[Git][NTPsec/ntpsec][master] 4 commits: Drop ctmemeq, use CRYPTO_memcmp

Hal Murray (@hal.murray) gitlab at mg.gitlab.com
Mon Feb 21 08:09:06 UTC 2022



Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
47943a8d by Hal Murray at 2022-02-17T16:16:26-08:00
Drop ctmemeq, use CRYPTO_memcmp

- - - - -
39213a56 by Hal Murray at 2022-02-17T16:16:26-08:00
Minor tweaks to ntpd/refclock_nmea.c

- - - - -
a95da63f by Hal Murray at 2022-02-17T16:16:26-08:00
Works with OpenSSL 3.0

- - - - -
cfa361c4 by Hal Murray at 2022-02-21T00:06:19-08:00
Add --enable-attic (default is off)

- - - - -


5 changed files:

- NEWS.adoc
- libntp/macencrypt.c
- ntpd/refclock_nmea.c
- wafhelpers/options.py
- wscript


Changes:

=====================================
NEWS.adoc
=====================================
@@ -12,6 +12,10 @@ on user-visible changes.
 
 == Reposatory Head ==
 
+Add --enable-attic (default off)
+
+Works with OpenSSL 3.0
+
 Fix hash validation in ntpleapfetch again.
 
 FreeBSD now gets ns resolution on receive time stamps.


=====================================
libntp/macencrypt.c
=====================================
@@ -28,28 +28,6 @@
 extern EVP_MD_CTX *digest_ctx;
 extern CMAC_CTX *cmac_ctx;
 
-/* ctmemeq - test two blocks memory for equality without leaking
- * timing information.
- *
- * Return value: true if the two blocks of memory are equal, false
- * otherwise.
- *
- * TODO: find out if this is useful elsewhere and if so move
- * it to a more appropriate place and give it a prototype in a
- * header file.
- */
-static bool ctmemeq(const void *s1, const void *s2, size_t n) {
-	const uint8_t *a = s1;
-	const uint8_t *b = s2;
-	uint8_t accum = 0;
-
-	for(size_t i = 0; i < n; i++) {
-		accum |= a[i] ^ b[i];
-	}
-
-	return accum == 0;
-}
-
 /*
  * cmac_encrypt - generate CMAC authenticator
  *
@@ -120,7 +98,7 @@ cmac_decrypt(
 		    "MAC: decrypt: MAC length error");
 		return false;
 	}
-	return ctmemeq(mac, (char *)pkt + length + 4, len);
+	return !CRYPTO_memcmp(mac, (char *)pkt + length + 4, len);
 }
 
 /*
@@ -203,7 +181,7 @@ digest_decrypt(
 		    "ERR: decrypt: digest length error");
 		return false;
 	}
-	return ctmemeq(digest, (char *)pkt + length + 4, len);
+	return !CRYPTO_memcmp(digest, (char *)pkt + length + 4, len);
 }
 
 /*


=====================================
ntpd/refclock_nmea.c
=====================================
@@ -995,8 +995,7 @@ nmea_receive(
 		rc_date	 = parse_date(&date, &rdata, 2, DATE_3_DDMMYYYY);
 		fix_WNRO(&date, &up->wnro, peer);
 		pp->leap = parse_qual(&rdata, 4, '0', 1);
-/* May be wrong sign: HGM, 2022-Jan-17 */
-		date.tv_sec = -1; /* GPZDG is following second */
+		date.tv_sec -= 1; /* GPZDG is following second */
 		break;
 
 	case NMEA_PGRMF:
@@ -1038,9 +1037,13 @@ nmea_receive(
 		return;
 	}
 
-	/* FIXME: should use ctime_r */
+#ifdef DEBUG
+	{
+	char temp[100];
 	DPRINT(1, ("%s effective timecode: %s",
-		   refclock_name(peer), ctime(&date.tv_sec)));
+		   refclock_name(peer), ctime_r(&date.tv_sec, temp)));
+	}
+#endif
 
 	/* Check if we must enter GPS time mode; log so if we do */
 	if (!up->gps_time && (sentence == NMEA_GPZDG)) {
@@ -1667,8 +1670,6 @@ parse_date(
 static bool kludge_day (struct timespec *dt) {
   struct timespec now;
 
-/* FIXME: check if clock is valid. */
-
   clock_gettime(CLOCK_REALTIME, &now);
   int nowday = now.tv_sec / 86400;
   int nowsec = now.tv_sec % 86400;
@@ -1676,6 +1677,10 @@ static bool kludge_day (struct timespec *dt) {
   if ((gpssec-nowsec) > 12*3600) nowday -= 1;
   if ((nowsec-gpssec) > 12*3600) nowday += 1;
   dt->tv_sec += nowday*86400;
+
+  if (LEAP_NOTINSYNC == sys_vars.sys_leap) {
+    return false;
+  }
   return true;
 }
 


=====================================
wafhelpers/options.py
=====================================
@@ -12,6 +12,8 @@ def options_cmd(ctx, config):
                    default=False, help="Enable debugging code")
     grp.add_option('--enable-debug-gdb', action='store_true',
                    default=False, help="Enable GDB debugging symbols")
+    grp.add_option('--enable-attic', action='store_true',
+                   default=False, help="Enable building attic/*.")
     grp.add_option('--disable-nts', action='store_true',
                    default=False, help="Disable NTS.")
     grp.add_option('--disable-droproot', action='store_true',


=====================================
wscript
=====================================
@@ -778,6 +778,9 @@ int main(int argc, char **argv) {
                    comment="Enable MS-SNTP extensions "
                    " https://msdn.microsoft.com/en-us/library/cc212930.aspx")
 
+    if ctx.options.enable_attic:
+        ctx.env.ENABLE_ATTIC = True
+
     if ctx.options.disable_nts:
         ctx.env.DISABLE_NTS = True
         ctx.define("DISABLE_NTS", 1,
@@ -1065,7 +1068,8 @@ def build(ctx):
     ctx.recurse("ntpfrob")
     ctx.recurse("ntptime")
     ctx.recurse("pylib")
-    ctx.recurse("attic")
+    if ctx.env.ENABLE_ATTIC:
+      ctx.recurse("attic")
     ctx.recurse("etc")
     ctx.recurse("tests")
 



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/680c8520ba37ae070c6e74ec7fe3ebe14345691d...cfa361c4c4d8f4782bfbe263a0a0fcfb643b14ca

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/680c8520ba37ae070c6e74ec7fe3ebe14345691d...cfa361c4c4d8f4782bfbe263a0a0fcfb643b14ca
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20220221/b75818aa/attachment-0001.htm>


More information about the vc mailing list