAXFILENAME]; /* filestamp buffer) */ + EVP_PKEY *parkey; + char *ptr; + int i; + + /* + * Open the key file. + */ + str = fopen(cp, "r"); + if (str == NULL) + return (NULL); + + /* + * Read the filestamp, which is contained in the first line. + */ + if ((ptr = fgets(linkname, MAXFILENAME, str)) == NULL) { + fprintf(stderr, "Empty key file %s\n", cp); + fclose(str); + return (NULL); + } + if ((ptr = strrchr(ptr, '.')) == NULL) { + fprintf(stderr, "No filestamp found in %s\n", cp); + fclose(str); + return (NULL); + } + if (sscanf(++ptr, "%u", &gstamp) != 1) { + fprintf(stderr, "Invalid filestamp found in %s\n", cp); + fclose(str); + return (NULL); + } + + /* + * Read and decrypt PEM-encoded private keys. The first one + * found is returned. If others are expected, add them to the + * parameter list. + */ + for (i = 0; i <= MVMAX - 1;) { + parkey = PEM_read_PrivateKey(str, NULL, NULL, passwd); + if (evpars != NULL) { + evpars[i++] = parkey; + evpars[i] = NULL; + } + if (parkey == NULL) + break; + + if (pkey == NULL) + pkey = parkey; + if (debug) { + if (parkey->type == EVP_PKEY_DSA) + DSA_print_fp(stderr, parkey->pkey.dsa, + 0); + else if (parkey->type == EVP_PKEY_RSA) + RSA_print_fp(stderr, parkey->pkey.rsa, + 0); + } + } + fclose(str); + if (pkey == NULL) { + fprintf(stderr, "Corrupt file %s or wrong key %s\n%s\n", + cp, passwd, ERR_error_string(ERR_get_error(), + NULL)); + exit (-1); + } + *estamp = gstamp; + return (pkey); +} + + +/* * Generate RSA public/private key pair */ EVP_PKEY * /* public/private key pair */ @@ -680,7 +862,6 @@ gen_rsa( if (rsa == NULL) { fprintf(stderr, "RSA generate keys fails\n%s\n", ERR_error_string(ERR_get_error(), NULL)); - rval = -1; return (NULL); } @@ -694,7 +875,6 @@ gen_rsa( fprintf(stderr, "Invalid RSA key\n%s\n", ERR_error_string(ERR_get_error(), NULL)); RSA_free(rsa); - rval = -1; return (NULL); } @@ -702,15 +882,17 @@ gen_rsa( * Write the RSA parameters and keys as a RSA private key * encoded in PEM. */ - str = fheader("RSAkey", hostname); + if (strcmp(id, "sign") == 0) + str = fheader("RSAsign", id, hostname); + else + str = fheader("RSAhost", id, hostname); pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, rsa); - PEM_write_PrivateKey(str, pkey, passwd2 ? EVP_des_cbc() : NULL, - NULL, 0, NULL, passwd2); + PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL, + passwd1); fclose(str); if (debug) - RSA_print_fp(stdout, rsa, 0); - fslink(id, hostname); + RSA_print_fp(stderr, rsa, 0); return (pkey); } @@ -740,7 +922,6 @@ gen_dsa( if (dsa == NULL) { fprintf(stderr, "DSA generate parameters fails\n%s\n", ERR_error_string(ERR_get_error(), NULL)); - rval = -1; return (NULL); } @@ -752,7 +933,6 @@ gen_dsa( fprintf(stderr, "DSA generate keys fails\n%s\n", ERR_error_string(ERR_get_error(), NULL)); DSA_free(dsa); - rval = -1; return (NULL); } @@ -760,45 +940,70 @@ gen_dsa( * Write the DSA parameters and keys as a DSA private key * encoded in PEM. */ - str = fheader("DSAkey", hostname); + str = fheader("DSAsign", id, hostname); pkey = EVP_PKEY_new(); EVP_PKEY_assign_DSA(pkey, dsa); - PEM_write_PrivateKey(str, pkey, passwd2 ? EVP_des_cbc() : NULL, - NULL, 0, NULL, passwd2); + PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL, + passwd1); fclose(str); if (debug) - DSA_print_fp(stdout, dsa, 0); - fslink(id, hostname); + DSA_print_fp(stderr, dsa, 0); return (pkey); } /* - * Generate Schnorr (IFF) parameters and keys + *********************************************************************** + * * + * The following routines implement the Schnorr (IFF) identity scheme * + * * + *********************************************************************** * - * The Schnorr (IFF)identity scheme is intended for use when + * The Schnorr (IFF) identity scheme is intended for use when * certificates are generated by some other trusted certificate - * authority and the parameters cannot be conveyed in the certificate - * itself. For this purpose, new generations of IFF values must be - * securely transmitted to all members of the group before use. There - * are two kinds of files: server/client files that include private and - * public parameters and client files that include only public - * parameters. The scheme is self contained and independent of new - * generations of host keys, sign keys and certificates. + * authority and the certificate cannot be used to convey public + * parameters. There are two kinds of files: encrypted server files that + * contain private and public values and nonencrypted client files that + * contain only public values. New generations of server files must be + * securely transmitted to all servers of the group; client files can be + * distributed by any means. The scheme is self contained and + * independent of new generations of host keys, sign keys and + * certificates. * * The IFF values hide in a DSA cuckoo structure which uses the same * parameters. The values are used by an identity scheme based on DSA * cryptography and described in Stimson p. 285. The p is a 512-bit * prime, g a generator of Zp* and q a 160-bit prime that divides p - 1 * and is a qth root of 1 mod p; that is, g^q = 1 mod p. The TA rolls a - * private random group key b (0 < b < q), then computes public - * v = g^(q - a). All values except the group key are known to all group - * members; the group key is known to the group servers, but not the - * group clients. Alice challenges Bob to confirm identity using the - * protocol described below. + * private random group key b (0 < b < q) and public key v = g^b, then + * sends (p, q, g, b) to the servers and (p, q, g, v) to the clients. + * Alice challenges Bob to confirm identity using the protocol described + * below. + * + * How it works + * + * The scheme goes like this. Both Alice and Bob have the public primes + * p, q and generator g. The TA gives private key b to Bob and public + * key v to Alice. + * + * Alice rolls new random challenge r (o < r < q) and sends to Bob in + * the IFF request message. Bob rolls