| crypto.c (302408) | crypto.c (309007) |
|---|---|
| 1#include <config.h> 2#include "crypto.h" 3#include <ctype.h> 4#include "isc/string.h" | 1#include <config.h> 2#include "crypto.h" 3#include <ctype.h> 4#include "isc/string.h" |
| 5#include "libssl_compat.h" |
|
| 5 6struct key *key_ptr; 7size_t key_cnt = 0; 8 9int 10make_mac( 11 const void *pkt_data, 12 int pkt_size, 13 int mac_size, 14 const struct key *cmp_key, 15 void * digest 16 ) 17{ 18 u_int len = mac_size; 19 int key_type; | 6 7struct key *key_ptr; 8size_t key_cnt = 0; 9 10int 11make_mac( 12 const void *pkt_data, 13 int pkt_size, 14 int mac_size, 15 const struct key *cmp_key, 16 void * digest 17 ) 18{ 19 u_int len = mac_size; 20 int key_type; |
| 20 EVP_MD_CTX ctx; | 21 EVP_MD_CTX * ctx; |
| 21 22 if (cmp_key->key_len > 64) 23 return 0; 24 if (pkt_size % 4 != 0) 25 return 0; 26 27 INIT_SSL(); 28 key_type = keytype_from_text(cmp_key->type, NULL); | 22 23 if (cmp_key->key_len > 64) 24 return 0; 25 if (pkt_size % 4 != 0) 26 return 0; 27 28 INIT_SSL(); 29 key_type = keytype_from_text(cmp_key->type, NULL); |
| 29 EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type)); 30 EVP_DigestUpdate(&ctx, (const u_char *)cmp_key->key_seq, (u_int)cmp_key->key_len); 31 EVP_DigestUpdate(&ctx, pkt_data, (u_int)pkt_size); 32 EVP_DigestFinal(&ctx, digest, &len); 33 | 30 31 ctx = EVP_MD_CTX_new(); 32 EVP_DigestInit(ctx, EVP_get_digestbynid(key_type)); 33 EVP_DigestUpdate(ctx, (const u_char *)cmp_key->key_seq, (u_int)cmp_key->key_len); 34 EVP_DigestUpdate(ctx, pkt_data, (u_int)pkt_size); 35 EVP_DigestFinal(ctx, digest, &len); 36 EVP_MD_CTX_free(ctx); 37 |
| 34 return (int)len; 35} 36 37 38/* Generates a md5 digest of the key specified in keyid concatenated with the 39 * ntp packet (exluding the MAC) and compares this digest to the digest in 40 * the packet's MAC. If they're equal this function returns 1 (packet is 41 * authentic) or else 0 (not authentic). --- 17 unchanged lines hidden (view full) --- 59 digest); 60 if (!hash_len) { 61 authentic = FALSE; 62 } else { 63 /* isc_tsmemcmp will be better when its easy to link 64 * with. sntp is a 1-shot program, so snooping for 65 * timing attacks is Harder. 66 */ | 38 return (int)len; 39} 40 41 42/* Generates a md5 digest of the key specified in keyid concatenated with the 43 * ntp packet (exluding the MAC) and compares this digest to the digest in 44 * the packet's MAC. If they're equal this function returns 1 (packet is 45 * authentic) or else 0 (not authentic). --- 17 unchanged lines hidden (view full) --- 63 digest); 64 if (!hash_len) { 65 authentic = FALSE; 66 } else { 67 /* isc_tsmemcmp will be better when its easy to link 68 * with. sntp is a 1-shot program, so snooping for 69 * timing attacks is Harder. 70 */ |
| 67 authentic = !memcmp(digest, pkt_data + pkt_size + 4, | 71 authentic = !memcmp(digest, (const char*)pkt_data + pkt_size + 4, |
| 68 hash_len); 69 } 70 return authentic; 71} 72 73static int 74hex_val( 75 unsigned char x --- 124 unchanged lines hidden --- | 72 hash_len); 73 } 74 return authentic; 75} 76 77static int 78hex_val( 79 unsigned char x --- 124 unchanged lines hidden --- |