diff -rup ntp-4.2.8p10/ntpq/ntpq.c ntp-4.2.8p10-new/ntpq/ntpq.c --- ntp-4.2.8p10/ntpq/ntpq.c 2017-03-21 06:04:30.000000000 -0700 +++ ntp-4.2.8p10-new/ntpq/ntpq.c 2017-09-28 14:50:29.501452148 -0700 @@ -33,7 +33,6 @@ #ifdef OPENSSL #include "openssl/evp.h" #include "openssl/objects.h" -#include "openssl/err.h" #include "libssl_compat.h" #endif #include <ssl_applink.c> @@ -227,13 +226,6 @@ static void on_ctrlc (void); static int my_easprintf (char**, const char *, ...) NTP_PRINTF(2, 3); void ntpq_custom_opt_handler (tOptions *, tOptDesc *); -#ifdef OPENSSL -# ifdef HAVE_EVP_MD_DO_ALL_SORTED -static void list_md_fn(const EVP_MD *m, const char *from, - const char *to, void *arg ); -# endif -#endif -static char *list_digest_names(void); /* * Built-in commands we understand @@ -294,8 +286,8 @@ struct xcmd builtins[] = { { "version number", "", "", "" }, "set the NTP version number to use for requests" }, { "keytype", keytype, { OPT|NTP_STR, NO, NO, NO }, - { "key type %s", "", "", "" }, - NULL }, + { "key type (md5|des)", "", "", "" }, + "set key type to use for authenticated requests (des|md5)" }, { 0, 0, { NO, NO, NO, NO }, { "", "", "", "" }, "" } }; @@ -477,37 +469,6 @@ ntpqmain( if (!ipv6_works) ai_fam_default = AF_INET; - /* Fixup keytype's help based on available digest names */ - - { - char *list; - char *msg; - - list = list_digest_names(); - for (icmd = 0; icmd < sizeof(builtins)/sizeof(builtins[0]); icmd++) { - if (strcmp("keytype", builtins[icmd].keyword) == 0) - break; - } - - /* CID: 1295478 */ - /* This should only "trip" if "keytype" is removed from builtins */ - INSIST(icmd < sizeof(builtins)/sizeof(builtins[0])); - -#ifdef OPENSSL - builtins[icmd].desc[0] = "digest-name"; - my_easprintf(&msg, - "set key type to use for authenticated requests, one of:%s", - list); -#else - builtins[icmd].desc[0] = "md5"; - my_easprintf(&msg, - "set key type to use for authenticated requests (%s)", - list); -#endif - builtins[icmd].comment = msg; - free(list); - } - progname = argv[0]; { @@ -2558,11 +2519,11 @@ keytype( key_type = keytype_from_text(digest_name, &digest_len); if (!key_type) { - fprintf(fp, "keytype is not valid. " + fprintf(fp, "keytype must be 'md5'%s\n", #ifdef OPENSSL - "Type \"help keytype\" for the available digest types.\n"); + " or a digest type provided by OpenSSL"); #else - "Only \"md5\" is available.\n"); + ""); #endif return; } @@ -3580,109 +3541,6 @@ ntpq_custom_opt_handler( break; } } -/* - * Obtain list of digest names - */ - -#ifdef OPENSSL -# ifdef HAVE_EVP_MD_DO_ALL_SORTED -struct hstate { - char *list; - const char **seen; - int idx; -}; -#define K_PER_LINE 8 -#define K_NL_PFX_STR "\n " -#define K_DELIM_STR ", " -static void list_md_fn(const EVP_MD *m, const char *from, const char *to, void *arg ) -{ - size_t len, n; - const char *name, *cp, **seen; - struct hstate *hstate = arg; - EVP_MD_CTX *ctx; - u_int digest_len; - u_char digest[EVP_MAX_MD_SIZE]; - - if (!m) - return; /* Ignore aliases */ - - name = EVP_MD_name(m); - - /* Lowercase names aren't accepted by keytype_from_text in ssl_init.c */ - - for( cp = name; *cp; cp++ ) { - if( islower((unsigned char)*cp) ) - return; - } - len = (cp - name) + 1; - - /* There are duplicates. Discard if name has been seen. */ - - for (seen = hstate->seen; *seen; seen++) - if (!strcmp(*seen, name)) - return; - n = (seen - hstate->seen) + 2; - hstate->seen = erealloc(hstate->seen, n * sizeof(*seen)); - hstate->seen[n-2] = name; - hstate->seen[n-1] = NULL; - - /* Discard MACs that NTP won't accept. - * Keep this consistent with keytype_from_text() in ssl_init.c. - */ - - ctx = EVP_MD_CTX_new(); - EVP_DigestInit(ctx, EVP_get_digestbyname(name)); - EVP_DigestFinal(ctx, digest, &digest_len); - EVP_MD_CTX_free(ctx); - if (digest_len > (MAX_MAC_LEN - sizeof(keyid_t))) - return; - - if (hstate->list != NULL) - len += strlen(hstate->list); - len += (hstate->idx >= K_PER_LINE)? strlen(K_NL_PFX_STR): strlen(K_DELIM_STR); - - if (hstate->list == NULL) { - hstate->list = (char *)emalloc(len); - hstate->list[0] = '\0'; - } else - hstate->list = (char *)erealloc(hstate->list, len); - - sprintf(hstate->list + strlen(hstate->list), "%s%s", - ((hstate->idx >= K_PER_LINE)? K_NL_PFX_STR : K_DELIM_STR), - name); - if (hstate->idx >= K_PER_LINE) - hstate->idx = 1; - else - hstate->idx++; -} -# endif -#endif - -static char *list_digest_names(void) -{ - char *list = NULL; - -#ifdef OPENSSL -# ifdef HAVE_EVP_MD_DO_ALL_SORTED - struct hstate hstate = { NULL, NULL, K_PER_LINE+1 }; - - hstate.seen = (const char **) emalloc_zero(1*sizeof( const char * )); // replaces -> calloc(1, sizeof( const char * )); - - INIT_SSL(); - EVP_MD_do_all_sorted(list_md_fn, &hstate); - list = hstate.list; - free(hstate.seen); -# else - list = (char *)emalloc(sizeof("md5, others (upgrade to OpenSSL-1.0 for full list)")); - strcpy(list, "md5, others (upgrade to OpenSSL-1.0 for full list)"); -# endif -#else - list = (char *)emalloc(sizeof("md5")); - strcpy(list, "md5"); -#endif - - return list; -} #define CTRLC_STACK_MAX 4 static volatile size_t ctrlc_stack_len = 0;