buildroot/package/ntp/0003-fix-md5update.patch

210 lines
7.3 KiB
Diff

Fix build with -Wincompatible-pointer-types -Werror
Upstream: https://people.nwtime.org/hart/ntp-stable-3928-29.tar.gz
Ported fix from updated tarball provided by upstream:
https://bugs.ntp.org/show_bug.cgi?id=3929#c9
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
diff -uNr ntp-4.2.8p18.orig/include/ntp_md5.h ntp-4.2.8p18/include/ntp_md5.h
--- ntp-4.2.8p18.orig/include/ntp_md5.h 2024-05-07 13:21:16.000000000 +0200
+++ ntp-4.2.8p18/include/ntp_md5.h 2024-07-24 01:26:46.000000000 +0200
@@ -1,56 +1,73 @@
/*
* ntp_md5.h: deal with md5.h headers
*
- * Use the system MD5 if available, otherwise libisc's.
+ * Use the system MD5 if available, otherwise use libisc's.
+ * Yes, MD5 has been deprecated. Nevertheless, ntpd IPv6 refid
+ * calculation uses MD5 to derive a 32-bit refid from a 128-bit
+ * IPv6 address. This use is retained to avoid breaking loop
+ * detection that would be triggered by such change, and because
+ * we are not depending on cryptographic strength for such use.
*/
#ifndef NTP_MD5_H
#define NTP_MD5_H
/* Use the system MD5 or fall back on libisc's */
-# if defined HAVE_MD5_H && defined HAVE_MD5INIT
-# include <md5.h>
-# else
-# include "isc/md5.h"
- typedef isc_md5_t MD5_CTX;
-# define MD5_DIGEST_LENGTH ISC_MD5_DIGESTLENGTH
-# define MD5Init(c) isc_md5_init(c)
-# define MD5Update(c, p, s) isc_md5_update(c, (const void *)p, s)
-# define MD5Final(d, c) isc_md5_final((c), (d)) /* swapped */
-# endif
-
-# define KEY_TYPE_MD5 NID_md5
+#if defined HAVE_MD5_H && defined HAVE_MD5INIT
+# include <md5.h>
+# define ntp_md5_init(c) MD5Init(c)
+# define ntp_md5_update(c, p, s) MD5Update(c, (const void *)(p), s)
+# define ntp_md5_final(d, c) MD5Final(d, c)
+#else
+# include "isc/md5.h"
+typedef isc_md5_t MD5_CTX;
+# define MD5_DIGEST_LENGTH ISC_MD5_DIGESTLENGTH
+# define ntp_md5_init(c) isc_md5_init(c)
+# define ntp_md5_update(c, p, s) isc_md5_update(c, (const void *)(p), s)
+# define ntp_md5_final(d, c) isc_md5_final((c), (d)) /* swapped */
+#endif
#ifdef OPENSSL
# include <openssl/evp.h>
# include "libssl_compat.h"
# ifdef HAVE_OPENSSL_CMAC_H
# include <openssl/cmac.h>
-# define CMAC "AES128CMAC"
-# define AES_128_KEY_SIZE 16
-# endif /*HAVE_OPENSSL_CMAC_H*/
+# define CMAC "AES128CMAC"
+# define AES_128_KEY_SIZE 16
+# endif
#else /* !OPENSSL follows */
/*
- * Provide OpenSSL-alike MD5 API if we're not using OpenSSL
+ * Provide OpenSSL-alike MD5 API if we're not using OpenSSL. Most of this
+ * is used only by sntp when building it --without-crypto.
*/
- typedef MD5_CTX EVP_MD_CTX;
+typedef MD5_CTX EVP_MD_CTX;
# define NID_md5 4 /* from openssl/objects.h */
# define EVP_MAX_MD_SIZE MD5_DIGEST_LENGTH
+
+/*
+ * The following is used only by sntp configured --without-crypto as ntpd
+ * now uses explicit MD5 functions for MD5 uses which remain even where MD5
+ * is unavailable in OpenSSL, such as FIPS OpenSSL. Note that FIPS may be
+ * available in the build environment but not at runtime, as is the case
+ * with packaged NTP binaries.
+ * The remaining uses of MD5 are IPv6 refids and mode 6 nonces. ntpd does
+ * go through OpenSSL when using MD5 for symmetric authentication.
