[Git][NTPsec/ntpsec][master] Use OpenSSL rather tham ISC MD5 code.
Eric S. Raymond
gitlab at mg.gitlab.com
Sat Jan 28 11:31:38 UTC 2017
Eric S. Raymond pushed to branch master at NTPsec / ntpsec
Commits:
80756529 by Eric S. Raymond at 2017-01-28T06:30:39-05:00
Use OpenSSL rather tham ISC MD5 code.
- - - - -
15 changed files:
- devel/ifdex-ignores
- − include/ntp_md5.h
- include/ntp_stdlib.h
- − libisc/include/isc/md5.h
- libntp/a_md5encrypt.c
- libntp/authreadkeys.c
- − libntp/md5.c
- libntp/ssl_init.c
- libntp/wscript
- ntpd/ntp_control.c
- ntpd/wscript
- tests/libntp/a_md5encrypt.c
- tests/libntp/authkeys.c
- tests/libntp/ssl_init.c
- wafhelpers/check_openssl.py
Changes:
=====================================
devel/ifdex-ignores
=====================================
--- a/devel/ifdex-ignores
+++ b/devel/ifdex-ignores
@@ -164,7 +164,6 @@ USE_WORK_THREAD
USE_IPV6_MULTICAST_SUPPORT
USE_LIFC_FAMILY
USE_LIFC_FLAGS
-USE_OPENSSL_HASH
USE_RANDOMIZE_RESPONSES
USE_PCM_STYLE_SOUND
USE_ROUTING_SOCKET
=====================================
include/ntp_md5.h deleted
=====================================
--- a/include/ntp_md5.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * ntp_md5.h: deal with md5.h headers
- *
- * Use the system MD5 if available, otherwise libisc's.
- */
-#ifndef GUARD_NTP_MD5_H
-#define GUARD_NTP_MD5_H
-
-#ifdef HAVE_OPENSSL
-# include "openssl/evp.h"
-#else /* !HAVE_OPENSSL follows */
-/*
- * Provide OpenSSL-alike MD5 API if we're not using OpenSSL
- */
-# if defined HAVE_MD5_H && defined HAVE_MD5INIT
-# include <md5.h>
-# else
-# include "isc/md5.h"
- typedef isc_md5_t MD5_CTX;
-# define MD5Init(c) isc_md5_init(c)
-# define MD5Update(c, p, s) isc_md5_update(c, p, s)
-# define MD5Final(d, c) isc_md5_final((c), (d)) /* swapped */
-# endif
-
- typedef MD5_CTX EVP_MD_CTX;
-# define EVP_get_digestbynid(t) NULL
-# define EVP_md5() NULL
-# define EVP_MD_CTX_init(c)
-# define EVP_MD_CTX_set_flags(c, f)
-# define EVP_DigestInit(c, dt) MD5Init(c)
-# define EVP_DigestInit_ex(c, dt, i) MD5Init(c)
-# define EVP_DigestUpdate(c, p, s) MD5Update(c, (const void *)(p), \
- s)
-# define EVP_DigestFinal(c, d, pdl) \
- do { \
- MD5Final((d), (c)); \
- *(pdl) = 16; \
- } while (0)
-# endif /* !HAVE_OPENSSL */
-#endif /* GUARD_NTP_MD5_H */
=====================================
include/ntp_stdlib.h
=====================================
--- a/include/ntp_stdlib.h
+++ b/include/ntp_stdlib.h
@@ -38,16 +38,6 @@ extern void reopen_logfile (void);
extern void setup_logfile (const char *);
extern void errno_to_str(int, char *, size_t);
-/*
- * When building without OpenSSL, use a few macros of theirs to
- * minimize source differences in NTP.
- */
-#ifndef HAVE_OPENSSL
-#define NID_md5 4 /* from openssl/objects.h */
-/* from openssl/evp.h */
-#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */
-#endif
-
typedef void (*ctrl_c_fn)(void);
/* authkeys.c */
@@ -201,7 +191,6 @@ typedef void (*pset_tod_using)(const char *);
extern pset_tod_using set_tod_using;
/* ssl_init.c */
-#ifdef HAVE_OPENSSL
extern void ssl_init (void);
extern bool ssl_init_done;
#define INIT_SSL() \
@@ -209,9 +198,6 @@ extern bool ssl_init_done;
if (!ssl_init_done) \
ssl_init(); \
} while (0)
-#else /* !HAVE_OPENSSL follows */
-#define INIT_SSL() do {} while (0)
-#endif
extern int keytype_from_text (const char *, size_t *);
extern const char *keytype_name (int);
=====================================
libisc/include/isc/md5.h deleted
=====================================
--- a/libisc/include/isc/md5.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*! \file isc/md5.h
- * \brief This is the header file for the MD5 message-digest algorithm.
