2 * ssl_init.c Common OpenSSL initialization code for the various
3 * programs which use it.
5 * Moved from ntpd/ntp_crypto.c crypto_setup()
12 #include <ntp_debug.h>
13 #include <lib_strbuf.h>
16 #include "openssl/err.h"
17 #include "openssl/evp.h"
18 #include "libssl_compat.h"
20 void atexit_ssl_cleanup(void);
32 ERR_load_crypto_strings();
33 OpenSSL_add_all_algorithms();
34 atexit(&atexit_ssl_cleanup);
41 atexit_ssl_cleanup(void)
46 ssl_init_done = FALSE;
53 ssl_check_version(void)
55 if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) {
57 "OpenSSL version mismatch. Built against %lx, you have %lx",
58 (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
60 "OpenSSL version mismatch. Built against %lx, you have %lx\n",
61 (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
71 * keytype_from_text returns OpenSSL NID for digest by name, and
72 * optionally the associated digest length.
74 * Used by ntpd authreadkeys(), ntpq and ntpdc keytype()
85 const u_long max_digest_len = MAX_MAC_LEN - sizeof(keyid_t);
86 u_char digest[EVP_MAX_MD_SIZE];
91 * OpenSSL digest short names are capitalized, so uppercase the
92 * digest name before passing to OBJ_sn2nid(). If it is not
93 * recognized but begins with 'M' use NID_md5 to be consistent
98 strlcpy(upcased, text, LIB_BUFLENGTH);
99 for (pch = upcased; '\0' != *pch; pch++)
100 *pch = (char)toupper((unsigned char)*pch);
101 key_type = OBJ_sn2nid(upcased);
106 if (!key_type && 'm' == tolower((unsigned char)text[0]))
112 if (NULL != pdigest_len) {
116 ctx = EVP_MD_CTX_new();
117 EVP_DigestInit(ctx, EVP_get_digestbynid(key_type));
118 EVP_DigestFinal(ctx, digest, &digest_len);
119 EVP_MD_CTX_free(ctx);
120 if (digest_len > max_digest_len) {
122 "key type %s %u octet digests are too big, max %lu\n",
123 keytype_name(key_type), digest_len,
126 "key type %s %u octet digests are too big, max %lu",
127 keytype_name(key_type), digest_len,
134 *pdigest_len = digest_len;
142 * keytype_name returns OpenSSL short name for digest by NID.
144 * Used by ntpq and ntpdc keytype()
151 static const char unknown_type[] = "(unknown key type)";
156 name = OBJ_nid2sn(nid);
159 #else /* !OPENSSL follows */
170 * Use getpassphrase() if configure.ac detected it, as Suns that
171 * have it truncate the password in getpass() to 8 characters.
173 #ifdef HAVE_GETPASSPHRASE
174 # define getpass(str) getpassphrase(str)
178 * getpass_keytype() -- shared between ntpq and ntpdc, only vaguely
179 * related to the rest of ssl_init.c.
186 char pass_prompt[64 + 11 + 1]; /* 11 for " Password: " */
188 snprintf(pass_prompt, sizeof(pass_prompt),
189 "%.64s Password: ", keytype_name(keytype));
191 return getpass(pass_prompt);