From 515bd10243a3f90af80df8024ade33571df042c3 Mon Sep 17 00:00:00 2001
From: roberto <roberto@FreeBSD.org>
Date: Thu, 22 Jul 2004 09:16:04 +0000
Subject: The following patch has been taken from the ntp-stable vendor branch.

Put everything OpenSSL related between #ifdef OPENSSL..#endif.

This also fixes bugs #252, #275 & #293.

See
<http://ntp.bkbits.net:8080/ntp-stable/hist/util/ntp-keygen.c?nav=index.html|src/+|src/util>
for reference.

Submitted by:	Marius Strobl <marius@alchemy.franken.de>
---
 contrib/ntp/util/ntp-keygen.c | 73 ++++++++++++++++++++++++++++++++++---------
 1 file changed, 59 insertions(+), 14 deletions(-)

(limited to 'contrib')

diff --git a/contrib/ntp/util/ntp-keygen.c b/contrib/ntp/util/ntp-keygen.c
index 850ae4c..2d91652 100644
--- a/contrib/ntp/util/ntp-keygen.c
+++ b/contrib/ntp/util/ntp-keygen.c
@@ -159,7 +159,9 @@ u_long	asn2ntp		P((ASN1_TIME *));
 extern char *optarg;		/* command line argument */
 int	debug = 0;		/* debug, not de bug */
 int	rval;			/* return status */
+#ifdef OPENSSL
 u_int	modulus = PLEN;		/* prime modulus size (bits) */
+#endif
 int	nkeys = 0;		/* MV keys */
 time_t	epoch;			/* Unix epoch (seconds) since 1970 */
 char	*hostname;		/* host name (subject name) */
@@ -221,7 +223,9 @@ main(
 	EVP_PKEY *pkey_iff = NULL; /* IFF parameters */
 	EVP_PKEY *pkey_gq = NULL; /* GQ parameters */
 	EVP_PKEY *pkey_mv = NULL; /* MV parameters */
+#endif
 	int	md5key = 0;	/* generate MD5 keys */
+#ifdef OPENSSL
 	int	hostkey = 0;	/* generate RSA keys */
 	int	iffkey = 0;	/* generate IFF parameters */
 	int	gqpar = 0;	/* generate GQ parameters */
@@ -231,7 +235,6 @@ main(
 	char	*sign = NULL;	/* sign key */
 	EVP_PKEY *pkey = NULL;	/* temp key */
 	const EVP_MD *ectx;	/* EVP digest */
-	char	hostbuf[MAXHOSTNAME + 1];
 	char	pathbuf[MAXFILENAME + 1];
 	const char *scheme = NULL; /* digest/signature scheme */
 	char	*exten = NULL;	/* private extension */
@@ -240,6 +243,7 @@ main(
 	FILE	*fstr = NULL;	/* file handle */
 	int	iffsw = 0;	/* IFF key switch */
 #endif /* OPENSSL */
+	char	hostbuf[MAXHOSTNAME + 1];
 	u_int	temp;
 
 #ifdef SYS_WINNT
@@ -267,8 +271,10 @@ main(
 	 */
 	gethostname(hostbuf, MAXHOSTNAME);
 	hostname = hostbuf;
+#ifdef OPENSSL
 	trustname = hostbuf;
 	passwd1 = hostbuf;
+#endif
 #ifndef SYS_WINNT
 	gettimeofday(&tv, 0);
 #else
@@ -277,15 +283,22 @@ main(
 	epoch = tv.tv_sec;
 	rval = 0;
 	while ((temp = getopt(argc, argv,
-	    "c:deGgHIi:Mm:nPp:q:S:s:TV:v:")) != -1) {
+#ifdef OPENSSL
+	    "c:deGgHIi:Mm:nPp:q:S:s:TV:v:"
+#else
+	    "dM"
+#endif
+	    )) != -1) {
 		switch(temp) {
 
+#ifdef OPENSSL
 		/*
 		 * -c select public certificate type
 		 */
 		case 'c':
 			scheme = optarg;
 			continue;
+#endif
 
 		/*
 		 * -d debug
@@ -294,47 +307,59 @@ main(
 			debug++;
 			continue;
 
+#ifdef OPENSSL
 		/*
 		 * -e write identity keys
 		 */
 		case 'e':
 			iffsw++;
 			continue;
+#endif
 
+#ifdef OPENSSL
 		/*
 		 * -G generate GQ parameters and keys
 		 */
 		case 'G':
 			gqpar++;
 			continue;
+#endif
 
+#ifdef OPENSSL
 		/*
 		 * -g update GQ keys
 		 */
 		case 'g':
 			gqkey++;
 			continue;
+#endif
 
+#ifdef OPENSSL
 		/*
 		 * -H generate host key (RSA)
 		 */
 		case 'H':
 			hostkey++;
 			continue;
+#endif
 
+#ifdef OPENSSL
 		/*
 		 * -I generate IFF parameters
 		 */
 		case 'I':
 			iffkey++;
 			continue;
+#endif
 
+#ifdef OPENSSL
 		/*
 		 * -i set issuer name
 		 */
 		case 'i':
 			trustname = optarg;
 			continue;
+#endif
 
 		/*
 		 * -M generate MD5 keys
@@ -343,7 +368,7 @@ main(
 			md5key++;
 			continue;
 
-
+#ifdef OPENSSL
 		/*
 		 * -m select modulus (256-2048)
 		 */
@@ -352,49 +377,63 @@ main(
 				fprintf(stderr,
 				    "invalid option -m %s\n", optarg);	
 			continue;
-		
+#endif
+
+#ifdef OPENSSL
 		/*
 		 * -P generate PC private certificate
 		 */
 		case 'P':
 			exten = EXT_KEY_PRIVATE;
 			continue;
+#endif
 