- *
- * The algorithm is due to Ron Rivest. This code was
- * written by Colin Plumb in 1993, no copyright is claimed.
- * This code is in the public domain; do with it what you wish.
- *
- * Equivalent code is available from RSA Data Security, Inc.
- * This code has been tested against that, and is equivalent,
- * except that you don't need to include two pages of legalese
- * with every copy.
- *
- * To compute the message digest of a chunk of bytes, declare an
- * MD5Context structure, pass it to MD5Init, call MD5Update as
- * needed on buffers full of bytes, and then call MD5Final, which
- * will fill a supplied 16-byte array with the digest.
- *
- * Changed so as no longer to depend on Colin Plumb's `usual.h'
- * header definitions; now uses stuff from dpkg's config.h
- * - Ian Jackson <ijackson at nyx.cs.du.edu>.
- * Still in the public domain.
- *
- * Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001 Internet Software Consortium.
- * Copyright 2015 by the NTPsec project contributors
- * SPDX-License-Identifier: ISC
- */
-
-#ifndef GUARD_ISC_MD5_H
-#define GUARD_ISC_MD5_H 1
-
-#include <isc/lang.h>
-#include <isc/types.h>
-
-#define ISC_MD5_DIGESTLENGTH 16U
-#define ISC_MD5_BLOCK_LENGTH 64U
-
-#ifdef USE_OPENSSL_HASH
-#include <openssl/evp.h>
-
-typedef EVP_MD_CTX isc_md5_t;
-
-#else
-
-typedef struct {
- uint32_t buf[4];
- uint32_t bytes[2];
- uint32_t in[16];
-} isc_md5_t;
-#endif
-
-ISC_LANG_BEGINDECLS
-
-void
-isc_md5_init(isc_md5_t *ctx);
-
-void
-isc_md5_invalidate(isc_md5_t *ctx);
-
-void
-isc_md5_update(isc_md5_t *ctx, const unsigned char *buf, unsigned int len);
-
-void
-isc_md5_final(isc_md5_t *ctx, unsigned char *digest);
-
-ISC_LANG_ENDDECLS
-
-#endif /* GUARD_ISC_MD5_H */
=====================================
libntp/a_md5encrypt.c
=====================================
--- a/libntp/a_md5encrypt.c
+++ b/libntp/a_md5encrypt.c
@@ -8,10 +8,11 @@
#include <stdbool.h>
#include <stdint.h>
+#include "openssl/evp.h" /* provides OpenSSL digest API */
+
#include "ntp_fp.h"
#include "ntp_stdlib.h"
#include "ntp.h"
-#include "ntp_md5.h" /* provides OpenSSL digest API */
/* ctmemeq - test two blocks memory for equality without leaking
* timing information.
@@ -60,15 +61,11 @@ MD5authencrypt(
* was created.
*/
INIT_SSL();
-#if defined(HAVE_OPENSSL)
if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) {
msyslog(LOG_ERR,
"MAC encrypt: digest init failed");
return (0);
}
-#else
- EVP_DigestInit(&ctx, EVP_get_digestbynid(type));
-#endif
EVP_DigestUpdate(&ctx, key, cache_secretsize);
EVP_DigestUpdate(&ctx, (uint8_t *)pkt, (u_int)length);
EVP_DigestFinal(&ctx, digest, &len);
@@ -102,15 +99,11 @@ MD5authdecrypt(
* was created.