new random k (0 < k < q), then + * computes y = k + b r mod q and x = g^k mod p and sends (y, hash(x)) + * to Alice in the response message. Besides making the response + * shorter, the hash makes it effectivey impossible for an intruder to + * solve for b by observing a number of these messages. + * + * Alice receives the response and computes g^y v^r mod p. After a bit + * of algebra, this simplifies to g^k. If the hash of this result + * matches hash(x), Alice knows that Bob has the group key b. The signed + * response binds this knowledge to Bob's private key and the public key + * previously received in his certificate. + */ +/* + * Generate Schnorr (IFF) keys. */ EVP_PKEY * /* DSA cuckoo nest */ -gen_iff( +gen_iffkey( char *id /* file name id */ ) { @@ -813,24 +1018,23 @@ gen_iff( /* * Generate DSA parameters for use as IFF parameters. */ - fprintf(stderr, "Generating IFF parameters (%d bits)...\n", - modulus); + fprintf(stderr, "Generating IFF keys (%d bits)...\n", + modulus2); RAND_bytes(seed, sizeof(seed)); - dsa = DSA_generate_parameters(modulus, seed, sizeof(seed), NULL, + dsa = DSA_generate_parameters(modulus2, seed, sizeof(seed), NULL, NULL, cb, "IFF"); fprintf(stderr, "\n"); if (dsa == NULL) { fprintf(stderr, "DSA generate parameters fails\n%s\n", ERR_error_string(ERR_get_error(), NULL)); - rval = -1; return (NULL);; } /* * Generate the private and public keys. The DSA parameters and - * these keys are distributed to all members of the group. + * private key are distributed to the servers, while all except + * the private key are distributed to the clients. */ - fprintf(stderr, "Generating IFF keys (%d bits)...\n", modulus); b = BN_new(); r = BN_new(); k = BN_new(); u = BN_new(); v = BN_new(); w = BN_new(); ctx = BN_CTX_new(); BN_rand(b, BN_num_bits(dsa->q), -1, 0); /* a */ @@ -846,7 +1050,6 @@ gen_iff( if (!temp) { BN_free(b); BN_free(r); BN_free(k); BN_free(u); BN_free(v); BN_free(w); BN_CTX_free(ctx); - rval = -1; return (NULL); } dsa->priv_key = BN_dup(b); /* private key */ @@ -854,16 +1057,16 @@ gen_iff( /* * Here is a trial round of the protocol. First, Alice rolls - * random r (0 < r < q) and sends it to Bob. She needs only - * modulus q. + * random nonce r mod q and sends it to Bob. She needs only + * q from parameters. */ BN_rand(r, BN_num_bits(dsa->q), -1, 0); /* r */ BN_mod(r, r, dsa->q, ctx); /* - * Bob rolls random k (0 < k < q), computes y = k + b r mod q + * Bob rolls random nonce k mod q, computes y = k + b r mod q * and x = g^k mod p, then sends (y, x) to Alice. He needs - * moduli p, q and the group key b. + * p, q and b from parameters and r from Alice. */ BN_rand(k, BN_num_bits(dsa->q), -1, 0); /* k, 0 < k < q */ BN_mod(k, k, dsa->q, ctx); @@ -873,9 +1076,10 @@ gen_iff( BN_mod_exp(u, dsa->g, k, dsa->p, ctx); /* x = g^k mod p */ /* - * Alice computes g^y v^r and verifies the result is equal to x. - * She needs modulus p, generator g, and the public key v, as - * well as her original r. + * Alice verifies x = g^y v^r to confirm that Bob has group key + * b. She needs p, q, g from parameters, (y, x) from Bob and the + * original r. We omit the detail here thatt only the hash of y + * is sent. */ BN_mod_exp(v, dsa->g, v, dsa->p, ctx); /* g^y mod p */ BN_mod_exp(w, dsa->pub_key, r, dsa->p, ctx); /* v^r */ @@ -888,42 +1092,52 @@ gen_iff( BN_free(u); BN_free(v); BN_free(w); BN_CTX_free(ctx); if (temp != 0) { DSA_free(dsa); - rval = -1; return (NULL); } /* - * Write the IFF server parameters and keys as a DSA private key - * encoded in PEM. + * Write the IFF keys as an encrypted DSA private key encoded in + * PEM. * * p modulus p * q modulus q * g generator g * priv_key b * public_key v + * kinv not used + * r not used */ - str = fheader("IFFpar", trustname); + str = fheader("IFFkey", id, groupname); pkey = EVP_PKEY_new(); EVP_PKEY_assign_DSA(pkey, dsa); - PEM_write_PrivateKey(str, pkey, passwd2 ? EVP_des_cbc() : NULL, - NULL, 0, NULL, passwd2); + PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL, + passwd1); fclose(str); if (debug) - DSA_print_fp(stdout, dsa, 0); - fslink(id, trustname); + DSA_print_fp(stderr, dsa, 0); return (pkey); } /* - * Generate Guillou-Quisquater (GQ) parameters and keys + *********************************************************************** + * * + * The following routines implement the Guillou-Quisquater (GQ) * + * identity scheme * + * * + *********************************************************************** * * The Guillou-Quisquater (GQ) identity scheme is intended for use when - * the parameters, keys and certificates are generated by this program. - * The scheme uses a certificate extension field do convey the public - * key of a particular group identified by a group key known only to - * members of the group. The scheme is self contained and independent of - * new generations of host keys and sign keys. + * the certificate can be used to convey public parameters. The scheme + * uses a X509v3 certificate extension field do convey the public key of + * a private key known only to servers. There are two kinds of files: + * encrypted server files that contain private and public values and + * nonencrypted client files that contain only public values. New + * generations of server files must be securely transmitted to all + * servers of the group; client files can be distributed by any means. + * The scheme is self contained and independent of new generations of + * host keys and sign keys. The scheme is self contained and independent + * of new generations of host keys and sign keys. * * The GQ parameters hide in a RSA cuckoo structure which uses the same * parameters. The values are used by an identity scheme based on RSA @@ -932,105 +1146,81 @@ gen_iff( * The TA rolls private random group key b as RSA exponent. These values * are known to all group members. * - * When rolling new certificates, a member recomputes the private and + * When rolling new certificates, a server recomputes the private and * public keys. The