+#ifdef OPENSSL
 		/*
 		 * -p output private key password
 		 */
 		case 'p':
 			passwd2 = optarg;
 			continue;
+#endif
 
+#ifdef OPENSSL
 		/*
 		 * -q input private key password
 		 */
 		case 'q':
 			passwd1 = optarg;
 			continue;
+#endif
 
+#ifdef OPENSSL
 		/*
 		 * -S generate sign key (RSA or DSA)
 		 */
 		case 'S':
 			sign = optarg;
 			continue;
+#endif
 
+#ifdef OPENSSL
 		/*
 		 * -s set subject name
 		 */
 		case 's':
 			hostname = optarg;
 			continue;
-		
+#endif
+
+#ifdef OPENSSL
 		/*
 		 * -T trusted certificate (TC scheme)
 		 */
 		case 'T':
 			exten = EXT_KEY_TRUST;
 			continue;
+#endif
 
+#ifdef OPENSSL
 		/*
 		 * -V <keys> generate MV parameters
 		 */
@@ -404,7 +443,9 @@ main(
 				fprintf(stderr,
 				    "invalid option -V %s\n", optarg);
 			continue;
+#endif
 
+#ifdef OPENSSL
 		/*
 		 * -v <key> update MV keys
 		 */
@@ -414,6 +455,7 @@ main(
 				fprintf(stderr,
 				    "invalid option -v %s\n", optarg);
 			continue;
+#endif
 
 		/*
 		 * None of the above.
@@ -446,6 +488,7 @@ main(
 	fprintf(stderr,
 	    "Random seed file %s %u bytes\n", pathbuf, temp);
 	RAND_add(&epoch, sizeof(epoch), 4.0);
+#endif
 
 	/*
 	 * Generate new parameters and keys as requested. These replace
@@ -453,6 +496,7 @@ main(
 	 */
 	if (md5key)
 		gen_md5("MD5");
+#ifdef OPENSSL
 	if (hostkey)
 		pkey_host = genkey("RSA", "host");
 	if (sign != NULL)
@@ -714,7 +758,7 @@ gen_md5(
 			}
 			md5key[j] = (u_char)temp;
 		}
-		md5key[16] = '\0';
+		md5key[15] = '\0';
 		fprintf(str, "%2d MD5 %16s	# MD5 key\n", i,
 		    md5key);
 	}
@@ -1245,7 +1289,7 @@ gen_mv(
 	char	*id		/* file name id */
 	)
 {
-	EVP_PKEY *pkey;		/* private key */
+	EVP_PKEY *pkey, *pkey1;	/* private key */
 	DSA	*dsa;		/* DSA parameters */
 	DSA	*sdsa;		/* DSA parameters */
 	BN_CTX	*ctx;		/* BN working space */
@@ -1284,7 +1328,7 @@ gen_mv(
 	    modulus / n);
 	ctx = BN_CTX_new(); u = BN_new(); v = BN_new(); w = BN_new();
 	b = BN_new(); b1 = BN_new();
-	dsa = malloc(sizeof(DSA));
+	dsa = DSA_new();
 	dsa->p = BN_new();
 	dsa->q = BN_new();
 	dsa->g = BN_new();
@@ -1589,7 +1633,7 @@ gen_mv(
 	 * the designated recipient(s) who pay a suitably outrageous fee
 	 * for its use.
 	 */
-	sdsa = malloc(sizeof(DSA));
+	sdsa = DSA_new();
 	sdsa->p = BN_dup(dsa->p);
 	sdsa->q = BN_dup(BN_value_one());
 	sdsa->g = BN_dup(BN_value_one());
@@ -1622,15 +1666,16 @@ gen_mv(
 		 */
 		sprintf(ident, "MVkey%d", j);
 		str = fheader(ident, trustname);
-		pkey = EVP_PKEY_new();
-		EVP_PKEY_assign_DSA(pkey, sdsa);
-		PEM_write_PrivateKey(str, pkey, passwd2 ?
+		pkey1 = EVP_PKEY_new();
+		EVP_PKEY_set1_DSA(pkey1, sdsa);
+		PEM_write_PrivateKey(str, pkey1, passwd2 ?
 		    EVP_des_cbc() : NULL, NULL, 0, NULL, passwd2);
 		fclose(str);
 		fprintf(stderr, "ntpkey_%s_%s.%lu\n", ident, trustname,
 		    epoch + JAN_1970);
 		if (debug)
 			DSA_print_fp(stdout, sdsa, 0);
+		EVP_PKEY_free(pkey1);
 	}
 
 	/*
@@ -1643,7 +1688,7 @@ gen_mv(
 	BN_free(u); BN_free(v); BN_free(w); BN_CTX_free(ctx);
 	BN_free(b); BN_free(b1); BN_free(biga); BN_free(bige);
 	BN_free(ss); BN_free(gbar); BN_free(ghat);
-	DSA_free(dsa); DSA_free(sdsa);
+	DSA_free(sdsa);
 
 	/*
 	 * Free the world.
@@ -1883,7 +1928,6 @@ cb	(
 		break;
 	}
 }
-#endif /* OPENSSL */
 
 
 /*
@@ -1907,6 +1951,7 @@ genkey(
 	rval = -1;
 	return (NULL);
 }
+#endif /* OPENSSL */
 
 
 /*
-- 
cgit v1.1