[Git][NTPsec/ntpsec][master] 4 commits: Delete temp keys file after testing
Hal Murray (@hal.murray)
gitlab at mg.gitlab.com
Mon Jan 16 20:03:07 UTC 2023
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
5043d11e by Hal Murray at 2023-01-16T06:47:36-08:00
Delete temp keys file after testing
The tests are run as part of install which leaves
a file owned by root. This deletes it if the tests work.
- - - - -
7f844e09 by Hal Murray at 2023-01-16T06:47:36-08:00
Minor cleanups to several attic routines
- - - - -
259fe742 by Hal Murray at 2023-01-16T06:47:36-08:00
refid_str cleanup
Drop leading/trailing "." (was added by refid_str)
Drop trailing spaces (Facebook was sending "FB ")
It's only used by record_raw_stats
- - - - -
51431e62 by Hal Murray at 2023-01-16T06:47:36-08:00
Fix a couple of obscure bugs uncovered while working on ntp_control
sys_authdelay had a bogus conversion but it's only used via ntpq
ntpq default data for a peer was checking the DEF bit
in the system table rather than the peer table
but then sending the correct peer data for that slot.
It probably mostly worked since the DEF slots were near the front
in both tables.
- - - - -
9 changed files:
- attic/clocks.c
- attic/digest-find.c
- attic/digest-timing.c
- attic/random.c
- libntp/numtoa.c
- ntpd/ntp_control.c
- ntpd/ntp_proto.c
- tests/libntp/numtoa.c
- tests/ntpd/nts_cookie.c
Changes:
=====================================
attic/clocks.c
=====================================
@@ -131,12 +131,10 @@ static int do_average(int type, const char* name) {
}
-static int do_fastest(int type, const char* name) {
+static int do_fastest(int type) {
struct timespec start, stop;
uint64_t sec, nanos, fastest;
- (void)name; /* Squash unused warnings */
-
dups = 0;
fastest = 999999999;
for (int i = 0; i < BATCHSIZE; i++) {
@@ -257,7 +255,7 @@ int main(int argc, char *argv[]) {
for (int i=0; (NULL != clocks[i].name); i++) {
res = do_res(clocks[i].type, clocks[i].name);
average = do_average(clocks[i].type, clocks[i].name);
- fastest = do_fastest(clocks[i].type, clocks[i].name);
+ fastest = do_fastest(clocks[i].type);
printf("%9d %5d %8d", res, average, fastest);
if (0.9*BATCHSIZE < dups) {
/* Hack: negative to show good if close to all are bad */
@@ -273,7 +271,7 @@ int main(int argc, char *argv[]) {
if (1) {
int faster;
- fastest = do_fastest(CLOCK_REALTIME, "CLOCK_REALTIME");
+ fastest = do_fastest(CLOCK_REALTIME);
while (1) {
faster = do_hist(CLOCK_REALTIME, fastest);
if (0 == faster) { break;
=====================================
attic/digest-find.c
=====================================
@@ -25,12 +25,18 @@
#define UNUSED_ARG(arg) ((void)(arg))
-
+/* 2023-Jan-10
+ * This program is close to useless since
+ * most distros support the first 4 and no others..
+ */
const char* digests[] = {
- "MD2", "MD4", "MD5",
- "SHA", "SHA1",
+ "MD5",
+ "SHA1",
+ "SHA256", "SHA384",
+ "MD2", "MD4"
+ "SHA", "SHA3",
+ "SHA224", "SHA512",
"RMD160", "RIPEMD160",
- "SHA224", "SHA256", "SHA384", "SHA512",
"MDC2", "GOST", "DSS1",
"ChaCha20", "Poly1305",
NULL };
=====================================
attic/digest-timing.c
=====================================
@@ -17,6 +17,7 @@
* 0x1000105fL 1.0.1e works.
*/
+#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
@@ -35,12 +36,11 @@
#define UNUSED_ARG(arg) ((void)(arg))
-#ifndef EVP_MD_CTX_reset
+#ifndef EVP_MD_CTX_new
/* Slightly older version of OpenSSL */
/* Similar hack in ssl_init.c */
#define EVP_MD_CTX_new() EVP_MD_CTX_create()
#define EVP_MD_CTX_free(ctx) EVP_MD_CTX_destroy(ctx)
-#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_init(ctx)
#endif
@@ -49,11 +49,13 @@
int NUM = 1000000;
+bool do_all = false;
+
#define PACKET_LENGTH 48
/* Nothing magic about these key lengths.
