From b8126de23e957978b4d0403097cd8402f0c1d82a Mon Sep 17 00:00:00 2001 From: delphij Date: Wed, 12 Apr 2017 06:24:35 +0000 Subject: Fix multiple vulnerabilities of ntp. [SA-17:03] Xen migration enhancements. [EN-17:05] Approved by: so --- contrib/ntp/ntpd/ntp_crypto.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) (limited to 'contrib/ntp/ntpd/ntp_crypto.c') diff --git a/contrib/ntp/ntpd/ntp_crypto.c b/contrib/ntp/ntpd/ntp_crypto.c index 956875d..36b43cf 100644 --- a/contrib/ntp/ntpd/ntp_crypto.c +++ b/contrib/ntp/ntpd/ntp_crypto.c @@ -22,11 +22,15 @@ #include "ntp_calendar.h" #include "ntp_leapsec.h" +#include "openssl/asn1.h" #include "openssl/bn.h" +#include "openssl/crypto.h" #include "openssl/err.h" #include "openssl/evp.h" +#include "openssl/opensslv.h" #include "openssl/pem.h" #include "openssl/rand.h" +#include "openssl/x509.h" #include "openssl/x509v3.h" #include "libssl_compat.h" @@ -193,7 +197,7 @@ static int crypto_gq (struct exten *, struct peer *); static int crypto_mv (struct exten *, struct peer *); static int crypto_send (struct exten *, struct value *, int); static tstamp_t crypto_time (void); -static void asn_to_calendar (ASN1_TIME *, struct calendar*); +static void asn_to_calendar (const ASN1_TIME *, struct calendar*); static struct cert_info *cert_parse (const u_char *, long, tstamp_t); static int cert_sign (struct exten *, struct value *); static struct cert_info *cert_install (struct exten *, struct peer *); @@ -2010,7 +2014,7 @@ crypto_time() static void asn_to_calendar ( - ASN1_TIME *asn1time, /* pointer to ASN1_TIME structure */ + const ASN1_TIME *asn1time, /* pointer to ASN1_TIME structure */ struct calendar *pjd /* pointer to result */ ) { @@ -3187,8 +3191,8 @@ cert_sign( serial = ASN1_INTEGER_new(); ASN1_INTEGER_set(serial, tstamp); X509_set_serialNumber(cert, serial); - X509_gmtime_adj(X509_get_notBefore(cert), 0L); - X509_gmtime_adj(X509_get_notAfter(cert), YEAR); + X509_gmtime_adj(X509_getm_notBefore(cert), 0L); + X509_gmtime_adj(X509_getm_notAfter(cert), YEAR); subj = X509_get_issuer_name(cert); X509_NAME_add_entry_by_txt(subj, "commonName", MBSTRING_ASC, hostval.ptr, strlen((const char *)hostval.ptr), -1, 0); @@ -3497,8 +3501,8 @@ cert_parse( return (NULL); } ret->issuer = estrdup(pch + 3); - asn_to_calendar(X509_get_notBefore(cert), &(ret->first)); - asn_to_calendar(X509_get_notAfter(cert), &(ret->last)); + asn_to_calendar(X509_get0_notBefore(cert), &(ret->first)); + asn_to_calendar(X509_get0_notAfter(cert), &(ret->last)); /* * Extract extension fields. These are ad hoc ripoffs of @@ -3922,7 +3926,8 @@ crypto_setup(void) RAND_seed(&seed, sizeof(l_fp)); RAND_write_file(randfile); DPRINTF(1, ("crypto_setup: OpenSSL version %lx random seed file %s bytes read %d\n", - SSLeay(), randfile, bytes)); + OpenSSL_version_num(), randfile, bytes)); + } /* -- cgit v1.1