[Git][NTPsec/ntpsec][master] 3 commits: No need to look MD5 up by NID each time

Tue Jan 31 03:45:22 UTC 2017

Matt Selsky pushed to branch master at NTPsec / ntpsec


Commits:
8122430b by Matt Selsky at 2017-01-30T22:43:18-05:00
No need to look MD5 up by NID each time

- - - - -
db4fb0d8 by Matt Selsky at 2017-01-30T22:43:18-05:00
We use openssl digests, not ciphers; no need to load both

- - - - -
bae30527 by Matt Selsky at 2017-01-30T22:43:18-05:00
OpenSSL is completely mandatory, so mark checks consistently.

- - - - -


3 changed files:

- libntp/ssl_init.c
- ntpd/ntp_control.c
- wafhelpers/check_openssl.py


Changes:

=====================================
libntp/ssl_init.c
=====================================

--- a/libntp/ssl_init.c
+++ b/libntp/ssl_init.c
@@ -29,7 +29,7 @@ ssl_init(void)
 	init_lib();
 
 	ERR_load_crypto_strings();
-	OpenSSL_add_all_algorithms();
+	OpenSSL_add_all_digests();
 	atexit(&atexit_ssl_cleanup);
 
 	ssl_init_done = true;


=====================================
ntpd/ntp_control.c
=====================================
--- a/ntpd/ntp_control.c
+++ b/ntpd/ntp_control.c
@@ -3036,7 +3036,7 @@ static uint32_t derive_nonce(
 		last_salt_update = current_time;
 	}
 
-	EVP_DigestInit(&ctx, EVP_get_digestbynid(NID_md5));
+	EVP_DigestInit(&ctx, EVP_md5());
 	EVP_DigestUpdate(&ctx, salt, sizeof(salt));
 	EVP_DigestUpdate(&ctx, &ts_i, sizeof(ts_i));
 	EVP_DigestUpdate(&ctx, &ts_f, sizeof(ts_f));


=====================================
wafhelpers/check_openssl.py
=====================================
--- a/wafhelpers/check_openssl.py
+++ b/wafhelpers/check_openssl.py
@@ -6,7 +6,7 @@ int main(void) {
 #error OpenSSL is too old.
 #endif
     ERR_load_BIO_strings();
-    OpenSSL_add_all_algorithms();
+    OpenSSL_add_all_digests();
     return 0;
 }
 """
@@ -20,16 +20,15 @@ def configure_openssl(ctx):
     headers = (
         "openssl/err.h",
         "openssl/evp.h",
-        "openssl/rand.h",    # only used in tests/libntp
+        "openssl/rand.h",
         "openssl/objects.h",
     )
 
     for hdr in headers:
-        if not ctx.check_cc(header_name=hdr, mandatory=True,
-                            comment="<%s> header" % hdr):
+        if not ctx.check_cc(header_name=hdr, comment="<%s> header" % hdr):
             OPENSSL_HEADERS = False
 
-    if not ctx.check_cc(lib="crypto", mandatory=False):
+    if not ctx.check_cc(lib="crypto"):
         OPENSSL_LIB = False
 
     if OPENSSL_HEADERS and OPENSSL_LIB:
@@ -37,7 +36,6 @@ def configure_openssl(ctx):
             fragment=OPENSSL_FRAG % "\n".join(["#include <%s>" % x
                                                for x in headers]),
             execute=True,
-            mandatory=False,
             use="CRYPTO",
             msg="Checking if OpenSSL works",
             comment="OpenSSL support"



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/3aa23e322587c12a22174c1de078b938bf397b6a...bae3052798ce2e86a038ec497806672001874e5d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170131/63c88719/attachment.html>