* ntpkeygen just happens to label things this way.
+ * Most distros support these 4 and no others.
*/
-#define AES_KEY_LENGTH 16
#define MD5_KEY_LENGTH 16
#define SHA1_KEY_LENGTH 20
#define MAX_KEY_LENGTH 64
@@ -78,17 +80,16 @@ static void ssl_init(void)
static unsigned int SSL_Digest(
const EVP_MD *digest, /* hash algorithm */
uint8_t *key, /* key pointer */
- int keylength, /* key size */
+ int keylength, /* key size */
uint8_t *pkt, /* packet pointer */
int pktlength /* packet length */
) {
unsigned char answer[EVP_MAX_MD_SIZE];
unsigned int len;
- EVP_MD_CTX_reset(ctx);
- EVP_DigestInit(ctx, digest);
+ EVP_DigestInit_ex(ctx, digest, NULL);
EVP_DigestUpdate(ctx, key, keylength);
EVP_DigestUpdate(ctx, pkt, pktlength);
- EVP_DigestFinal(ctx, answer, &len);
+ EVP_DigestFinal_ex(ctx, answer, &len);
return len;
}
@@ -169,9 +170,10 @@ int main(int argc, char *argv[])
uint8_t key[MAX_KEY_LENGTH];
uint8_t packet[PACKET_LENGTH];
- UNUSED_ARG(argc);
UNUSED_ARG(argv);
+ if (argc>1) do_all = true;
+
setlinebuf(stdout);
ssl_init();
@@ -182,25 +184,22 @@ int main(int argc, char *argv[])
printf("# KL=key length, PL=packet length, DL=digest length\n");
printf("# Digest KL PL DL ns/op sec/run slow %% diff\n");
+ DoDigest("MD5", key, MD5_KEY_LENGTH, packet, PACKET_LENGTH);
+ DoDigest("SHA1", key, MD5_KEY_LENGTH, packet, PACKET_LENGTH);
+ DoDigest("SHA1", key, SHA1_KEY_LENGTH, packet, PACKET_LENGTH);
+
+if (do_all) {
DoDigest("MD5", key, MD5_KEY_LENGTH, packet, PACKET_LENGTH);
DoDigest("MD5", key, MD5_KEY_LENGTH-1, packet, PACKET_LENGTH);
DoDigest("MD5", key, SHA1_KEY_LENGTH, packet, PACKET_LENGTH);
DoDigest("SHA1", key, MD5_KEY_LENGTH, packet, PACKET_LENGTH);
DoDigest("SHA1", key, SHA1_KEY_LENGTH, packet, PACKET_LENGTH);
DoDigest("SHA1", key, SHA1_KEY_LENGTH-1, packet, PACKET_LENGTH);
- DoDigest("SHA224", key, 16, packet, PACKET_LENGTH);
- DoDigest("SHA224", key, 20, packet, PACKET_LENGTH);
DoDigest("SHA256", key, 16, packet, PACKET_LENGTH);
DoDigest("SHA256", key, 20, packet, PACKET_LENGTH);
DoDigest("SHA384", key, 16, packet, PACKET_LENGTH);
DoDigest("SHA384", key, 20, packet, PACKET_LENGTH);
- DoDigest("SHA512", key, 16, packet, PACKET_LENGTH);
- DoDigest("SHA512", key, 20, packet, PACKET_LENGTH);
- DoDigest("SHA512", key, 24, packet, PACKET_LENGTH);
- DoDigest("SHA512", key, 32, packet, PACKET_LENGTH);
- DoDigest("RIPEMD160", key, 16, packet, PACKET_LENGTH);
- DoDigest("RIPEMD160", key, 20, packet, PACKET_LENGTH);
- DoDigest("RIPEMD160", key, 32, packet, PACKET_LENGTH);
+}
return 0;
}
=====================================
attic/random.c
=====================================
@@ -166,6 +166,7 @@ static int do_fastest(void) {
}
}
(void)sum; /* Squash unused warning */
+
return fastest;
}
=====================================
libntp/numtoa.c
=====================================
@@ -12,7 +12,9 @@
#include "lib_strbuf.h"
#include "ntp_stdlib.h"
-/* Convert a refid & stratum to a string */
+/* Convert a refid & stratum to a string
+ * Only used by record_raw_stats
+ */
const char *
refid_str(
uint32_t refid,
@@ -29,12 +31,18 @@ refid_str(
}
text = lib_getbuf();
- text[0] = '.';
- memcpy(&text[1], &refid, sizeof(refid));
+ memcpy(&text[0], &refid, sizeof(refid));
text[1 + sizeof(refid)] = '\0';
+ // Chop off trailing spaces. Facebook was sending "FB "
+ for (int i=sizeof(refid)-1; i>0; i--) {
+ if (text[i] != ' ') break;
+ text[i] = '\0';
+ }
tlen = strlen(text);
- text[tlen] = '.';
- text[tlen + 1] = '\0';
+ if (0 == tlen) {
+ strlcat(text, "?", sizeof(text));
+ }
+ text[tlen] = '\0';
return text;
}
=====================================
ntpd/ntp_control.c
=====================================
@@ -2496,7 +2496,7 @@ read_status(
* For now, output everything we know about the
* peer. May be more selective later.
