[Git][NTPsec/ntpsec][master] 2 commits: Cleanup documentation of msyslog tags

Sun Sep 20 08:03:05 UTC 2020


Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
d9900ee1 by Hal Murray at 2020-09-17T18:11:58-07:00
Cleanup documentation of msyslog tags
  change CMAC: tags to MAC:

- - - - -
4f3fed2a by Hal Murray at 2020-09-19T13:49:30-07:00
Remove NTS-KE listening on port 123

- - - - -


6 changed files:

- NEWS.adoc
- devel/hacking.adoc
- include/nts.h
- libntp/authreadkeys.c
- libntp/macencrypt.c
- ntpd/nts_server.c


Changes:

=====================================
NEWS.adoc
=====================================
@@ -12,10 +12,10 @@ on user-visible changes.
 
 == Repository Head ==
 
-NTS KE client now defaults to port 4460.
+NTS-KE client now defaults to port 4460.
 
-NTS KE server now listens on port 4460 as well as 123.
-(Listening on 123 will be removed for 1.2.0)
+NTS-KE server now listens on port 4460.
+(Listening on port 123 has been removed.)
 
 == 2020-05-23: 1.1.9 ==
 


=====================================
devel/hacking.adoc
=====================================
@@ -657,19 +657,22 @@ should be able to use "git stash" to get around that.
 To facilitate analysis of logs, log messages are tagged with an initial
 topic group token.  These are:
 
-DNS:: DNS Lookup
-MAC:: Message authentication hash computation
 AUTH:: Authorization-key handling
-ERR:: Low-level errors from resource-management libraries
 BUG:: Bugs in the code
-LOG:: Log switching and debug levels
 CLOCK:: Low-level clock manipulation and validation checks & leap-second code
 CONFIG:: Configuration parsing and interpretation
+DEBUG:: Debugging, normally commented out
+DNS:: DNS Lookup
+ERR:: Low-level errors from resource-management libraries
 INIT:: Daemon setup
-SYNC:: Server synchronization
+LOG:: Log switching and debug levels
+MAC:: Message authentication hash computation
+MODE6:: Processing of Mode 6 requests
+NTS, NTSc, NTSs:: Network Time Security, RFC xxxx, NTSs=>server, NTSc=>client
 PROTO:: Protocol machine actions
 REFCLOCK:: Reference clock and driver actions
-MODE6:: Processing of Mode 6 requests
+RESTRICT:: Restrictions
+SYNC:: Server synchronization
 
 == Release Checklist
 


=====================================
include/nts.h
=====================================
@@ -17,8 +17,6 @@
 
 #define NTS_KE_PORT		4460
 #define NTS_KE_PORTA		"4460"
-#define NTS_KE_PORT_OLD		123
-#define NTS_KE_PORTA_OLD	"123"
 
 #define NTS_KE_TIMEOUT		3
 


=====================================
libntp/authreadkeys.c
=====================================
@@ -133,9 +133,9 @@ check_cmac_mac_length(
 
 	ctx = CMAC_CTX_new();
 	if (!CMAC_Init(ctx, key, EVP_CIPHER_key_length(cmac_cipher), cmac_cipher, NULL)) {
-		/* Shouldnv't happen. */
+		/* Shouldn't happen. */
 		msyslog(LOG_ERR,
-			"CMAC: encrypt: CMAC init failed during MAC length check");
+			"MAC: encrypt: CMAC init failed during MAC length check");
 		return;
 	}
 