*/
INIT_SSL();
-#if defined(HAVE_OPENSSL)
if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) {
msyslog(LOG_ERR,
"MAC decrypt: digest init failed");
return (0);
}
-#else
- EVP_DigestInit(&ctx, EVP_get_digestbynid(type));
-#endif
EVP_DigestUpdate(&ctx, key, cache_secretsize);
EVP_DigestUpdate(&ctx, (uint8_t *)pkt, (u_int)length);
EVP_DigestFinal(&ctx, digest, &len);
@@ -141,7 +134,6 @@ addr2refid(sockaddr_u *addr)
INIT_SSL();
-#if defined(HAVE_OPENSSL)
EVP_MD_CTX_init(&ctx);
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* MD5 is not used as a crypto hash here. */
@@ -152,9 +144,6 @@ addr2refid(sockaddr_u *addr)
"MD5 init failed");
exit(1);
}
-#else
- EVP_DigestInit(&ctx, EVP_md5());
-#endif
EVP_DigestUpdate(&ctx, (uint8_t *)PSOCK_ADDR6(addr),
sizeof(struct in6_addr));
=====================================
libntp/authreadkeys.c
=====================================
--- a/libntp/authreadkeys.c
+++ b/libntp/authreadkeys.c
@@ -10,10 +10,8 @@
#include "ntp_syslog.h"
#include "ntp_stdlib.h"
-#ifdef HAVE_OPENSSL
#include "openssl/objects.h"
#include "openssl/evp.h"
-#endif /* HAVE_OPENSSL */
/* Forwards */
static char *nexttok (char **);
@@ -132,7 +130,6 @@ msyslog(LOG_ERR, "authreadkeys: reading %s", file);
"authreadkeys: no key type for key %d", keyno);
continue;
}
-#ifdef HAVE_OPENSSL
/*
* The key type is the NID used by the message digest
* algorithm. There are a number of inconsistencies in
@@ -150,19 +147,6 @@ msyslog(LOG_ERR, "authreadkeys: reading %s", file);
"authreadkeys: no algorithm for key %d", keyno);
continue;
}
-#else /* !HAVE_OPENSSL follows */
-
- /*
- * The key type is unused, but is required to be 'M' or
- * 'm' for compatibility.
- */
- if (!(*token == 'M' || *token == 'm')) {
- msyslog(LOG_ERR,
- "authreadkeys: invalid type for key %d", keyno);
- continue;
- }
- keytype = KEY_TYPE_MD5;
-#endif /* !HAVE_OPENSSL */
/*
* Finally, get key and insert it. If it is longer than 20
=====================================
libntp/md5.c deleted
=====================================
--- a/libntp/md5.c
+++ /dev/null
@@ -1,263 +0,0 @@
-/*! \file
- * This code implements the MD5 message-digest algorithm.
- * The algorithm is due to Ron Rivest. This code was
- * written by Colin Plumb in 1993, no copyright is claimed.
- * This code is in the public domain; do with it what you wish.
- *
- * Equivalent code is available from RSA Data Security, Inc.
- * This code has been tested against that, and is equivalent,
- * except that you don't need to include two pages of legalese
- * with every copy.
- *
- * To compute the message digest of a chunk of bytes, declare an
- * MD5Context structure, pass it to MD5Init, call MD5Update as
- * needed on buffers full of bytes, and then call MD5Final, which
- * will fill a supplied 16-byte array with the digest.
- *
- * Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001 Internet Software Consortium.
- * Copyright 2015 by the NTPsec project contributors
- * SPDX-License-Identifier: ISC
- */
-
-#include "config.h"
-
-#include <string.h>
-
-#include <isc/assertions.h>
-#include <isc/md5.h>
-#include <isc/types.h>
-#include <isc/util.h>
-
-#ifdef USE_OPENSSL_HASH
-
-void
-isc_md5_init(isc_md5_t *ctx) {
- EVP_DigestInit(ctx, EVP_md5());
-}
-
-void
-isc_md5_invalidate(isc_md5_t *ctx) {
- EVP_MD_CTX_cleanup(ctx);
-}
-
-void
-isc_md5_update(isc_md5_t *ctx, const unsigned char *buf, unsigned int len) {
- EVP_DigestUpdate(ctx, (const void *) buf, (size_t) len);
-}
-
-void
-isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
- EVP_DigestFinal(ctx, digest, NULL);
-}
-
-#else
-
-static void
-byteSwap(uint32_t *buf, unsigned words)
-{
- unsigned char *p = (unsigned char *)buf;
-
- do {
- *buf++ = (uint32_t)((unsigned)p[3] << 8 | p[2]) << 16 |
- ((unsigned)p[1] << 8 | p[0]);
- p += 4;
- } while (--words);
-}
-
-/*!
- * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
- * initialization constants.