private key u is a random roll, while the public key * is the inverse obscured by the group key v = (u^-1)^b. These values * replace the private and public keys normally generated by the RSA * scheme. Alice challenges Bob to confirm identity using the protocol * described below. + * + * How it works + * + * The scheme goes like this. Both Alice and Bob have the same modulus n + * and some random b as the group key. These values are computed and + * distributed in advance via secret means, although only the group key + * b is truly secret. Each has a private random private key u and public + * key (u^-1)^b, although not necessarily the same ones. Bob and Alice + * can regenerate the key pair from time to time without affecting + * operations. The public key is conveyed on the certificate in an + * extension field; the private key is never revealed. + * + * Alice rolls new random challenge r and sends to Bob in the GQ + * request message. Bob rolls new random k, then computes y = k u^r mod + * n and x = k^b mod n and sends (y, hash(x)) to Alice in the response + * message. Besides making the response shorter, the hash makes it + * effectivey impossible for an intruder to solve for b by observing + * a number of these messages. + * + * Alice receives the response and computes y^b v^r mod n. After a bit + * of algebra, this simplifies to k^b. If the hash of this result + * matches hash(x), Alice knows that Bob has the group key b. The signed + * response binds this knowledge to Bob's private key and the public key + * previously received in his certificate. + */ +/* + * Generate Guillou-Quisquater (GQ) parameters file. */ EVP_PKEY * /* RSA cuckoo nest */ -gen_gqpar( +gen_gqkey( char *id /* file name id */ ) { EVP_PKEY *pkey; /* private key */ - RSA *rsa; /* GQ parameters */ + RSA *rsa; /* RSA parameters */ BN_CTX *ctx; /* BN working space */ + BIGNUM *u, *v, *g, *k, *r, *y; /* BN temps */ FILE *str; + u_int temp; /* * Generate RSA parameters for use as GQ parameters. */ fprintf(stderr, - "Generating GQ parameters (%d bits)...\n", modulus); - rsa = RSA_generate_key(modulus, 3, cb, "GQ"); + "Generating GQ parameters (%d bits)...\n", + modulus2); + rsa = RSA_generate_key(modulus2, 3, cb, "GQ"); fprintf(stderr, "\n"); if (rsa == NULL) { fprintf(stderr, "RSA generate keys fails\n%s\n", ERR_error_string(ERR_get_error(), NULL)); - rval = -1; return (NULL); } + ctx = BN_CTX_new(); u = BN_new(); v = BN_new(); + g = BN_new(); k = BN_new(); r = BN_new(); y = BN_new(); /* * Generate the group key b, which is saved in the e member of - * the RSA structure. These values are distributed to all - * members of the group, but shielded from all other groups. We - * don't use all the parameters, but set the unused ones to a - * small number to minimize the file size. + * the RSA structure. The group key is transmitted to each group + * member encrypted by the member private key. */ ctx = BN_CTX_new(); BN_rand(rsa->e, BN_num_bits(rsa->n), -1, 0); /* b */ BN_mod(rsa->e, rsa->e, rsa->n, ctx); - BN_copy(rsa->d, BN_value_one()); - BN_copy(rsa->p, BN_value_one()); - BN_copy(rsa->q, BN_value_one()); - BN_copy(rsa->dmp1, BN_value_one()); - BN_copy(rsa->dmq1, BN_value_one()); - BN_copy(rsa->iqmp, BN_value_one()); - - /* - * Write the GQ parameters as a RSA private key encoded in PEM. - * The public and private keys are filled in later. - * - * n modulus n - * e group key b - * (remaining values are not used) - */ - str = fheader("GQpar", trustname); - pkey = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(pkey, rsa); - PEM_write_PrivateKey(str, pkey, passwd2 ? EVP_des_cbc() : NULL, - NULL, 0, NULL, passwd2); - fclose(str); - if (debug) - RSA_print_fp(stdout, rsa, 0); - fslink(id, trustname); - return (pkey); -} - - -/* - * Update Guillou-Quisquater (GQ) parameters - */ -EVP_PKEY * /* RSA cuckoo nest */ -gen_gqkey( - char *id, /* file name id */ - EVP_PKEY *gqpar /* GQ parameters */ - ) -{ - EVP_PKEY *pkey; /* private key */ - RSA *rsa; /* RSA parameters */ - BN_CTX *ctx; /* BN working space */ - BIGNUM *u, *v, *g, *k, *r, *y; /* BN temps */ - FILE *str; - u_int temp; - - /* - * Generate GQ keys. Note that the group key b is the e member - * of - * the GQ parameters. - */ - fprintf(stderr, "Updating GQ keys (%d bits)...\n", modulus); - ctx = BN_CTX_new(); u = BN_new(); v = BN_new(); - g = BN_new(); k = BN_new(); r = BN_new(); y = BN_new(); /* * When generating his certificate, Bob rolls random private key - * u. + * u, then computes inverse v = u^-1. */ - rsa = gqpar->pkey.rsa; BN_rand(u, BN_num_bits(rsa->n), -1, 0); /* u */ BN_mod(u, u, rsa->n, ctx); BN_mod_inverse(v, u, rsa->n, ctx); /* u^-1 mod n */ @@ -1053,7 +1243,6 @@ gen_gqkey( BN_free(g); BN_free(k); BN_free(r); BN_free(y); BN_CTX_free(ctx); RSA_free(rsa); - rval = -1; return (NULL); } BN_copy(rsa->p, u); /* private key */ @@ -1061,28 +1250,29 @@ gen_gqkey( /* * Here is a trial run of the protocol. First, Alice rolls - * random r (0 < r < n) and sends it to Bob. She needs only - * modulus n from the parameters. + * random nonce r mod n and sends it to Bob. She needs only n + * from parameters. */ BN_rand(r, BN_num_bits(rsa->n), -1, 0); /* r */ BN_mod(r, r, rsa->n, ctx); /* - * Bob rolls random k (0 < k < n), computes y = k u^r mod n and - * g = k^b mod n, then sends (y, g) to Alice. He needs modulus n - * from the parameters and his private key u. + * Bob rolls random nonce k mod n, computes y = k u^r mod n and + * g = k^b mod n, then sends (y, g) to Alice. He needs n, u, b + * from parameters and r from Alice. */ BN_rand(k, BN_num_bits(rsa->n), -1, 0); /* k */ BN_mod(k, k, rsa->n, ctx); BN_mod_exp(y, rsa->p, r, rsa->n, ctx); /* u^r mod n */ BN_mod_mul(y, k, y, rsa->n, ctx); /* y = k u^r mod n */ - BN_mod_exp(g, k, rsa->e, rsa->n, ctx); /* g = k^b mod n */ + BN_mod_exp(g, k, rsa->e, rsa->n, ctx); /* g = k^b mod n */ /* - * Alice computes v^r y^b mod n and verifies the result is equal - * to g. She needs modulus n, generator g and group key b from - * the parameters