=====================================
libntp/macencrypt.c
=====================================
@@ -69,7 +69,7 @@ cmac_encrypt(
 	if (!CMAC_Init(ctx, auth->key, auth->key_size, auth->cipher, NULL)) {
 		/* Shouldn't happen.  Does if wrong key_size. */
 		msyslog(LOG_ERR,
-		    "CMAC: encrypt: CMAC init failed, %u, %u",
+		    "MAC: encrypt: CMAC init failed, %u, %u",
 			auth->keyid, auth->key_size);
 		return (0);
 	}
@@ -102,7 +102,7 @@ cmac_decrypt(
 	if (!CMAC_Init(ctx, auth->key, auth->key_size, auth->cipher, NULL)) {
 		/* Shouldn't happen.  Does if wrong key_size. */
 		msyslog(LOG_ERR,
-		    "CMAC: decrypt: CMAC init failed, %u, %u",
+		    "MAC: decrypt: CMAC init failed, %u, %u",
 			auth->keyid, auth->key_size);
 		return false;
 	}
@@ -117,7 +117,7 @@ cmac_decrypt(
 		 * Similar code at digest_decrypt.
 		 */
 		if (0) msyslog(LOG_ERR,
-		    "CMAC: decrypt: MAC length error");
+		    "MAC: decrypt: MAC length error");
 		return false;
 	}
 	return ctmemeq(mac, (char *)pkt + length + 4, len);


=====================================
ntpd/nts_server.c
=====================================
@@ -42,9 +42,7 @@ static void nts_unlock_certlock(void);
 
 static SSL_CTX *server_ctx = NULL;
 static int listener4_sock = -1;
-static int listener4_sock_old = -1;
 static int listener6_sock = -1;
-static int listener6_sock_old = -1;
 
 /* We need a lock to protect reloading our certificate.
  * This seems like overkill, but it doesn't happen often. */
@@ -121,12 +119,6 @@ bool nts_server_init(void) {
 	msyslog(LOG_INFO, "NTSs: OpenSSL security level is %d",
 		SSL_CTX_get_security_level(server_ctx));
 
-	msyslog(LOG_INFO, "NTSs: starting NTS-KE server listening on old port %d",
-		NTS_KE_PORT_OLD);
-	ok &= create_listener4(NTS_KE_PORT_OLD);
-	ok &= create_listener6(NTS_KE_PORT_OLD);
-	listener4_sock_old = listener4_sock;
-	listener6_sock_old = listener6_sock;
 	msyslog(LOG_INFO, "NTSs: starting NTS-KE server listening on port %d",
 		NTS_KE_PORT);
 	ok &= create_listener4(NTS_KE_PORT);
@@ -154,13 +146,6 @@ bool nts_server_init2(void) {
 			msyslog(LOG_ERR, "NTSs: nts_start_server4: error from pthread_create: %s", errbuf);
 		}
 	}
-	if (listener4_sock_old != -1) {
-		rc = pthread_create(&worker, NULL, nts_ke_listener, &listener4_sock_old);
-		if (rc) {
-			ntp_strerror_r(errno, errbuf, sizeof(errbuf));
-			msyslog(LOG_ERR, "NTSs: nts_start_server4: error from pthread_create: %s", errbuf);
-		}
-	}
 	if (listener6_sock != -1) {
 		rc = pthread_create(&worker, NULL, nts_ke_listener, &listener6_sock);
 		if (rc) {
@@ -168,13 +153,6 @@ bool nts_server_init2(void) {
 			msyslog(LOG_ERR, "NTSs: nts_start_server6: error from pthread_create: %s", errbuf);
 		}
 	}
-	if (listener6_sock_old != -1) {
-		rc = pthread_create(&worker, NULL, nts_ke_listener, &listener6_sock_old);
-		if (rc) {
-			ntp_strerror_r(errno, errbuf, sizeof(errbuf));
-			msyslog(LOG_ERR, "NTSs: nts_start_server6: error from pthread_create: %s", errbuf);
-		}
-	}
 	pthread_sigmask(SIG_SETMASK, &saved_sig_mask, NULL);
 
 	return true;



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/96eed0c30581518f2c1756d388086d0ecbe04199...4f3fed2aa733dd246c294e12b793556d1f477437

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/96eed0c30581518f2c1756d388086d0ecbe04199...4f3fed2aa733dd246c294e12b793556d1f477437
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20200920/e37be6d0/attachment-0001.htm>