- */
-void
-isc_md5_init(isc_md5_t *ctx) {
- ctx->buf[0] = 0x67452301;
- ctx->buf[1] = 0xefcdab89;
- ctx->buf[2] = 0x98badcfe;
- ctx->buf[3] = 0x10325476;
-
- ctx->bytes[0] = 0;
- ctx->bytes[1] = 0;
-}
-
-void
-isc_md5_invalidate(isc_md5_t *ctx) {
- memset(ctx, 0, sizeof(isc_md5_t));
-}
-
-/*@{*/
-/*! The four core functions - F1 is optimized somewhat */
-
-/* #define F1(x, y, z) (x & y | ~x & z) */
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
-#define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
-#define F4(x, y, z) (y ^ (x | ~z))
-/*@}*/
-
-/*! This is the central step in the MD5 algorithm. */
-#define MD5STEP(f,w,x,y,z,in,s) \
- (w += f(x,y,z) + in, w = (w<<s | w>>(32-s)) + x)
-
-/*!
- * The core of the MD5 algorithm, this alters an existing MD5 hash to
- * reflect the addition of 16 longwords of new data. MD5Update blocks
- * the data and converts bytes into longwords for this routine.
- */
-static void
-transform(uint32_t buf[4], uint32_t const in[16]) {
- register uint32_t a, b, c, d;
-
- a = buf[0];
- b = buf[1];
- c = buf[2];
- d = buf[3];
-
- MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
- MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
- MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
- MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
- MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
- MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
- MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
- MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
- MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
- MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
- MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
- MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
- MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
- MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
- MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
- MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
-
- MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
- MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
- MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
- MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
- MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
- MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
- MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
- MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
- MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
- MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
- MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
- MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
- MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
- MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
- MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
- MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
-
- MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
- MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
- MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
- MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
- MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
- MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
- MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
- MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
- MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
- MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
- MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
- MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
- MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
- MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
- MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
- MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
-
- MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
- MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
- MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
- MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
- MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
- MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
- MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
- MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
- MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
- MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
- MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
- MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
- MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
- MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
- MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
- MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
-
- buf[0] += a;
- buf[1] += b;
- buf[2] += c;
- buf[3] += d;
-}
-
-/*!
- * Update context to reflect the concatenation of another buffer full
- * of bytes.
- */
-void
-isc_md5_update(isc_md5_t *ctx, const unsigned char *buf, unsigned int len) {
- uint32_t t;
-
- /* Update byte count */
-
- t = ctx->bytes[0];
- if ((ctx->bytes[0] = t + len) < t)
- ctx->bytes[1]++; /* Carry from low to high */
-
- t = 64 - (t & 0x3f); /* Space available in ctx->in (at least 1) */
- if (t > len) {
- memcpy((unsigned char *)ctx->in + 64 - t, buf, len);
- return;
- }
- /* First chunk is an odd size */
- memcpy((unsigned char *)ctx->in + 64 - t, buf, t);
- byteSwap(ctx->in, 16);
- transform(ctx->buf, ctx->in);
- buf += t;
- len -= t;
-
- /* Process data in 64-byte chunks */
- while (len >= 64) {
- memcpy(ctx->in, buf, 64);
- byteSwap(ctx->in, 16);
- transform(ctx->buf, ctx->in);
- buf += 64;
- len -= 64;
- }
-
- /* Handle any remaining bytes of data. */
- memcpy(ctx->in, buf, len);
-}
-
-/*!
- * Final wrapup - pad to 64-byte boundary with the bit pattern
- * 1 0* (64-bit count of bits processed, MSB-first)
- */
-void
-isc_md5_final(isc_md5_t *ctx, unsigned char *digest) {
- int count = ctx->bytes[0] & 0x3f; /* Number of bytes in ctx->in */
- unsigned char *p = (unsigned char *)ctx->in + count;
-
- /* Set the first char of padding to 0x80. There is always room. */
- *p++ = 0x80;
-
- /* Bytes of padding needed to make 56 bytes (-8..55) */
- count = 56 - 1 - count;
-
- if (count < 0) { /* Padding forces an extra block */
- memset(p, 0, count + 8);
- byteSwap(ctx->in, 16);
- transform(ctx->buf, ctx->in);
- p = (unsigned char *)ctx->in;
- count = 56;
- }
- memset(p, 0, count);
- byteSwap(ctx->in, 14);
-
- /* Append length in bits and transform */
- ctx->in[14] = ctx->bytes[0] << 3;
- ctx->in[15] = ctx->bytes[1] << 3 | ctx->bytes[0] >> 29;
- transform(ctx->buf, ctx->in);
-
- byteSwap(ctx->buf, 4);
- memcpy(digest, ctx->buf, 16);
- memset(ctx, 0, sizeof(isc_md5_t)); /* In case it's sensitive */
-}
-#endif
=====================================
libntp/ssl_init.c
=====================================
--- a/libntp/ssl_init.c
+++ b/libntp/ssl_init.c
@@ -13,7 +13,6 @@
#include <ntp_debug.h>
#include <lib_strbuf.h>
-#ifdef HAVE_OPENSSL
#include "openssl/err.h"
#include "openssl/evp.h"
@@ -47,7 +46,6 @@ atexit_ssl_cleanup(void)
EVP_cleanup();
ERR_free_strings();
}
-#endif /* HAVE_OPENSSL */
/*
@@ -64,7 +62,6 @@ keytype_from_text(
{
int key_type;
u_int digest_len;
-#ifdef HAVE_OPENSSL
const u_long max_digest_len = MAX_MAC_LEN - sizeof(keyid_t);
uint8_t digest[EVP_MAX_MD_SIZE];
char * upcased;
@@ -83,9 +80,6 @@ keytype_from_text(
for (pch = upcased; '\0' != *pch; pch++)
*pch = (char)toupper((unsigned char)*pch);
key_type = OBJ_sn2nid(upcased);
-#else
- key_type = 0;
-#endif
if (!key_type && 'm' == tolower((unsigned char)text[0]))
key_type = NID_md5;
@@ -94,7 +88,6 @@ keytype_from_text(
return 0;
if (NULL != pdigest_len) {
-#ifdef HAVE_OPENSSL
EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type));
EVP_DigestFinal(&ctx, digest, &digest_len);
if (digest_len > max_digest_len) {
@@ -108,9 +101,6 @@ keytype_from_text(
max_digest_len);
return 0;
}
-#else
- digest_len = 16;
-#endif
*pdigest_len = digest_len;
}
@@ -131,17 +121,10 @@ keytype_name(
static const char unknown_type[] = "(unknown key type)";
const char *name;
-#ifdef HAVE_OPENSSL
INIT_SSL();
name = OBJ_nid2sn(nid);
if (NULL == name)
name = unknown_type;
-#else /* !HAVE_OPENSSL follows */
- if (NID_md5 == nid)
- name = "MD5";
- else
- name = unknown_type;
-#endif
return name;
}
=====================================
libntp/wscript
=====================================
--- a/libntp/wscript
+++ b/libntp/wscript
@@ -12,7 +12,6 @@ def build(ctx):
"dolfptoa.c",
"getopt.c",
"initnetwork.c",
- "md5.c",
"mstolfp.c",
"netof.c",
"ntp_endian.c",
@@ -67,6 +66,6 @@ def build(ctx):
features = "c cshlib bld_include src_include pyext",
source = ["pymodule.c"] + libntp_source_sharable,
install_path = '${PYTHONDIR}/ntp',
- use = "M RT",
+ use = "M RT SSL CRYPTO",
includes = includes,
)
=====================================
ntpd/ntp_control.c
