diff options
author | delphij <delphij@FreeBSD.org> | 2017-04-12 06:24:35 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2017-04-12 06:24:35 +0000 |
commit | b8126de23e957978b4d0403097cd8402f0c1d82a (patch) | |
tree | f1de81f49e9bed94c537e2b96701aa1180fa111c /contrib/ntp/ntpd/ntp_crypto.c | |
parent | 8ec5a888ff17420a447fce1d15a0413c122dd297 (diff) | |
download | FreeBSD-src-b8126de23e957978b4d0403097cd8402f0c1d82a.zip FreeBSD-src-b8126de23e957978b4d0403097cd8402f0c1d82a.tar.gz |
Fix multiple vulnerabilities of ntp. [SA-17:03]
Xen migration enhancements. [EN-17:05]
Approved by: so
Diffstat (limited to 'contrib/ntp/ntpd/ntp_crypto.c')
-rw-r--r-- | contrib/ntp/ntpd/ntp_crypto.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/contrib/ntp/ntpd/ntp_crypto.c b/contrib/ntp/ntpd/ntp_crypto.c index 956875d..36b43cf 100644 --- a/contrib/ntp/ntpd/ntp_crypto.c +++ b/contrib/ntp/ntpd/ntp_crypto.c @@ -22,11 +22,15 @@ #include "ntp_calendar.h" #include "ntp_leapsec.h" +#include "openssl/asn1.h" #include "openssl/bn.h" +#include "openssl/crypto.h" #include "openssl/err.h" #include "openssl/evp.h" +#include "openssl/opensslv.h" #include "openssl/pem.h" #include "openssl/rand.h" +#include "openssl/x509.h" #include "openssl/x509v3.h" #include "libssl_compat.h" @@ -193,7 +197,7 @@ static int crypto_gq (struct exten *, struct peer *); static int crypto_mv (struct exten *, struct peer *); static int crypto_send (struct exten *, struct value *, int); static tstamp_t crypto_time (void); -static void asn_to_calendar (ASN1_TIME *, struct calendar*); +static void asn_to_calendar (const ASN1_TIME *, struct calendar*); static struct cert_info *cert_parse (const u_char *, long, tstamp_t); static int cert_sign (struct exten *, struct value *); static struct cert_info *cert_install (struct exten *, struct peer *); @@ -2010,7 +2014,7 @@ crypto_time() static void asn_to_calendar ( - ASN1_TIME *asn1time, /* pointer to ASN1_TIME structure */ + const ASN1_TIME *asn1time, /* pointer to ASN1_TIME structure */ struct calendar *pjd /* pointer to result */ ) { @@ -3187,8 +3191,8 @@ cert_sign( serial = ASN1_INTEGER_new(); ASN1_INTEGER_set(serial, tstamp); X509_set_serialNumber(cert, serial); - X509_gmtime_adj(X509_get_notBefore(cert), 0L); - X509_gmtime_adj(X509_get_notAfter(cert), YEAR); + X509_gmtime_adj(X509_getm_notBefore(cert), 0L); + X509_gmtime_adj(X509_getm_notAfter(cert), YEAR); subj = X509_get_issuer_name(cert); X509_NAME_add_entry_by_txt(subj, "commonName", MBSTRING_ASC, hostval.ptr, strlen((const char *)hostval.ptr), -1, 0); @@ -3497,8 +3501,8 @@ cert_parse( return (NULL); } ret->issuer = estrdup(pch + 3); - asn_to_calendar(X509_get_notBefore(cert), &(ret->first)); - asn_to_calendar(X509_get_notAfter(cert), &(ret->last)); + asn_to_calendar(X509_get0_notBefore(cert), &(ret->first)); + asn_to_calendar(X509_get0_notAfter(cert), &(ret->last)); /* * Extract extension fields. These are ad hoc ripoffs of @@ -3922,7 +3926,8 @@ crypto_setup(void) RAND_seed(&seed, sizeof(l_fp)); RAND_write_file(randfile); DPRINTF(1, ("crypto_setup: OpenSSL version %lx random seed file %s bytes read %d\n", - SSLeay(), randfile, bytes)); + OpenSSL_version_num(), randfile, bytes)); + } /* |