[Git][NTPsec/ntpsec][master] Split nts.h into 2 parts so nts.h doesn't need openssl/ssh.h

Hal Murray gitlab at mg.gitlab.com
Sat Mar 9 10:16:49 UTC 2019 


Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
b402d16d by Hal Murray at 2019-03-09T09:37:23Z
Split nts.h into 2 parts so nts.h doesn't need openssl/ssh.h

- - - - -


8 changed files:

- include/nts.h
- + include/nts2.h
- ntpd/nts.c
- ntpd/nts_client.c
- ntpd/nts_cookie.c
- ntpd/nts_extens.c
- ntpd/nts_server.c
- tests/ntpd/nts.c


Changes:

=====================================
include/nts.h
=====================================
@@ -6,7 +6,6 @@
 
 #include <stdbool.h>
 #include <stdint.h>
-#include <openssl/ssl.h>
 
 /* default file names */
 #define NTS_CERT_FILE "/etc/ntp/cert-chain.pem"
@@ -147,67 +146,6 @@ enum aead_ciphers {
 
 extern struct ntsconfig_t ntsconfig;
 
-bool nts_server_init(void);
-bool nts_client_init(void);
-bool nts_cookie_init(void);
-bool nts_cookie_init2(void);	/* after sandbox */
-void nts_log_ssl_error(void);
-
-bool nts_load_ciphers(SSL_CTX *ctx);
-bool nts_load_versions(SSL_CTX *ctx);
-
-int nts_get_key_length(int aead);
-bool nts_make_keys(SSL *ssl, int aead, uint8_t *c2s, uint8_t *s2c, int keylen);
-
-int nts_make_cookie(uint8_t *cookie,
-  uint16_t aead,
-  uint8_t *c2s, uint8_t *s2c, int keylen);
-bool nts_unpack_cookie(uint8_t *cookie, int cookielen,
-  uint16_t *aead,
-  uint8_t *c2s, uint8_t *s2c, int *keylen);
-
-#define NO_OLD_VERSIONS SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1
-
-
-/* buffer packing/unpacking routines.
- * NB: The length field in NTP extensions includes the header
- * while the length field in NTS-KE data streams does not.
- *
- * These routines do not handle padding.  NTS-KE has no padding.
- * NTP extensions are padded to word (4 byte) boundaries.
- *
- * Note that data on the wire is big endian.
- * buffer is wire format, not host format.
- */
-
-
-/* working finger into a buffer - updated by append/unpack routines */
-struct BufCtl_t {
-  uint8_t *next;  /* pointer to next data/space */
-  int left;       /* data left or space available */
-};
-typedef struct BufCtl_t BufCtl;
-
-/* xxx_append_record_foo makes whole record with one foo */
-/* append_foo appends foo to existing partial record */
-void ke_append_record_null(BufCtl* buf, uint16_t type);
-void ke_append_record_uint16(BufCtl* buf, uint16_t type, uint16_t data);
-void ke_append_record_bytes(BufCtl* buf, uint16_t type, uint8_t *data, int length);
-
-void ex_append_record_null(BufCtl* buf, uint16_t type);
-void ex_append_record_uint16(BufCtl* buf, uint16_t type, uint16_t data);
-void ex_append_record_bytes(BufCtl* buf, uint16_t type, uint8_t *data, int length);
-
-void ex_append_header(BufCtl* buf, uint16_t type, uint16_t length);
-void append_header(BufCtl* buf, uint16_t type, uint16_t length);
-void append_uint16(BufCtl* buf, uint16_t data);
-void append_bytes(BufCtl* buf, uint8_t *data, int length);
-
-uint16_t ke_next_record(BufCtl* buf, int *length);
-uint16_t ex_next_record(BufCtl* buf, int *length);  /* body length */
-uint16_t next_uint16(BufCtl* buf);
-uint16_t next_bytes(BufCtl* buf, uint8_t *data, int length);
-
 