=====================================
--- a/ntpd/ntp_control.c
+++ b/ntpd/ntp_control.c
@@ -11,6 +11,8 @@
#include <netinet/in.h>
#include <arpa/inet.h>
+#include "openssl/evp.h" /* provides OpenSSL digest API */
+
#include "ntpd.h"
#include "ntp_io.h"
#include "ntp_refclock.h"
@@ -21,7 +23,6 @@
#include "ntp_crypto.h"
#include "ntp_assert.h"
#include "ntp_leapsec.h"
-#include "ntp_md5.h" /* provides OpenSSL digest API */
#include "lib_strbuf.h"
#include "ntp_syscall.h"
=====================================
ntpd/wscript
=====================================
--- a/ntpd/wscript
+++ b/ntpd/wscript
@@ -132,7 +132,7 @@ def build(ctx):
target = "ntpd",
features = "c rtems_trace cprogram bld_include src_include libisc_include libisc_pthread_include",
source = ntpd_source,
- use = "libntpd_obj isc ntp sodium M parse RT SODIUM CAP SECCOMP PTHREAD CRYPTO DNS_SD DNS_SD_INCLUDES %s SOCKET NSL SCF" % use_refclock,
+ use = "libntpd_obj isc ntp M parse RT SODIUM CAP SECCOMP PTHREAD SSL CRYPTO DNS_SD DNS_SD_INCLUDES %s SOCKET NSL SCF" % use_refclock,
includes = [
"%s/host/ntpd/" % ctx.bldnode.parent.abspath(),
"%s/ntpd/" % srcnode,
=====================================
tests/libntp/a_md5encrypt.c
=====================================
--- a/tests/libntp/a_md5encrypt.c
+++ b/tests/libntp/a_md5encrypt.c
@@ -11,11 +11,10 @@ TEST_SETUP(a_md5encrypt) {}
TEST_TEAR_DOWN(a_md5encrypt) {}
-#ifdef HAVE_OPENSSL
# include "openssl/err.h"
# include "openssl/rand.h"
# include "openssl/evp.h"
-#endif
+
#include "ntp.h"
/*
=====================================
tests/libntp/authkeys.c
=====================================
--- a/tests/libntp/authkeys.c
+++ b/tests/libntp/authkeys.c
@@ -5,11 +5,10 @@
#include "unity_fixture.h"
-#ifdef HAVE_OPENSSL
# include "openssl/err.h"
# include "openssl/rand.h"
# include "openssl/evp.h"
-#endif
+
#include "ntp.h"
TEST_GROUP(authkeys);
=====================================
tests/libntp/ssl_init.c
=====================================
--- a/tests/libntp/ssl_init.c
+++ b/tests/libntp/ssl_init.c
@@ -12,18 +12,15 @@ TEST_SETUP(ssl_init) {}
TEST_TEAR_DOWN(ssl_init) {}
-#ifdef HAVE_OPENSSL
# include "openssl/err.h"
# include "openssl/rand.h"
# include "openssl/evp.h"
-#endif
+
#include "ntp.h"
static const size_t TEST_MD5_DIGEST_LENGTH = 16;
-#ifdef HAVE_OPENSSL
static const size_t TEST_SHA1_DIGEST_LENGTH = 20;
-#endif
// keytype_from_text()
TEST(ssl_init, MD5KeyTypeWithoutDigestLength) {
@@ -38,7 +35,6 @@ TEST(ssl_init, MD5KeyTypeWithDigestLength) {
TEST_ASSERT_EQUAL(expected, digestLength);
}
-#ifdef HAVE_OPENSSL
TEST(ssl_init, SHA1KeyTypeWithDigestLength) {
size_t digestLength;
size_t expected = TEST_SHA1_DIGEST_LENGTH;
@@ -46,26 +42,21 @@ TEST(ssl_init, SHA1KeyTypeWithDigestLength) {
TEST_ASSERT_EQUAL(NID_sha1, keytype_from_text("SHA1", &digestLength));
TEST_ASSERT_EQUAL(expected, digestLength);
}
-#endif /* HAVE_OPENSSL */
// keytype_name()
TEST(ssl_init, MD5KeyName) {
TEST_ASSERT_EQUAL_STRING("MD5", keytype_name(KEY_TYPE_MD5));
}
-#ifdef HAVE_OPENSSL
TEST(ssl_init, SHA1KeyName) {
TEST_ASSERT_EQUAL_STRING("SHA1", keytype_name(NID_sha1));
}
-#endif /* HAVE_OPENSSL */
TEST_GROUP_RUNNER(ssl_init) {
RUN_TEST_CASE(ssl_init, MD5KeyTypeWithoutDigestLength);
RUN_TEST_CASE(ssl_init, MD5KeyTypeWithDigestLength);
RUN_TEST_CASE(ssl_init, MD5KeyName);
-#ifdef HAVE_OPENSSL
RUN_TEST_CASE(ssl_init, SHA1KeyTypeWithDigestLength);
RUN_TEST_CASE(ssl_init, SHA1KeyName);
-#endif
}
=====================================
wafhelpers/check_openssl.py
=====================================
--- a/wafhelpers/check_openssl.py
+++ b/wafhelpers/check_openssl.py
@@ -25,7 +25,7 @@ def configure_ssl(ctx):
)
for hdr in headers:
- if not ctx.check_cc(header_name=hdr, mandatory=False,
+ if not ctx.check_cc(header_name=hdr, mandatory=True,
comment="<%s> header" % hdr):
OPENSSL_HEADERS = False
@@ -39,7 +39,6 @@ def configure_ssl(ctx):
ctx.check_cc(
fragment=OPENSSL_FRAG % "\n".join(["#include <%s>" % x
for x in headers]),
- define_name="HAVE_OPENSSL",
execute=True,
mandatory=False,
use="SSL CRYPTO",
@@ -47,5 +46,3 @@ def configure_ssl(ctx):
comment="OpenSSL support"
)
- if ctx.get_define("HAVE_OPENSSL"):
- ctx.define("USE_OPENSSL_HASH", 1, comment="Use OpenSSL for hashing")
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/807565291cfa693731b745cc260fedfbcb6b007e
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170128/e15c3e1f/attachment.html>
More information about the vc
mailing list