[Git][NTPsec/ntpsec][master] Delete "enclair" in favor of 'cipher "null"'

Eric S. Raymond gitlab at mg.gitlab.com
Sun Feb 3 18:50:26 UTC 2019 

Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
25f1b48e by Eric S. Raymond at 2019-02-03T18:49:20Z
Delete "enclair" in favor of 'cipher "null"'

- - - - -


6 changed files:

- docs/includes/auth-commands.adoc
- libntp/authreadkeys.c
- ntpd/keyword-gen.c
- ntpd/ntp_config.c
- ntpd/ntp_parser.y
- ntpd/nts.c


Changes:

=====================================
docs/includes/auth-commands.adoc
=====================================
@@ -48,15 +48,10 @@ The options are as follows:
   Set the highest allowable TLS version to negotiate. By setting
   mintls and maxtls equal you can force the TLS version for testing.
 
-+enclair+ _bool_::
-  Turning this on disables crypto. Code requiring installed
-  certificates is bypassed.  Useful for testing if you have a
-  cooperating implementation on the other end that can also
-  disable crypto. {ntsdman} will do this.
-
+// https://crypto.stackexchange.com/questions/8964/sending-tls-messages-with-out-encryption-using-openssl-code
 +cipher+ _name_::
   Disable normal cipher negotiation, forcing one by name. Intended
-  for testing.
+  for testing.  The cipher "null" disables encryption.
 
 The following options of the +server+ command configure NTS.
 


=====================================
libntp/authreadkeys.c
=====================================
@@ -119,10 +119,10 @@ check_cmac_mac_length(
     size_t length = 0;
     char key[EVP_MAX_KEY_LENGTH];  /* garbage is OK */
     CMAC_CTX *ctx;
-    const EVP_CIPHER *cipher = EVP_get_cipherbyname(name);
+    const EVP_CIPHER *cmac_cipher = EVP_get_cipherbyname(name);
 
     ctx = CMAC_CTX_new();
-    CMAC_Init(ctx, key, EVP_CIPHER_key_length(cipher), cipher, NULL);
+    CMAC_Init(ctx, key, EVP_CIPHER_key_length(cmac_cipher), cmac_cipher, NULL);
     CMAC_Final(ctx, mac, &length);
     CMAC_CTX_free(ctx);
 
@@ -174,8 +174,8 @@ check_cmac_key_length(
 	char *name,
 	char *key,
 	int keylength) {
-    const EVP_CIPHER *cipher = EVP_get_cipherbyname(name);
-    int len = EVP_CIPHER_key_length(cipher);
+    const EVP_CIPHER *cmac_cipher = EVP_get_cipherbyname(name);
+    int len = EVP_CIPHER_key_length(cmac_cipher);
     int i;
 
     if (len < keylength) {


=====================================
ntpd/keyword-gen.c
=====================================
@@ -206,7 +206,6 @@ struct key_tok ntp_keywords[] = {
 { "crypto",		T_Crypto,		FOLLBY_TOKEN },
 { "mintls",		T_Mintls,		FOLLBY_TOKEN },
 { "maxtls",		T_Maxtls,		FOLLBY_TOKEN },
-{ "enclair",		T_Enclair,		FOLLBY_TOKEN },
 { "cipher",		T_Cipher,		FOLLBY_STRING },
 };
 


=====================================
ntpd/ntp_config.c
=====================================
@@ -2001,10 +2001,6 @@ config_crypto(
 		    	mintls = crypto->value.d;
 			break;
 
-		case T_Enclair:
-			enclair = (bool)crypto->value.i;
-			break;
-
 		case T_Cipher:
 			cipher = estrdup(crypto->value.s);
 			break;


=====================================
ntpd/ntp_parser.y
=====================================
@@ -80,7 +80,6 @@
 %token	<Integer>	T_Driftfile
 %token	<Integer>	T_Drop
 %token	<Integer>	T_Dscp
-%token	<Integer>	T_Enclair
 %token	<Integer>	T_Expire
 %token	<Integer>	T_Ellipsis	/* "..." not "ellipsis" */
 %token	<Integer>	T_Enable
@@ -1124,8 +1123,6 @@ crypto_option_list
 crypto_option
 	:	crypto_option_keyword number
 			{ $$ = create_attr_dval($1, $2); }
-	|	T_Enclair boolean
-			{ $$ = create_attr_ival($1, 1); }
 	|	T_Cipher T_String
 			{ $$ = create_attr_sval($1, $2); }
 	;


=====================================
ntpd/nts.c
=====================================
@@ -17,7 +17,6 @@
 
 float mintls = 1.2;		/* minimum TLS version allowed */
 float maxtls;			/* maximum TLS version allowed */
-bool enclair;			/* if on, disable TLS and talk en clair */
 char *cipher;			/* force cipher; NULL for negotiation */
 
 /* By design, there is no per-client-side state on the server */



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/25f1b48e4cdc1b2bf0aabf765a41d381f329c939

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/25f1b48e4cdc1b2bf0aabf765a41d381f329c939
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190203/39358efa/attachment-0001.html>

More information about the vc mailing list