 
 /* NTS-related statistics visible via ntpq -c nts */


=====================================
include/nts2.h
=====================================
@@ -0,0 +1,76 @@
+/*
+ * nts2.h - NTS (Network Time Security) declarations
+ * other half of nts.h which doesn't include openssl/ssh.h
+ */
+#ifndef GUARD_NTS2_H
+#define GUARD_NTS2_H
+
+#include <stdbool.h>
+#include <stdint.h>
+#include <openssl/ssl.h>
+
+
+
+bool nts_server_init(void);
+bool nts_client_init(void);
+bool nts_cookie_init(void);
+bool nts_cookie_init2(void);	/* after sandbox */
+void nts_log_ssl_error(void);
+
+bool nts_load_ciphers(SSL_CTX *ctx);
+bool nts_load_versions(SSL_CTX *ctx);
+
+int nts_get_key_length(int aead);
+bool nts_make_keys(SSL *ssl, int aead, uint8_t *c2s, uint8_t *s2c, int keylen);
+
+int nts_make_cookie(uint8_t *cookie,
+  uint16_t aead,
+  uint8_t *c2s, uint8_t *s2c, int keylen);
+bool nts_unpack_cookie(uint8_t *cookie, int cookielen,
+  uint16_t *aead,
+  uint8_t *c2s, uint8_t *s2c, int *keylen);
+
+#define NO_OLD_VERSIONS SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1
+
+
+/* buffer packing/unpacking routines.
+ * NB: The length field in NTP extensions includes the header
+ * while the length field in NTS-KE data streams does not.
+ *
+ * These routines do not handle padding.  NTS-KE has no padding.
+ * NTP extensions are padded to word (4 byte) boundaries.
+ *
+ * Note that data on the wire is big endian.
+ * buffer is wire format, not host format.
+ */
+
+
+/* working finger into a buffer - updated by append/unpack routines */
+struct BufCtl_t {
+  uint8_t *next;  /* pointer to next data/space */
+  int left;       /* data left or space available */
+};
+typedef struct BufCtl_t BufCtl;
+
+/* xxx_append_record_foo makes whole record with one foo */
+/* append_foo appends foo to existing partial record */
+void ke_append_record_null(BufCtl* buf, uint16_t type);
+void ke_append_record_uint16(BufCtl* buf, uint16_t type, uint16_t data);
+void ke_append_record_bytes(BufCtl* buf, uint16_t type, uint8_t *data, int length);
+
+void ex_append_record_null(BufCtl* buf, uint16_t type);
+void ex_append_record_uint16(BufCtl* buf, uint16_t type, uint16_t data);
+void ex_append_record_bytes(BufCtl* buf, uint16_t type, uint8_t *data, int length);
+
+void ex_append_header(BufCtl* buf, uint16_t type, uint16_t length);
+void append_header(BufCtl* buf, uint16_t type, uint16_t length);
+void append_uint16(BufCtl* buf, uint16_t data);
+void append_bytes(BufCtl* buf, uint8_t *data, int length);
+
+uint16_t ke_next_record(BufCtl* buf, int *length);
+uint16_t ex_next_record(BufCtl* buf, int *length);  /* body length */
+uint16_t next_uint16(BufCtl* buf);
+uint16_t next_bytes(BufCtl* buf, uint8_t *data, int length);
+
+
+#endif /* GUARD_NTS2_H */


=====================================
ntpd/nts.c
=====================================
@@ -19,6 +19,8 @@
 
 #include "ntp_types.h"
 #include "ntpd.h"
+#include "nts.h"
+#include "nts2.h"
 
 struct ntsconfig_t ntsconfig = {
   .ntsenable = false,


=====================================
ntpd/nts_client.c
=====================================
@@ -24,6 +24,7 @@
 #include "ntp_types.h"
 #include "ntpd.h"
 #include "nts.h"
+#include "nts2.h"
 #include "ntp_dns.h"
 
 int open_TCP_socket(const char *hostname);


=====================================
ntpd/nts_cookie.c
=====================================
@@ -31,6 +31,7 @@
 #include "ntpd.h"
 #include "ntp_stdlib.h"
 #include "nts.h"
+#include "nts2.h"
 
 /* Cookie format:
  *  cookie is I,N,CMAC,C


=====================================
ntpd/nts_extens.c
=====================================
@@ -21,6 +21,7 @@
 #include "ntp.h"
 #include "ntpd.h"
 #include "nts.h"
+#include "nts2.h"
 
 // FIXME Duplicated in nts_cookie
 #define NONCE_LENGTH 16


=====================================
ntpd/nts_server.c
=====================================
@@ -19,6 +19,7 @@
 #include "ntpd.h"
 #include "ntp_stdlib.h"
 #include "nts.h"
+#include "nts2.h"
 
 
 static bool nts_load_certificate(SSL_CTX *ctx);


=====================================
tests/ntpd/nts.c
=====================================
@@ -1,4 +1,5 @@
 #include "nts.h"
+#include "nts2.h"
 #include "unity.h"
 #include "unity_fixture.h"
 #include <stdio.h>



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/b402d16d197451f85c286be5ba531d6aef27b7a8

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/b402d16d197451f85c286be5ba531d6aef27b7a8
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190309/3cf0bfdc/attachment-0001.html>

More information about the vc mailing list