[Git][NTPsec/ntpsec][master] 2 commits: Remove KEYID_T_MAX, use NTP_MAXKEY

Hal Murray gitlab at mg.gitlab.com
Tue Jan 2 12:00:05 UTC 2018


Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
dfd4bc56 by Hal Murray at 2018-01-02T01:36:26-08:00
Remove KEYID_T_MAX, use NTP_MAXKEY

In the old days:
  keyids up to 16 bits were used for shared keys.
  Autokey used larger keyids.

We could relax the restriction, but 64K keys seems like
plenty for now and we might want to use a similar hack
in the future.

We can't just change NTP_MAXKEY to 0xffffffff
We'll have to remove various checks to avoid compiler warnings.

- - - - -
39821e93 by Hal Murray at 2018-01-02T02:49:24-08:00
Remove references to long-gone crypto config file option.

The code was removed ages ago.

- - - - -


4 changed files:

- docs/includes/ntpkeygen-body.txt
- include/ntp.h
- include/ntp_types.h
- ntpd/ntp_config.c


Changes:

=====================================
docs/includes/ntpkeygen-body.txt
=====================================
--- a/docs/includes/ntpkeygen-body.txt
+++ b/docs/includes/ntpkeygen-body.txt
@@ -50,14 +50,6 @@ run this program on an active host with a lot of available entropy.
 [[access]]
 == Key file access and location ==
 
-The {ntpdman} configuration command _crypto_ _pw_ _password_
-specifies the read password for previously encrypted files. The daemon
-expires on the spot if the password is missing or incorrect. For
-convenience, if a file has been previously encrypted, the default read
-password is the name of the host running the program. If the previous
-write password is specified as the host name, these files can be read by
-that host with no explicit password.
-
 File names begin with the prefix _ntpkey_ and end with the postfix
 _hostname.filestamp_, where _hostname_ is the owner name, usually the
 string returned by the Unix gethostname() routine, and _filestamp_ is
@@ -115,7 +107,7 @@ format:
 |====================================================================
 |Field	| Meaning
 |keyno	| Positive integer in the range 1-65,535
-|type	| MD5 or SHA-1 , type of key
+|type	| MD5 or SHA-1, type of key
 |key	| the actual key, printable ASCII
 |====================================================================
 


=====================================
include/ntp.h
=====================================
--- a/include/ntp.h
+++ b/include/ntp.h
@@ -87,7 +87,6 @@ extern int32_t ntp_random (void);
 /*
  * Miscellaneous stuff
  */
-#define NTP_MAXKEY	65535	/* max authentication key number */
 /*
  * Limits of things
  */


=====================================
include/ntp_types.h
=====================================
--- a/include/ntp_types.h
+++ b/include/ntp_types.h
@@ -61,8 +61,12 @@ typedef uint64_t time64_t;
 
 typedef uint16_t	associd_t; /* association ID */
 #define ASSOCID_MAX	USHRT_MAX
+
+/* In the old days...
+ * Only 16 bits were used for shared keys.
+ * Autokey used to use keys bigger than 16 bits. */
 typedef uint32_t keyid_t;	/* cryptographic key ID */
-#define KEYID_T_MAX	(0xffffffff)
+#define NTP_MAXKEY 0xffff	/* max authentication key number */
 
 /*
  * Ordinary double has only 53 bits  of precision in IEEE754.  But l_fp


=====================================
ntpd/ntp_config.c
=====================================
--- a/ntpd/ntp_config.c
+++ b/ntpd/ntp_config.c
@@ -695,7 +695,7 @@ create_peer_node(
 			break;
 
 		case T_Key:
-			if (option->value.u >= KEYID_T_MAX) {
+			if (option->value.u >= NTP_MAXKEY) {
 				msyslog(LOG_ERR, "CONFIG: key: invalid argument");
 				errflag = true;
 			} else {



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/9ba9a887546c71c730f4a10de369cab34f332727...39821e939685d0badd41a2f22ad446b577db14db

---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/9ba9a887546c71c730f4a10de369cab34f332727...39821e939685d0badd41a2f22ad446b577db14db
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20180102/8f631602/attachment.html>


More information about the vc mailing list