and Bob's public key v = (u^-1)^b from his - * certificate. + * Alice verifies g = v^r y^b mod n to confirm that Bob has + * private key u. She needs n, g from parameters, public key v = + * (u^-1)^b from the certificate, (y, g) from Bob and the + * original r. We omit the detaul here that only the hash of g + * is sent. */ BN_mod_exp(v, rsa->q, r, rsa->n, ctx); /* v^r mod n */ BN_mod_exp(y, y, rsa->e, rsa->n, ctx); /* y^b mod n */ @@ -1094,43 +1284,53 @@ gen_gqkey( BN_free(g); BN_free(k); BN_free(r); BN_free(y); if (temp != 0) { RSA_free(rsa); - rval = -1; return (NULL); } /* - * Write the GQ parameters and keys as a RSA private key encoded - * in PEM. + * Write the GQ parameter file as an encrypted RSA private key + * encoded in PEM. * * n modulus n * e group key b + * d not used * p private key u * q public key (u^-1)^b - * (remaining values are not used) + * dmp1 not used + * dmq1 not used + * iqmp not used */ - str = fheader("GQpar", trustname); + BN_copy(rsa->d, BN_value_one()); + BN_copy(rsa->dmp1, BN_value_one()); + BN_copy(rsa->dmq1, BN_value_one()); + BN_copy(rsa->iqmp, BN_value_one()); + str = fheader("GQkey", id, groupname); pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, rsa); - PEM_write_PrivateKey(str, pkey, passwd2 ? EVP_des_cbc() : NULL, - NULL, 0, NULL, passwd2); + PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL, + passwd1); fclose(str); if (debug) - RSA_print_fp(stdout, rsa, 0); - fslink(id, trustname); + RSA_print_fp(stderr, rsa, 0); return (pkey); } /* - * Generate Mu-Varadharajan (MV) parameters and keys + *********************************************************************** + * * + * The following routines implement the Mu-Varadharajan (MV) identity * + * scheme * + * * + *********************************************************************** * - * The Mu-Varadharajan (MV) cryptosystem is useful when servers - * broadcast messages to clients, but clients never send messages to - * servers. There is one encryption key for the server and a separate - * decryption key for each client. It operates something like a + * The Mu-Varadharajan (MV) cryptosystem was originally intended when + * servers broadcast messages to clients, but clients never send + * messages to servers. There is one encryption key for the server and a + * separate decryption key for each client. It operated something like a * pay-per-view satellite broadcasting system where the session key is * encrypted by the broadcaster and the decryption keys are held in a - * tamperproof set-top box. We don't use it this way, but read on. + * tamperproof set-top box. * * The MV parameters and private encryption key hide in a DSA cuckoo * structure which uses the same parameters, but generated in a @@ -1140,18 +1340,16 @@ gen_gqkey( * Varadharajan: Robust and Secure Broadcasting, Proc. Indocrypt 2001, * 223-231. The paper has significant errors and serious omissions. * - * Let q be the product of n distinct primes s'[j] (j = 1...n), where - * each s'[j] has m significant bits. Let p be a prime p = 2 * q + 1, so - * that q and each s'[j] divide p - 1 and p has M = n * m + 1 + * Let q be the product of n distinct primes s1[j] (j = 1...n), where + * each s1[j] has m significant bits. Let p be a prime p = 2 * q + 1, so + * that q and each s1[j] divide p - 1 and p has M = n * m + 1 * significant bits. Let g be a generator of Zp; that is, gcd(g, p - 1) * = 1 and g^q = 1 mod p. We do modular arithmetic over Zq and then * project into Zp* as exponents of g. Sometimes we have to compute an * inverse b^-1 of random b in Zq, but for that purpose we require * gcd(b, q) = 1. We expect M to be in the 500-bit range and n - * relatively small, like 30. Associated with each s'[j] is an element - * s[j] such that s[j] s'[j] = s'[j] mod q. We find s[j] as the quotient - * (q + s'[j]) / s'[j]. These are the parameters of the scheme and they - * are expensive to compute. + * relatively small, like 30. These are the parameters of the scheme and + * they are expensive to compute. * * We set up an instance of the scheme as follows. A set of random * values x[j] mod q (j = 1...n), are generated as the zeros of a @@ -1162,37 +1360,52 @@ gen_gqkey( * pairs (xbar[j], xhat[j]) (j = 1...n) of private client keys are used * to construct the decryption keys. The devil is in the details. * - * This routine generates a private encryption file including the - * private encryption key E and public key (gbar, ghat). It then - * generates decryption files including the private key (xbar[j], - * xhat[j]) for each client. E is a permutation that encrypts a block - * y = E x. The jth client computes the inverse permutation E^-1 = - * gbar^xhat[j] ghat^xbar[j] and decrypts the block x = E^-1 y. + * This routine generates a private server encryption file including the + * private encryption key E and partial decryption keys gbar and ghat. + * It then generates public client decryption files including the public + * keys xbar[j] and xhat[j] for each client j. The partial decryption + * files are used to compute the inverse of E. These values are suitably + * blinded so secrets are not revealed. * * The distinguishing characteristic of this scheme is the capability to * revoke keys. Included in the calculation of E, gbar and ghat is the - * product s = prod(s'[j]) (j = 1...n) above. If the factor s'[j] is + * product s = prod(s1[j]) (j = 1...n) above. If the factor s1[j] is * subsequently removed from the product and E, gbar and ghat * recomputed, the jth client will no longer be able to compute E^-1 and - * thus unable to decrypt the block. + * thus unable to decrypt the messageblock. + * + * How it works + * + * The scheme goes like this. Bob has the server values (p, E, q, gbar, + * ghat) and Alice has the client values (p, xbar, xhat). + * + * Alice rolls new random nonce r mod p and sends to Bob in the MV + * request message. Bob rolls random nonce k mod q, encrypts y = r E^k + * mod p and sends (y, gbar^k, ghat^k) to Alice. + * + * Alice