[ntpsec commit] Autoconfigure some symbols related to OpenSSL correctly.

Eric S. Raymond esr at ntpsec.org
Thu Oct 1 11:22:13 UTC 2015 

Module:    ntpsec
Branch:    master
Commit:    795f9d1e2ee4aae8c79d6bdc50bad49011d7f6ca
Changeset: http://git.ntpsec.org/ntpsec/commit/?id=795f9d1e2ee4aae8c79d6bdc50bad49011d7f6ca

Author:    Eric S. Raymond <esr at thyrsus.com>
Date:      Thu Oct  1 07:19:28 2015 -0400

Autoconfigure some symbols related to OpenSSL correctly.

The reason we cabn safely remove the OPENSSL_VERSION_NUMBER >=
0x0090700fL check is that this is older than the minimum compatible
version for HAVE_OPENSSL to be defined at all.

---

 libntp/a_md5encrypt.c |  8 ++++----
 pylib/configure.py    |  2 ++
 tests/sntp/crypto.c   | 16 ++++++++--------
 tests/sntp/crypto.cpp |  8 ++++----
 4 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/libntp/a_md5encrypt.c b/libntp/a_md5encrypt.c
index bcbd098..6d17dfe 100644
--- a/libntp/a_md5encrypt.c
+++ b/libntp/a_md5encrypt.c
@@ -30,10 +30,10 @@ MD5authencrypt(
 	/*
 	 * Compute digest of key concatenated with packet. Note: the
 	 * key type and digest type have been verified when the key
-	 * was creaded.
+	 * was created.
 	 */
 	INIT_SSL();
-#if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x0090700fL
+#if defined(HAVE_OPENSSL)
 	if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) {
 		msyslog(LOG_ERR,
 		    "MAC encrypt: digest init failed");
@@ -74,7 +74,7 @@ MD5authdecrypt(
 	 * was created.
 	 */
 	INIT_SSL();
-#if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x0090700fL
+#if defined(HAVE_OPENSSL)
 	if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) {
 		msyslog(LOG_ERR,
 		    "MAC decrypt: digest init failed");
@@ -113,7 +113,7 @@ addr2refid(sockaddr_u *addr)
 
 	INIT_SSL();
 
-#if defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x0090700fL
+#if defined(HAVE_OPENSSL)
 	EVP_MD_CTX_init(&ctx);
 #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
 	/* MD5 is not used as a crypto hash here. */
diff --git a/pylib/configure.py b/pylib/configure.py
index 27bc1f7..d11cdf7 100644
--- a/pylib/configure.py
+++ b/pylib/configure.py
@@ -386,6 +386,8 @@ def cmd_configure(ctx):
 	if ctx.options.enable_crypto:
 		from check_openssl import configure_ssl
 		configure_ssl(ctx)
+		ctx.define("USE_OPENSSL_CRYPTO_RAND", 1)
+		ctx.define("ISC_PLATFORM_OPENSSLHASH", 1)
 
 	probe_vsprintfm(ctx, "VSNPRINTF_PERCENT_M",
 			    "Checking for %m expansion in vsnprintf(3)")
diff --git a/tests/sntp/crypto.c b/tests/sntp/crypto.c
index 81f6fd0..217bde2 100644
--- a/tests/sntp/crypto.c
+++ b/tests/sntp/crypto.c
@@ -35,7 +35,7 @@ TEST(crypto, MakeMd5Mac) {
 	TEST_ASSERT_TRUE(memcmp(EXPECTED_DIGEST, actual, MD5_LENGTH) == 0);
 }
 
-#ifdef OPENSSL
+#ifdef ENABLE_CRYPTO
 TEST(crypto, MakeSHA1Mac) {
 	const char* PKT_DATA = "abcdefgh0123";
 	const int PKT_LEN = strlen(PKT_DATA);
@@ -56,7 +56,7 @@ TEST(crypto, MakeSHA1Mac) {
 
 	TEST_ASSERT_TRUE(memcmp(EXPECTED_DIGEST, actual, SHA1_LENGTH) == 0);
 }
-#endif	/* OPENSSL */
+#endif	/* ENABLE_CRYPTO */
 
 TEST(crypto, VerifyCorrectMD5) {
 	const char* PKT_DATA =
@@ -76,7 +76,7 @@ TEST(crypto, VerifyCorrectMD5) {
 	TEST_ASSERT_TRUE(auth_md5((char*)PKT_DATA, PKT_LEN, MD5_LENGTH, &md5));
 }
 
-#ifdef OPENSSL
+#ifdef ENABLE_CRYPTO
 TEST(crypto, VerifySHA1) {
 	const char* PKT_DATA =
 		"sometestdata"		// Data
@@ -94,7 +94,7 @@ TEST(crypto, VerifySHA1) {
 
 	TEST_ASSERT_TRUE(auth_md5((char*)PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1));
 }
-#endif	/* OPENSSL */
+#endif	/* ENABLE_CRYPTO */
 
 TEST(crypto, VerifyFailure) {
 	/* We use a copy of the MD5 verification code, but modify
@@ -133,13 +133,13 @@ TEST(crypto, PacketSizeNotMultipleOfFourBytes) {
 
 TEST_GROUP_RUNNER(crypto) {
 	RUN_TEST_CASE(crypto, MakeMd5Mac);
-#ifdef OPENSSL
+#ifdef ENABLE_CRYPTO
 	RUN_TEST_CASE(crypto, MakeSHA1Mac);
-#endif	/* OPENSSL */
+#endif	/* ENABLE_CRYPTO */
 	RUN_TEST_CASE(crypto, VerifyCorrectMD5);
-#ifdef OPENSSL
+#ifdef ENABLE_CRYPTO
 	RUN_TEST_CASE(crypto, VerifySHA1);
-#endif	/* OPENSSL */
+#endif	/* ENABLE_CRYPTO */
 	RUN_TEST_CASE(crypto, VerifyFailure);
 	RUN_TEST_CASE(crypto, PacketSizeNotMultipleOfFourBytes);
 }
diff --git a/tests/sntp/crypto.cpp b/tests/sntp/crypto.cpp
index f47712e..574cf2a 100644
--- a/tests/sntp/crypto.cpp
+++ b/tests/sntp/crypto.cpp
@@ -140,13 +140,13 @@ TEST(crypto, PacketSizeNotMultipleOfFourBytes) {
 
 TEST_GROUP_RUNNER(crypto) {
 	RUN_TEST_CASE(crypto, MakeMd5Mac);
-#ifdef OPENSSL
+#ifdef ENABLE_CRYPTO
 	RUN_TEST_CASE(crypto, MakeSHA1Mac);
-#endif	/* OPENSSL */
+#endif	/* ENABLE_CRYPTO */
 	RUN_TEST_CASE(crypto, VerifyCorrectMD5);
-#ifdef OPENSSL
+#ifdef ENABLE_CRYPTO
 	RUN_TEST_CASE(crypto, VerifySHA1);
-#endif	/* OPENSSL */
+#endif	/* ENABLE_CRYPTO */
 	RUN_TEST_CASE(crypto, VerifyFailure);
 	RUN_TEST_CASE(crypto, PacketSizeNotMultipleOfFourBytes);
 }

More information about the vc mailing list