+ */
# define EVP_MD_CTX_free(c) free(c)
# define EVP_MD_CTX_new() calloc(1, sizeof(MD5_CTX))
# define EVP_get_digestbynid(t) NULL
# define EVP_md5() NULL
# define EVP_MD_CTX_init(c)
# define EVP_MD_CTX_set_flags(c, f)
-# define EVP_DigestInit(c, dt) (MD5Init(c), 1)
-# define EVP_DigestInit_ex(c, dt, i) (MD5Init(c), 1)
-# define EVP_DigestUpdate(c, p, s) MD5Update(c, (const void *)(p), \
- s)
-# define EVP_DigestFinal(c, d, pdl) \
- do { \
- MD5Final((d), (c)); \
- *(pdl) = MD5_LENGTH; \
- } while (0)
-# endif /* !OPENSSL */
+# define EVP_DigestInit(c, dt) (ntp_md5_init(c), 1)
+# define EVP_DigestUpdate(c, p, s) ntp_md5_update(c, p, s)
+# define EVP_DigestFinal(c, d, pdl) \
+ do { \
+ ntp_md5_final((d), (c)); \
+ *(pdl) = MD5_LENGTH; \
+ } while (FALSE)
+
+#endif /* OPENSSL */
+
#endif /* NTP_MD5_H */
diff -uNr ntp-4.2.8p18.orig/libntp/a_md5encrypt.c ntp-4.2.8p18/libntp/a_md5encrypt.c
--- ntp-4.2.8p18.orig/libntp/a_md5encrypt.c 2024-05-07 13:21:31.000000000 +0200
+++ ntp-4.2.8p18/libntp/a_md5encrypt.c 2024-07-24 01:26:46.000000000 +0200
@@ -56,7 +56,7 @@
static MD5_CTX md5_ctx;
DEBUG_INSIST(NID_md5 == nid);
- MD5Init(&md5_ctx);
+ ntp_md5_init(&md5_ctx);
return &md5_ctx;
#else
@@ -171,10 +171,10 @@
if (digest->len < MD5_LENGTH) {
msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 buf too small.");
} else {
- MD5Init(ctx);
- MD5Update(ctx, (const void *)key->buf, key->len);
- MD5Update(ctx, (const void *)msg->buf, msg->len);
- MD5Final(digest->buf, ctx);
+ ntp_md5_init(ctx);
+ ntp_md5_update(ctx, key->buf, key->len);
+ ntp_md5_update(ctx, msg->buf, msg->len);
+ ntp_md5_final(digest->buf, ctx);
retlen = MD5_LENGTH;
}
} else {
@@ -279,9 +279,9 @@
return (NSRCADR(addr));
}
/* MD5 is not used for authentication here. */
- MD5Init(&md5_ctx);
- MD5Update(&md5_ctx, (void *)&SOCK_ADDR6(addr), sizeof(SOCK_ADDR6(addr)));
- MD5Final(u.digest, &md5_ctx);
+ ntp_md5_init(&md5_ctx);
+ ntp_md5_update(&md5_ctx, &SOCK_ADDR6(addr), sizeof(SOCK_ADDR6(addr)));
+ ntp_md5_final(u.digest, &md5_ctx);
#ifdef WORDS_BIGENDIAN
u.addr_refid = BYTESWAP32(u.addr_refid);
#endif
diff -uNr ntp-4.2.8p18.orig/libntp/authreadkeys.c ntp-4.2.8p18/libntp/authreadkeys.c
--- ntp-4.2.8p18.orig/libntp/authreadkeys.c 2024-05-07 13:21:20.000000000 +0200
+++ ntp-4.2.8p18/libntp/authreadkeys.c 2024-07-24 01:26:46.000000000 +0200
@@ -240,7 +240,7 @@
keyno);
keytype = 0;
} else {
- keytype = KEY_TYPE_MD5;
+ keytype = NID_md5;
}
#endif /* !OPENSSL */
diff -uNr ntp-4.2.8p18.orig/ntpd/ntp_control.c ntp-4.2.8p18/ntpd/ntp_control.c
--- ntp-4.2.8p18.orig/ntpd/ntp_control.c 2024-05-07 13:21:15.000000000 +0200
+++ ntp-4.2.8p18/ntpd/ntp_control.c 2024-07-24 01:26:46.000000000 +0200
@@ -3663,18 +3663,18 @@
last_salt_update = current_time;
}
- MD5Init(&ctx);
- MD5Update(&ctx, salt, sizeof(salt));
- MD5Update(&ctx, &ts_i, sizeof(ts_i));
- MD5Update(&ctx, &ts_f, sizeof(ts_f));
+ ntp_md5_init(&ctx);
+ ntp_md5_update(&ctx, salt, sizeof(salt));
+ ntp_md5_update(&ctx, &ts_i, sizeof(ts_i));
+ ntp_md5_update(&ctx, &ts_f, sizeof(ts_f));
if (IS_IPV4(addr)) {
- MD5Update(&ctx, &SOCK_ADDR4(addr), sizeof(SOCK_ADDR4(addr)));
+ ntp_md5_update(&ctx, &SOCK_ADDR4(addr), sizeof(SOCK_ADDR4(addr)));
} else {
- MD5Update(&ctx, &SOCK_ADDR6(addr), sizeof(SOCK_ADDR6(addr)));
+ ntp_md5_update(&ctx, &SOCK_ADDR6(addr), sizeof(SOCK_ADDR6(addr)));
}
- MD5Update(&ctx, &NSRCPORT(addr), sizeof(NSRCPORT(addr)));
- MD5Update(&ctx, salt, sizeof(salt));
- MD5Final(d.digest, &ctx);
+ ntp_md5_update(&ctx, &NSRCPORT(addr), sizeof(NSRCPORT(addr)));
+ ntp_md5_update(&ctx, salt, sizeof(salt));
+ ntp_md5_final(d.digest, &ctx);
return d.extract;
}
diff -uNr ntp-4.2.8p18.orig/ntpd/ntp_crypto.c ntp-4.2.8p18/ntpd/ntp_crypto.c
--- ntp-4.2.8p18.orig/ntpd/ntp_crypto.c 2024-05-07 13:21:32.000000000 +0200
+++ ntp-4.2.8p18/ntpd/ntp_crypto.c 2024-07-24 01:26:46.000000000 +0200
@@ -150,7 +150,7 @@
* Global cryptodata in host byte order
*/
u_int32 crypto_flags = 0x0; /* status word */
-int crypto_nid = KEY_TYPE_MD5; /* digest nid */
+int crypto_nid = NID_md5; /* digest nid */
char *sys_hostname = NULL;
char *sys_groupname = NULL;
static char *host_filename = NULL; /* host file name */