receives the response and computes the inverse (E^k)^-1 from + * the partial decryption keys gbar^k, ghat^k, xbar and xhat. She then + * decrypts y and verifies it matches the original r. The signed + * response binds this knowledge to Bob's private key and the public key + * previously received in his certificate. */ EVP_PKEY * /* DSA cuckoo nest */ -gen_mv( - char *id /* file name id */ +gen_mvkey( + char *id, /* file name id */ + EVP_PKEY **evpars /* parameter list pointer */ ) { - EVP_PKEY *pkey, *pkey1; /* private key */ - DSA *dsa; /* DSA parameters */ - DSA *sdsa; /* DSA parameters */ + EVP_PKEY *pkey, *pkey1; /* private keys */ + DSA *dsa, *dsa2, *sdsa; /* DSA parameters */ BN_CTX *ctx; /* BN working space */ - BIGNUM **x; /* polynomial zeros vector */ - BIGNUM **a; /* polynomial coefficient vector */ - BIGNUM **g; /* public key vector */ - BIGNUM **s, **s1; /* private enabling keys */ - BIGNUM **xbar, **xhat; /* private keys vector */ + BIGNUM *a[MVMAX]; /* polynomial coefficient vector */ + BIGNUM *g[MVMAX]; /* public key vector */ + BIGNUM *s1[MVMAX]; /* private enabling keys */ + BIGNUM *x[MVMAX]; /* polynomial zeros vector */ + BIGNUM *xbar[MVMAX], *xhat[MVMAX]; /* private keys vector */ BIGNUM *b; /* group key */ BIGNUM *b1; /* inverse group key */ - BIGNUM *ss; /* enabling key */ + BIGNUM *s; /* enabling key */ BIGNUM *biga; /* master encryption key */ BIGNUM *bige; /* session encryption key */ BIGNUM *gbar, *ghat; /* public key */ @@ -1200,39 +1413,34 @@ gen_mv( int i, j, n; FILE *str; u_int temp; - char ident[20]; /* * Generate MV parameters. * * The object is to generate a multiplicative group Zp* modulo a * prime p and a subset Zq mod q, where q is the product of n - * distinct primes s'[j] (j = 1...n) and q divides p - 1. We - * first generate n distinct primes, which may have to be - * regenerated later. As a practical matter, it is tough to find - * more than 31 distinct primes for modulus 512 or 61 primes for - * modulus 1024. The latter can take several hundred iterations + * distinct primes s1[j] (j = 1...n) and q divides p - 1. We + * first generate n m-bit primes, where the product n m is in + * the order of 512 bits. One or more of these may have to be + * replaced later. As a practical matter, it is tough to find + * more than 31 distinct primes for 512 bits or 61 primes for + * 1024 bits. The latter can take several hundred iterations * and several minutes on a Sun Blade 1000. */ n = nkeys; fprintf(stderr, "Generating MV parameters for %d keys (%d bits)...\n", n, - modulus / n); + modulus2 / n); ctx = BN_CTX_new(); u = BN_new(); v = BN_new(); w = BN_new(); b = BN_new(); b1 = BN_new(); dsa = DSA_new(); - dsa->p = BN_new(); - dsa->q = BN_new(); - dsa->g = BN_new(); - s = malloc((n + 1) * sizeof(BIGNUM)); - s1 = malloc((n + 1) * sizeof(BIGNUM)); - for (j = 1; j <= n; j++) - s1[j] = BN_new(); + dsa->p = BN_new(); dsa->q = BN_new(); dsa->g = BN_new(); + dsa->priv_key = BN_new(); dsa->pub_key = BN_new(); temp = 0; for (j = 1; j <= n; j++) { + s1[j] = BN_new(); while (1) { - fprintf(stderr, "Birthdays %d\r", temp); - BN_generate_prime(s1[j], modulus / n, 0, NULL, + BN_generate_prime(s1[j], modulus2 / n, 0, NULL, NULL, NULL, NULL); for (i = 1; i < j; i++) { if (BN_cmp(s1[i], s1[j]) == 0) @@ -1243,14 +1451,14 @@ gen_mv( temp++; } } - fprintf(stderr, "Birthday keys rejected %d\n", temp); + fprintf(stderr, "Birthday keys regenerated %d\n", temp); /* * Compute the modulus q as the product of the primes. Compute * the modulus p as 2 * q + 1 and test p for primality. If p * is composite, replace one of the primes with a new distinct * one and try again. Note that q will hardly be a secret since - * we have to reveal p to servers and clients. However, + * we have to reveal p to servers, but not clients. However, * factoring q to find the primes should be adequately hard, as * this is the same problem considered hard in RSA. Question: is * it as hard to find n small prime factors totalling n bits as @@ -1259,7 +1467,6 @@ gen_mv( */ temp = 0; while (1) { - fprintf(stderr, "Duplicate keys rejected %d\r", ++temp); BN_one(dsa->q); for (j = 1; j <= n; j++) BN_mul(dsa->q, dsa->q, s1[j], ctx); @@ -1270,9 +1477,10 @@ gen_mv( NULL)) break; + temp++; j = temp % n + 1; while (1) { - BN_generate_prime(u, modulus / n, 0, 0, NULL, + BN_generate_prime(u, modulus2 / n, 0, 0, NULL, NULL, NULL); for (i = 1; i <= n; i++) { if (BN_cmp(u, s1[i]) == 0) @@ -1283,12 +1491,12 @@ gen_mv( } BN_copy(s1[j], u); } - fprintf(stderr, "Duplicate keys rejected %d\n", temp); + fprintf(stderr, "Defective keys regenerated %d\n", temp); /* * Compute the generator g using a random roll such that * gcd(g, p - 1) = 1 and g^q = 1. This is a generator of p, not - * q. + * q. This may take several iterations. */ BN_copy(v, dsa->p); BN_sub_word(v, 1); @@ -1305,29 +1513,17 @@ gen_mv( } /* - * Compute s[j] such that s[j] * s'[j] = s'[j] for all j. The - * easy way to do this is to compute q + s'[j] and divide the - * result by s'[j]. Exercise for the student: prove the - * remainder is always zero. - */ - for (j = 1; j <= n; j++) { - s[j] = BN_new(); - BN_add(s[j], dsa->q, s1[j]); - BN_div(s[j], u, s[j], s1[j], ctx); - } - - /* * Setup is now complete. Roll random polynomial roots x[j] - * (0 < x[j] < q) for all j. While it may not be strictly + * (j = 1...n) for all j. While it may not be strictly * necessary, Make sure each root has no factors in common with * q. */ fprintf(stderr, "Generating polynomial coefficients for %d roots (%d bits)\n", n, BN_num_bits(dsa->q)); - x = malloc((n + 1) * sizeof(BIGNUM)); for (j = 1; j <= n; j++) { x[j] = BN_new(); + while (1) { BN_rand(x[j], BN_num_bits(dsa->q), 0, 0); BN_mod(x[j], x[j], dsa->q, ctx); @@ -1342,9 +1538,9 @@ gen_mv( * expansion of root products (x - x[j]) mod q for all j. The * method is a present from Charlie Boncelet. */ - a = malloc((n + 1) * sizeof(BIGNUM)); for (i = 0; i <= n; i++) { a[i] = BN_new(); + BN_one(a[i]); } for (j = 1; j <= n; j++) { @@ -1362,18 +1558,17 @@ gen_mv( /* * Generate g[i] = g^a[i] mod p for all i and the generator g. */ - fprintf(stderr, "Generating g[i] parameters\n"); - g = malloc((n + 1) * sizeof(BIGNUM)); for (i = 0; i <= n; i++) { g[i] = BN_new(); + BN_mod_exp(g[i], dsa->g, a[i], dsa->p, ctx); } /* - * Verify prod(g[i]^(a[i] x[j]^i)) = 1 for all i, j; otherwise, - * exit. Note the a[i] x[j]^i exponent is computed mod q, but - * the g[i] is computed mod p. also note the expression given in - * the paper is incorrect. + * Verify prod(g[i]^(a[i] x[j]^i)) = 1 for all i, j. Note the + * a[i] x[j]^i exponent is computed mod q, but the g[i] is + * computed mod p. also note the expression given in the paper + * is incorrect. */ temp = 1; for (j = 1; j <= n; j++) { @@ -1392,7 +1587,6 @@ gen_mv( "Confirm prod(g[i]^(x[j]^i)) = 1 for all i, j: %s\n", temp ? "yes" : "no"); if (!temp) { - rval = -1; return (NULL); } @@ -1401,6 +1595,7 @@ gen_mv( * since it is expensive to compute. */ biga = BN_new(); + BN_one(biga); for (j = 1; j <= n; j++) { for (i = 0; i < n; i++) { @@ -1413,7 +1608,7 @@ gen_mv( /* * Roll private random group key b mod q (0 < b < q), where - * gcd(b, q) = 1 to guarantee b^1 exists, then compute b^-1 + * gcd(b, q) = 1 to guarantee b^-1 exists, then compute b^-1 * mod q. If b is changed, the client keys must be recomputed. */ while (1) { @@ -1427,14 +1622,18 @@ gen_mv( /* * Make private client keys (xbar[j], xhat[j]) for all j. Note - * that the keys for the jth client involve s[j], but not s'[j] - * or the product s = prod(s'[j]) mod q, which is the enabling - * key. + * that the keys for the jth client do not s1[j] or the product + * s1[j]) (j = 1...n) which is q by construction. + * + * Compute the factor w such that w s1[j] = s1[j] for all j. The + * easy way to do this is to compute (q + s1[j]) / s1[j]. + * Exercise for the student: prove the remainder is always zero. */ - xbar = malloc((n + 1) * sizeof(BIGNUM)); - xhat = malloc((n + 1) * sizeof(BIGNUM)); for (j = 1; j <= n; j++) { xbar[j] = BN_new(); xhat[j] = BN_new(); + + BN_add(w, dsa->q, s1[j]); + BN_div(w, u, w, s1[j], ctx); BN_zero(xbar[j]); BN_set_word(v, n); for (i = 1; i <= n; i++) { @@ -1445,154 +1644,168 @@ gen_mv( } BN_mod_mul(xbar[j], xbar[j], b1, dsa->q, ctx); BN_mod_exp(xhat[j], x[j], v, dsa->q, ctx); - BN_mod_mul(xhat[j], xhat[j], s[j], dsa->q, ctx); + BN_mod_mul(xhat[j], xhat[j], w, dsa->q, ctx); } /* - * The enabling key is initially q by construction. We can - * revoke client j by dividing q by s'[j]. The quotient becomes - * the enabling key s. Note we always have to revoke one key; - * otherwise, the plaintext and cryptotext would be identical. + * We revoke client j by dividing q by s1[j]. The quotient + * becomes the enabling key s. Note we always have to revoke + * one key; otherwise, the plaintext and cryptotext would be + * identical. For the present there are no provisions to revoke + * additional keys, so we sail on with only token revocations. */ - ss = BN_new(); - BN_copy(ss, dsa->q); - BN_div(ss, u, dsa->q, s1[n], ctx); + s = BN_new(); + + BN_copy(s, dsa->q); + BN_div(s, u, s, s1[n], ctx); /* - * Make private server encryption key E = A^s and public server - * keys gbar = g^s mod p and ghat = g^(s b) mod p. The (gbar, - * ghat) is the public key provided to the server, which uses it - * to compute the session encryption key and public key included - * in its messages. These values must be regenerated if the - * enabling key is changed. + * For each combination of clients to be revoked, make private + * encryption key E = A^s and partial decryption keys gbar = g^s + * and ghat = g^(s b), all mod p. The servers use these keys to + * compute the session encryption key and partial decryption + * keys. These values must be regenerated if the enabling key is + * changed. */ bige = BN_new(); gbar = BN_new(); ghat = BN_new(); - BN_mod_exp(bige, biga, ss, dsa->p, ctx); - BN_mod_exp(gbar, dsa->g, ss, dsa->p, ctx); - BN_mod_mul(v, ss, b, dsa->q, ctx); - BN_mod_exp(ghat, dsa->g, v, dsa->p, ctx); + BN_mod_exp(bige, biga, s, dsa->p, ctx); + BN_mod_exp(gbar, dsa->g, s, dsa->p, ctx); + BN_mod_mul(v, s, b, dsa->q, ctx); + BN_mod_exp(ghat, dsa->g, v, dsa->p, ctx); + /* - * We produce the key media in three steps. The first step is to - * generate the private values that do not depend on the - * enabling key. These include the server values p, q, g, b, A - * and the client values s'[j], xbar[j] and xhat[j] for each j. - * The p, xbar[j] and xhat[j] values are encoded in private - * files which are distributed to respective clients. The p, q, - * g, A and s'[j] values (will be) written to a secret file to - * be read back later. - * - * The secret file (will be) read back at some later time to - * enable/disable individual keys and generate/regenerate the - * enabling key s. The p, q, E, gbar and ghat values are written - * to a secret file to be read back later by the server. + * Notes: We produce the key media in three steps. The first + * step is to generate the system parameters p, q, g, b, A and + * the enabling keys s1[j]. Associated with each s1[j] are + * parameters xbar[j] and xhat[j]. All of these parameters are + * retained in a data structure protecteted by the trusted-agent + * password. The p, xbar[j] and xhat[j] paremeters are + * distributed to the j clients. When the client keys are to be + * activated, the enabled keys are multipied together to form + * the master enabling key s. This and the other parameters are + * used to compute the server encryption key E and the partial + * decryption keys gbar and ghat. * - * The server reads the secret file and rolls the session key - * k, which is used only once, then computes E^k, gbar^k and - * ghat^k. The E^k is the session encryption key. The encrypted - * data, gbar^k and ghat^k are transmtted to clients in an - * extension field. The client receives the message and computes - * x = (gbar^k)^xbar[j] (ghat^k)^xhat[j], finds the session - * encryption key E^k as the inverse x^-1 and