[Git][NTPsec/ntpsec][master] Refactor calls to keytype_from_text()

Mon Jan 30 14:01:15 UTC 2017

Matt Selsky pushed to branch master at NTPsec / ntpsec


Commits:
920115ee by Matt Selsky at 2017-01-30T08:57:23-05:00
Refactor calls to keytype_from_text()

Non-test code always has NULL as second argument.  Eliminate the branch that
tests for non-NULL, and keytype_name() since it's only called by this function.
And eliminate the related tests.

- - - - -


4 changed files:

- include/ntp_stdlib.h
- libntp/authreadkeys.c
- libntp/ssl_init.c
- tests/libntp/ssl_init.c


Changes:

=====================================
include/ntp_stdlib.h
=====================================

--- a/include/ntp_stdlib.h
+++ b/include/ntp_stdlib.h
@@ -192,8 +192,7 @@ extern pset_tod_using	set_tod_using;
 
 /* ssl_init.c */
 extern	void	ssl_init		(void);
-extern	int	keytype_from_text	(const char *,	size_t *);
-extern	const char *keytype_name	(int);
+extern	int	keytype_from_text	(const char *);
 
 /* strl-obsd.c */
 #ifndef HAVE_STRLCPY		/* + */


=====================================
libntp/authreadkeys.c
=====================================
--- a/libntp/authreadkeys.c
+++ b/libntp/authreadkeys.c
@@ -136,7 +136,7 @@ msyslog(LOG_ERR, "authreadkeys: reading %s", file);
 		 * the OpenSSL database. We attempt to discover them
 		 * here and prevent use of inconsistent data later.
 		 */
-		keytype = keytype_from_text(token, NULL);
+		keytype = keytype_from_text(token);
 		if (keytype == 0) {
 			msyslog(LOG_ERR,
 			    "authreadkeys: invalid type for key %d", keyno);


=====================================
libntp/ssl_init.c
=====================================
--- a/libntp/ssl_init.c
+++ b/libntp/ssl_init.c
@@ -52,21 +52,16 @@ atexit_ssl_cleanup(void)
  * keytype_from_text	returns OpenSSL NID for digest by name, and
  *			optionally the associated digest length.
  *
- * Used by ntpd authreadkeys(), ntpq keytype()
+ * Used by ntpd authreadkeys()
  */
 int
 keytype_from_text(
-	const char *text,
-	size_t *pdigest_len
+	const char *text
 	)
 {
 	int		key_type;
-	u_int		digest_len;
-	const u_long	max_digest_len = MAX_MAC_LEN - sizeof(keyid_t);
-	uint8_t		digest[EVP_MAX_MD_SIZE];
 	char *		upcased;
 	char *		pch;
-	EVP_MD_CTX	ctx;
 
 	/*
 	 * OpenSSL digest short names are capitalized, so uppercase the
@@ -87,44 +82,5 @@ keytype_from_text(
 	if (!key_type)
 		return 0;
 
-	if (NULL != pdigest_len) {
-		EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type));
-		EVP_DigestFinal(&ctx, digest, &digest_len);
-		if (digest_len > max_digest_len) {
-			fprintf(stderr,
-				"key type %s %u octet digests are too big, max %lu\n",
-				keytype_name(key_type), digest_len,
-				max_digest_len);
-			msyslog(LOG_ERR,
-				"key type %s %u octet digests are too big, max %lu",
-				keytype_name(key_type), digest_len,
-				max_digest_len);
-			return 0;
-		}
-		*pdigest_len = digest_len;
-	}
-
 	return key_type;
 }
-
-
-/*
- * keytype_name		returns OpenSSL short name for digest by NID.
- *
- * Used by ntpq keytype()
- */
-const char *
-keytype_name(
-	int nid
-	)
-{
-	static const char unknown_type[] = "(unknown key type)";
-	const char *name;
-
-	ssl_init();
-	name = OBJ_nid2sn(nid);
-	if (NULL == name)
-		name = unknown_type;
-	return name;
-}
-


=====================================
tests/libntp/ssl_init.c
=====================================
--- a/tests/libntp/ssl_init.c
+++ b/tests/libntp/ssl_init.c
@@ -18,45 +18,22 @@ TEST_TEAR_DOWN(ssl_init) {}
 
 #include "ntp.h"
 
-static const size_t TEST_MD5_DIGEST_LENGTH = 16;
-
-static const size_t TEST_SHA1_DIGEST_LENGTH = 20;
-
 // keytype_from_text()
-TEST(ssl_init, MD5KeyTypeWithoutDigestLength) {
-	TEST_ASSERT_EQUAL(KEY_TYPE_MD5, keytype_from_text("MD5", NULL));
-}
-
-TEST(ssl_init, MD5KeyTypeWithDigestLength) {
-	size_t digestLength;
-	size_t expected = TEST_MD5_DIGEST_LENGTH;
-
-	TEST_ASSERT_EQUAL(KEY_TYPE_MD5, keytype_from_text("MD5", &digestLength));
-	TEST_ASSERT_EQUAL(expected, digestLength);
-}
-
-TEST(ssl_init, SHA1KeyTypeWithDigestLength) {
-	size_t digestLength;
-	size_t expected = TEST_SHA1_DIGEST_LENGTH;
-
-	TEST_ASSERT_EQUAL(NID_sha1, keytype_from_text("SHA1", &digestLength));
-	TEST_ASSERT_EQUAL(expected, digestLength);
+TEST(ssl_init, MD5KeyType) {
+	TEST_ASSERT_EQUAL(KEY_TYPE_MD5, keytype_from_text("MD5"));
 }
 
-// keytype_name()
-TEST(ssl_init, MD5KeyName) {
-	TEST_ASSERT_EQUAL_STRING("MD5", keytype_name(KEY_TYPE_MD5));
+TEST(ssl_init, MD5KeyTypeLegacy) {
+	TEST_ASSERT_EQUAL(KEY_TYPE_MD5, keytype_from_text("M"));
 }
 
-TEST(ssl_init, SHA1KeyName) {
-	TEST_ASSERT_EQUAL_STRING("SHA1", keytype_name(NID_sha1));
+TEST(ssl_init, SHA1KeyType) {
+	TEST_ASSERT_EQUAL(NID_sha1, keytype_from_text("SHA1"));
 }
 
 TEST_GROUP_RUNNER(ssl_init) {
-	RUN_TEST_CASE(ssl_init, MD5KeyTypeWithoutDigestLength);
-	RUN_TEST_CASE(ssl_init, MD5KeyTypeWithDigestLength);
-	RUN_TEST_CASE(ssl_init, MD5KeyName);
+	RUN_TEST_CASE(ssl_init, MD5KeyType);
+	RUN_TEST_CASE(ssl_init, MD5KeyTypeLegacy);
 
-	RUN_TEST_CASE(ssl_init, SHA1KeyTypeWithDigestLength);
-	RUN_TEST_CASE(ssl_init, SHA1KeyName);
+	RUN_TEST_CASE(ssl_init, SHA1KeyType);
 }



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/920115ee0a5924bb72bdaa70113feaae35a50f10
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170130/2216c0f2/attachment.html>