*/
- for (const struct ctl_var *kv = sys_var; kv && !(EOV & kv->flags); kv++)
+ for (const struct ctl_var *kv = peer_var; kv && !(EOV & kv->flags); kv++)
if (kv->flags & DEF)
ctl_putpeer(kv->code, peer);
ctl_flushpkt(0);
=====================================
ntpd/ntp_proto.c
=====================================
@@ -2388,7 +2388,7 @@ fast_xmit(
}
sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, &xpkt, (int)sendlen);
clock_gettime(CLOCK_REALTIME, &finish);
- sys_authdelay = tspec_to_d(sub_tspec(finish, start));
+ sys_authdelay = tspec_intv_to_lfp(sub_tspec(finish, start));
/* Previous versions of this code had separate DPRINT-s so it
* could print the key on the auth case. That requires separate
* sendpkt-s on each branch or the DPRINT pollutes the timing. */
=====================================
tests/libntp/numtoa.c
=====================================
@@ -19,7 +19,10 @@ TEST(numtoa, RefidStr) {
TEST_ASSERT_EQUAL_STRING("68.51.34.17", res);
// Test !(stratum > 1)
res = refid_str(htonl(0x47505300), 0);
- TEST_ASSERT_EQUAL_STRING(".GPS.", res);
+ TEST_ASSERT_EQUAL_STRING("GPS", res);
+ // Test dropping trailing spaces
+ res = refid_str(htonl(0x46422020), 0);
+ TEST_ASSERT_EQUAL_STRING("FB", res);
}
TEST_GROUP_RUNNER(numtoa) {
=====================================
tests/ntpd/nts_cookie.c
=====================================
@@ -76,10 +76,12 @@ TEST(nts_cookie, nts_make_unpack_cookie) {
TEST_ASSERT_EQUAL_UINT8_ARRAY(s2c, s2c_2, 16);
}
+const char *cookie_file_name = "test-cookie-keys";
+
TEST(nts_cookie, nts_read_write_cookies) {
struct NTS_Key k0, k1, k2;
bool ok;
- ntsconfig.KI = "test-cookie-keys";
+ ntsconfig.KI = cookie_file_name;
nts_nKeys = 0;
nts_make_cookie_key();
nts_make_cookie_key();
@@ -108,4 +110,10 @@ TEST_GROUP_RUNNER(nts_cookie) {
RUN_TEST_CASE(nts_cookie, nts_make_unpack_cookie);
RUN_TEST_CASE(nts_cookie, nts_make_cookie_key);
RUN_TEST_CASE(nts_cookie, nts_read_write_cookies);
+ /* This test gets run as root during install
+ * that leaves the cookie file that we can't read/write
+ * so clean it up now.
+ * If we crash, we don't get here so the evidence is still
+ * left around in case it helps debugging. */
+ unlink(cookie_file_name);
}
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/95d6e9c87b6a5f30175bb692756728c081a880bd...51431e62124410a6d5cad160635ba97de0fb52f2
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/95d6e9c87b6a5f30175bb692756728c081a880bd...51431e62124410a6d5cad160635ba97de0fb52f2
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20230116/b301f7f9/attachment-0001.htm>
More information about the vc
mailing list