decrypts the data. + * In the identity exchange the client rolls random r and sends + * it to the server. The server rolls random k, which is used + * only once, then computes the session key E^k and partial + * decryption keys gbar^k and ghat^k. The server sends the + * encrypted r along with gbar^k and ghat^k to the client. The + * client completes the decryption and verifies it matches r. */ - BN_copy(dsa->g, bige); - dsa->priv_key = BN_dup(gbar); - dsa->pub_key = BN_dup(ghat); - /* - * Write the MV server parameters and keys as a DSA private key - * encoded in PEM. + * Write the MV trusted-agent parameters and keys as a DSA + * private key encoded in PEM. * * p modulus p - * q modulus q (used only to generate k) - * g E mod p - * priv_key gbar mod p - * pub_key ghat mod p + * q modulus q + * g generator g + * priv_key A mod p + * pub_key b mod q + * (remaining values are not used) */ - str = fheader("MVpar", trustname); + i = 0; + str = fheader("MVta", "mvta", groupname); + fprintf(stderr, "Generating MV trusted-authority keys\n"); + BN_copy(dsa->priv_key, biga); + BN_copy(dsa->pub_key, b); pkey = EVP_PKEY_new(); EVP_PKEY_assign_DSA(pkey, dsa); - PEM_write_PrivateKey(str, pkey, passwd2 ? EVP_des_cbc() : NULL, - NULL, 0, NULL, passwd2); - fclose(str); + PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL, + passwd1); + evpars[i++] = pkey; if (debug) - DSA_print_fp(stdout, dsa, 0); - fslink(id, trustname); + DSA_print_fp(stderr, dsa, 0); /* - * Write the parameters and private key (xbar[j], xhat[j]) for - * all j as a DSA private key encoded in PEM. It is used only by - * the designated recipient(s) who pay a suitably outrageous fee - * for its use. + * Append the MV server parameters and keys as a DSA key encoded + * in PEM. + * + * p modulus p + * q modulus q (used only when generating k) + * g bige + * priv_key gbar + * pub_key ghat + * (remaining values are not used) + */ + fprintf(stderr, "Generating MV server keys\n"); + dsa2 = DSA_new(); + dsa2->p = BN_dup(dsa->p); + dsa2->q = BN_dup(dsa->q); + dsa2->g = BN_dup(bige); + dsa2->priv_key = BN_dup(gbar); + dsa2->pub_key = BN_dup(ghat); + pkey1 = EVP_PKEY_new(); + EVP_PKEY_assign_DSA(pkey1, dsa2); + PEM_write_PrivateKey(str, pkey1, EVP_des_cbc(), NULL, 0, NULL, + passwd1); + evpars[i++] = pkey1; + if (debug) + DSA_print_fp(stderr, dsa2, 0); + + /* + * Append the MV client parameters for each client j as DSA keys + * encoded in PEM. + * + * p modulus p + * priv_key xbar[j] mod q + * pub_key xhat[j] mod q + * (remaining values are not used) */ - sdsa = DSA_new(); - sdsa->p = BN_dup(dsa->p); - sdsa->q = BN_dup(BN_value_one()); - sdsa->g = BN_dup(BN_value_one()); - sdsa->priv_key = BN_new(); - sdsa->pub_key = BN_new(); + fprintf(stderr, "Generating %d MV client keys\n", n); for (j = 1; j <= n; j++) { - BN_copy(sdsa->priv_key, xbar[j]); - BN_copy(sdsa->pub_key, xhat[j]); - BN_mod_exp(v, dsa->priv_key, sdsa->pub_key, dsa->p, + sdsa = DSA_new(); + + sdsa->p = BN_dup(dsa->p); + sdsa->q = BN_dup(BN_value_one()); + sdsa->g = BN_dup(BN_value_one()); + sdsa->priv_key = BN_dup(xbar[j]); + sdsa->pub_key = BN_dup(xhat[j]); + pkey1 = EVP_PKEY_new(); + EVP_PKEY_set1_DSA(pkey1, sdsa); + PEM_write_PrivateKey(str, pkey1, EVP_des_cbc(), NULL, 0, + NULL, passwd1); + evpars[i++] = pkey1; + if (debug) + DSA_print_fp(stderr, sdsa, 0); + + /* + * The product gbar^k)^xbar[j] (ghat^k)^xhat[j] and E + * are inverses of each other. We check that the product + * is one for each client except the ones that have been + * revoked. + */ + BN_mod_exp(v, dsa2->priv_key, sdsa->pub_key, dsa->p, ctx); - BN_mod_exp(u, dsa->pub_key, sdsa->priv_key, dsa->p, + BN_mod_exp(u, dsa2->pub_key, sdsa->priv_key, dsa->p, ctx); BN_mod_mul(u, u, v, dsa->p, ctx); - BN_mod_mul(u, u, dsa->g, dsa->p, ctx); - BN_free(xbar[j]); BN_free(xhat[j]); - BN_free(x[j]); BN_free(s[j]); BN_free(s1[j]); + BN_mod_mul(u, u, bige, dsa->p, ctx); if (!BN_is_one(u)) { fprintf(stderr, "Revoke key %d\n", j); continue; } - - /* - * Write the client parameters as a DSA private key - * encoded in PEM. We don't make links for these. - * - * p modulus p - * priv_key xbar[j] mod q - * pub_key xhat[j] mod q - * (remaining values are not used) - */ - sprintf(ident, "MVkey%d", j); - str = fheader(ident, trustname); - pkey1 = EVP_PKEY_new(); - EVP_PKEY_set1_DSA(pkey1, sdsa); - PEM_write_PrivateKey(str, pkey1, passwd2 ? - EVP_des_cbc() : NULL, NULL, 0, NULL, passwd2); - fclose(str); - fprintf(stderr, "ntpkey_%s_%s.%lu\n", ident, trustname, - epoch + JAN_1970); - if (debug) - DSA_print_fp(stdout, sdsa, 0); - EVP_PKEY_free(pkey1); } + evpars[i++] = NULL; + fclose(str); /* * Free the countries. */ for (i = 0; i <= n; i++) { - BN_free(a[i]); - BN_free(g[i]); + BN_free(a[i]); BN_free(g[i]); + } + for (j = 1; j <= n; j++) { + BN_free(x[j]); BN_free(xbar[j]); BN_free(xhat[j]); + BN_free(s1[j]); } - BN_free(u); BN_free(v); BN_free(w); BN_CTX_free(ctx); - BN_free(b); BN_free(b1); BN_free(biga); BN_free(bige); - BN_free(ss); BN_free(gbar); BN_free(ghat); - DSA_free(sdsa); - - /* - * Free the world. - */ - free(x); free(a); free(g); free(s); free(s1); - free(xbar); free(xhat); return (pkey); } /* - * Generate X509v3 scertificate. + * Generate X509v3 certificate. * * The certificate consists of the version number, serial number, * validity interval, issuer name, subject name and public key. For a @@ -1607,7 +1820,8 @@ x509 ( EVP_PKEY *pkey, /* generic signature algorithm */ const EVP_MD *md, /* generic digest algorithm */ char *gqpub, /* identity extension (hex string) */ - char *exten /* private cert extension */ + char *exten, /* private cert extension */ + char *name /* subject/issuer namd */ ) { X509 *cert; /* X509 certificate */ @@ -1622,31 +1836,29 @@ x509 ( * Generate X509 self-signed certificate. * * Set the certificate serial to the NTP seconds for grins. Set - * the version to 3. Set the subject name and issuer name to the - * subject name in the request. Set the initial validity to the - * current time and the final