2 * ssl_init.c Common OpenSSL initialization code for the various
3 * programs which use it.
5 * Moved from ntpd/ntp_crypto.c crypto_setup()
12 #include <ntp_debug.h>
13 #include <lib_strbuf.h>
16 #include "openssl/crypto.h"
17 #include "openssl/err.h"
18 #include "openssl/evp.h"
19 #include "openssl/opensslv.h"
20 #include "libssl_compat.h"
24 #if OPENSSL_VERSION_NUMBER < 0x10100000L
27 atexit_ssl_cleanup(void)
32 ssl_init_done = FALSE;
42 if ( ! ssl_init_done) {
43 ERR_load_crypto_strings();
44 OpenSSL_add_all_algorithms();
45 atexit(&atexit_ssl_cleanup);
50 #else /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
59 #endif /* OPENSSL_VERSION_NUMBER */
63 ssl_check_version(void)
67 v = OpenSSL_version_num();
68 if ((v ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) {
70 "OpenSSL version mismatch. Built against %lx, you have %lx",
71 (u_long)OPENSSL_VERSION_NUMBER, v);
73 "OpenSSL version mismatch. Built against %lx, you have %lx\n",
74 (u_long)OPENSSL_VERSION_NUMBER, v);
84 * keytype_from_text returns OpenSSL NID for digest by name, and
85 * optionally the associated digest length.
87 * Used by ntpd authreadkeys(), ntpq and ntpdc keytype()
98 const u_long max_digest_len = MAX_MAC_LEN - sizeof(keyid_t);
99 u_char digest[EVP_MAX_MD_SIZE];
104 * OpenSSL digest short names are capitalized, so uppercase the
105 * digest name before passing to OBJ_sn2nid(). If it is not
106 * recognized but begins with 'M' use NID_md5 to be consistent
107 * with past behavior.
111 strlcpy(upcased, text, LIB_BUFLENGTH);
112 for (pch = upcased; '\0' != *pch; pch++)
113 *pch = (char)toupper((unsigned char)*pch);
114 key_type = OBJ_sn2nid(upcased);
119 if (!key_type && 'm' == tolower((unsigned char)text[0]))
125 if (NULL != pdigest_len) {
129 ctx = EVP_MD_CTX_new();
130 EVP_DigestInit(ctx, EVP_get_digestbynid(key_type));
131 EVP_DigestFinal(ctx, digest, &digest_len);
132 EVP_MD_CTX_free(ctx);
133 if (digest_len > max_digest_len) {
135 "key type %s %u octet digests are too big, max %lu\n",
136 keytype_name(key_type), digest_len,
139 "key type %s %u octet digests are too big, max %lu",
140 keytype_name(key_type), digest_len,
147 *pdigest_len = digest_len;
155 * keytype_name returns OpenSSL short name for digest by NID.
157 * Used by ntpq and ntpdc keytype()
164 static const char unknown_type[] = "(unknown key type)";
169 name = OBJ_nid2sn(nid);
172 #else /* !OPENSSL follows */
183 * Use getpassphrase() if configure.ac detected it, as Suns that
184 * have it truncate the password in getpass() to 8 characters.
186 #ifdef HAVE_GETPASSPHRASE
187 # define getpass(str) getpassphrase(str)
191 * getpass_keytype() -- shared between ntpq and ntpdc, only vaguely
192 * related to the rest of ssl_init.c.
199 char pass_prompt[64 + 11 + 1]; /* 11 for " Password: " */
201 snprintf(pass_prompt, sizeof(pass_prompt),
202 "%.64s Password: ", keytype_name(keytype));
204 return getpass(pass_prompt);