validity one year hence. + * the version to 3. Set the initial validity to the current + * time and the finalvalidity one year hence. */ - id = OBJ_nid2sn(md->pkey_type); - fprintf(stderr, "Generating certificate %s\n", id); + id = OBJ_nid2sn(md->pkey_type); + fprintf(stderr, "Generating new certificate %s %s\n", name, id); cert = X509_new(); X509_set_version(cert, 2L); serial = ASN1_INTEGER_new(); - ASN1_INTEGER_set(serial, epoch + JAN_1970); + ASN1_INTEGER_set(serial, (long)epoch + JAN_1970); X509_set_serialNumber(cert, serial); ASN1_INTEGER_free(serial); X509_time_adj(X509_get_notBefore(cert), 0L, &epoch); X509_time_adj(X509_get_notAfter(cert), YEAR, &epoch); subj = X509_get_subject_name(cert); X509_NAME_add_entry_by_txt(subj, "commonName", MBSTRING_ASC, - (unsigned char *) hostname, strlen(hostname), -1, 0); + (unsigned char *) name, strlen(name), -1, 0); subj = X509_get_issuer_name(cert); X509_NAME_add_entry_by_txt(subj, "commonName", MBSTRING_ASC, - (unsigned char *) trustname, strlen(trustname), -1, 0); + (unsigned char *) name, strlen(name), -1, 0); if (!X509_set_pubkey(cert, pkey)) { fprintf(stderr, "Assign key fails\n%s\n", ERR_error_string(ERR_get_error(), NULL)); X509_free(cert); - rval = -1; return (0); } @@ -1666,7 +1878,6 @@ x509 ( if (!X509_add_ext(cert, ex, -1)) { fprintf(stderr, "Add extension field fails\n%s\n", ERR_error_string(ERR_get_error(), NULL)); - rval = -1; return (0); } X509_EXTENSION_free(ex); @@ -1680,7 +1891,6 @@ x509 ( if (!X509_add_ext(cert, ex, -1)) { fprintf(stderr, "Add extension field fails\n%s\n", ERR_error_string(ERR_get_error(), NULL)); - rval = -1; return (0); } X509_EXTENSION_free(ex); @@ -1696,7 +1906,6 @@ x509 ( fprintf(stderr, "Add extension field fails\n%s\n", ERR_error_string(ERR_get_error(), NULL)); - rval = -1; return (0); } X509_EXTENSION_free(ex); @@ -1718,7 +1927,6 @@ x509 ( fprintf(stderr, "Add extension field fails\n%s\n", ERR_error_string(ERR_get_error(), NULL)); - rval = -1; return (0); } X509_EXTENSION_free(ex); @@ -1728,11 +1936,10 @@ x509 ( * Sign and verify. */ X509_sign(cert, pkey, md); - if (!X509_verify(cert, pkey)) { + if (X509_verify(cert, pkey) <= 0) { fprintf(stderr, "Verify %s certificate fails\n%s\n", id, ERR_error_string(ERR_get_error(), NULL)); X509_free(cert); - rval = -1; return (0); } @@ -1740,17 +1947,16 @@ x509 ( * Write the certificate encoded in PEM. */ sprintf(pathbuf, "%scert", id); - str = fheader(pathbuf, hostname); + str = fheader(pathbuf, "cert", hostname); PEM_write_X509(str, cert); fclose(str); if (debug) - X509_print_fp(stdout, cert); + X509_print_fp(stderr, cert); X509_free(cert); - fslink("cert", hostname); return (1); } -#if 0 /* asn2ntp is not used */ +#if 0 /* asn2ntp is used only with commercial certificates */ /* * asn2ntp - convert ASN1_TIME time structure to NTP time */ @@ -1840,51 +2046,38 @@ genkey( return (gen_dsa(id)); fprintf(stderr, "Invalid %s key type %s\n", id, type); - rval = -1; return (NULL); } #endif /* OPENSSL */ /* - * Generate file header + * Generate file header and link */ FILE * fheader ( - const char *id, /* file name id */ - const char *name /* owner name */ + const char *file, /* file name id */ + const char *ulink, /* linkname */ + const char *owner /* owner name */ ) { FILE *str; /* file handle */ + char linkname[MAXFILENAME]; /* link name */ + int temp; - sprintf(filename, "ntpkey_%s_%s.%lu", id, name, epoch + + sprintf(filename, "ntpkey_%s_%s.%lu", file, owner, epoch + JAN_1970); if ((str = fopen(filename, "w")) == NULL) { perror("Write"); exit (-1); } - fprintf(str, "# %s\n# %s", filename, ctime(&epoch)); - return (str); -} - - -/* - * Generate symbolic links - */ -void -fslink( - const char *id, /* file name id */ - const char *name /* owner name */ - ) -{ - char linkname[MAXFILENAME]; /* link name */ - int temp; - - sprintf(linkname, "ntpkey_%s_%s", id, name); + sprintf(linkname, "ntpkey_%s_%s", ulink, owner); remove(linkname); temp = symlink(filename, linkname); if (temp < 0) - perror(id); - fprintf(stderr, "Generating new %s file and link\n", id); + perror(file); + fprintf(stderr, "Generating new %s file and link\n", ulink); fprintf(stderr, "%s->%s\n", linkname, filename); + fprintf(str, "# %s\n# %s\n", filename, ctime(&epoch)); + return (str); } diff --git a/util/ntptime.c b/util/ntptime.c index 8f9d0c339e7c..7202dfb5855e 100644 --- a/util/ntptime.c +++ b/util/ntptime.c @@ -52,11 +52,11 @@ /* * Function prototypes */ -char *sprintb P((u_int, const char *)); -const char *timex_state P((int)); +char *sprintb (u_int, const char *); +const char *timex_state (int); #ifdef SIGSYS -void pll_trap P((int)); +void pll_trap (int); static struct sigaction newsigsys; /* new sigaction status */ static struct sigaction sigsys; /* current sigaction status */ @@ -67,6 +67,7 @@ static volatile int pll_control; /* (0) daemon, (1) kernel loop */ static volatile int status; /* most recent status bits */ static volatile int flash; /* most recent ntp_adjtime() bits */ char* progname; +volatile int debug; /* for libntp */ static char optargs[] = "MNT:cde:f:hm:o:rs:t:"; int diff --git a/util/tickadj.c b/util/tickadj.c index 4a7f2c44274a..7bfde4d28864 100644 --- a/util/tickadj.c +++ b/util/tickadj.c @@ -180,11 +180,13 @@ main( # include <sys/resource.h> # include <sys/file.h> # include <a.out.h> -# include <sys/var.h> +# ifdef HAVE_SYS_VAR_H +# include <sys/var.h> +# endif #endif -#include "ntp_io.h" #include "ntp_stdlib.h" +#include "ntp_io.h" #ifdef hz /* Was: RS6000 */ # undef hz @@ -225,10 +227,10 @@ const char *kmem = KMEM; const char *file = NULL; int fd = -1; -static void getoffsets P((off_t *, off_t *, off_t *, off_t *)); -static int openfile P((const char *, int)); -static void writevar P((int, off_t, int)); -static void readvar P((int, off_t, int *)); +static void getoffsets (off_t *, off_t *, off_t *, off_t *); +static int openfile (const char *, int); +static void writevar (int, off_t, int); +static void readvar (int, off_t, int *); /* * main - parse arguments and handle options |