[Git][NTPsec/ntpsec][master] 2 commits: Revert "Sigh, fix previous fix to work with older OpenSSL"

Hal Murray gitlab at mg.gitlab.com
Wed Feb 28 21:03:32 UTC 2018 

Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
20bf0a6f by Hal Murray at 2018-02-28T13:02:01-08:00
Revert "Sigh, fix previous fix to work with older OpenSSL"

This reverts commit 1e4176d198f82ea0cca897980cdcb569c68439a2.
It broke the normal case.

- - - - -
9631bcf0 by Hal Murray at 2018-02-28T13:02:39-08:00
Revert "Fix for Issue #461 (OSx)"

This reverts commit 58ad217e07330ee6e30da98b6c4b241d551ceb00.
It broke the old OpenSSL case.  Back to OSx being broken.

- - - - -


5 changed files:

- attic/digest-timing.c
- include/ntp_stdlib.h
- libntp/macencrypt.c
- + libntp/ssl_init.c
- libntp/wscript


Changes:

=====================================
attic/digest-timing.c
=====================================
--- a/attic/digest-timing.c
+++ b/attic/digest-timing.c
@@ -23,10 +23,10 @@
 
 #ifndef EVP_MD_CTX_reset
 /* Slightly older version of OpenSSL */
-/* Similar hack in libntp/macencrypt.c */
+/* Similar hack in ssl_init.c */
 #define EVP_MD_CTX_new() EVP_MD_CTX_create()
-#define EVP_MD_CTX_free(ctx) EVP_MD_CTX_destroy((ctx))
-#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_init((ctx))
+#define EVP_MD_CTX_free(ctx) EVP_MD_CTX_destroy(ctx)
+#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_init(ctx)
 #endif
 
 


=====================================
include/ntp_stdlib.h
=====================================
--- a/include/ntp_stdlib.h
+++ b/include/ntp_stdlib.h
@@ -10,6 +10,7 @@
 #include <signal.h>
 #include <errno.h>
 #include <stdarg.h>
+#include <openssl/evp.h>
 
 #include "declcond.h"	/* ntpd uses ntpd/declcond.h, others include/ */
 #include "ntp_net.h"
@@ -154,6 +155,10 @@ extern bool	ipv6_works;
 /* ssl_init.c */
 extern	void	ssl_init	(void);
 
+/* Avoid 2x create/destroy per packet.
+ * need per thread if we start using threads. */
+EVP_MD_CTX *digest_ctx;
+
 /* strl-obsd.c */
 #ifndef HAVE_STRLCPY		/* + */
 /*


=====================================
libntp/macencrypt.c
=====================================
--- a/libntp/macencrypt.c
+++ b/libntp/macencrypt.c
@@ -14,17 +14,10 @@
 #include "ntp_stdlib.h"
 #include "ntp.h"
 
-static bool ssl_init_done;
-/* Need one per thread. */
-EVP_MD_CTX *digest_ctx;
-
 #ifndef EVP_MD_CTX_reset
 /* Slightly older version of OpenSSL */
 /* Similar hack in ssl_init.c and attic/digest-timing.c */
-#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_init((ctx))
-#endif
-#ifndef EVP_MD_CTX_new
-#define EVP_MD_CTX_new() EVP_MD_CTX_create()
+#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_init(ctx)
 #endif
 
 /* ctmemeq - test two blocks memory for equality without leaking
@@ -162,35 +155,3 @@ addr2refid(sockaddr_u *addr)
 	memcpy(&addr_refid, digest, sizeof(addr_refid));
 	return (addr_refid);
 }
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-static void     atexit_ssl_cleanup(void);
-#endif
-
-void
-ssl_init(void)
-{
-	if (ssl_init_done)
-		return;
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-	OpenSSL_add_all_digests();
-	atexit(&atexit_ssl_cleanup);
-#endif
-
-	digest_ctx = EVP_MD_CTX_new();
-	ssl_init_done = true;
-}
-
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-static void
-atexit_ssl_cleanup(void)
-{
-	if (!ssl_init_done)
-		return;
-
-	ssl_init_done = false;
-	EVP_cleanup();
-}
-#endif


=====================================
libntp/ssl_init.c
=====================================
--- /dev/null
+++ b/libntp/ssl_init.c
@@ -0,0 +1,53 @@
+/*
+ * ssl_init.c	Common OpenSSL initialization code for the various
+ *		programs which use it.
+ *
+ * Moved from ntpd/ntp_crypto.c crypto_setup()
+ */
+
+#include "config.h"
+#include "ntp_stdlib.h"
+
+#include <stdbool.h>
+#include <openssl/evp.h>
+
+#ifndef EVP_MD_CTX_new
+/* Slightly older version of OpenSSL */
+/* Similar hack in macencrypt.c and attic/digest-timing.c */
+#define EVP_MD_CTX_new() EVP_MD_CTX_create()
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+static void	atexit_ssl_cleanup(void);
+#endif
+
+static bool ssl_init_done;
+EVP_MD_CTX *digest_ctx;
+
+void
+ssl_init(void)
+{
+	if (ssl_init_done)
+		return;
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+	OpenSSL_add_all_digests();
+	atexit(&atexit_ssl_cleanup);
+#endif
+
+	digest_ctx = EVP_MD_CTX_new();
+	ssl_init_done = true;
+}
+
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+static void
+atexit_ssl_cleanup(void)
+{
+	if (!ssl_init_done)
+		return;
+
+	ssl_init_done = false;
+	EVP_cleanup();
+}
+#endif


=====================================
libntp/wscript
=====================================
--- a/libntp/wscript
+++ b/libntp/wscript
@@ -22,6 +22,7 @@ def build(ctx):
         "refidsmear.c",
         "socket.c",
         "socktoa.c",
+        "ssl_init.c",
         "syssignal.c",
     ]
 



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/1e4176d198f82ea0cca897980cdcb569c68439a2...9631bcf02da809f205fe3a2eaf872b0e9748f15f

---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/1e4176d198f82ea0cca897980cdcb569c68439a2...9631bcf02da809f205fe3a2eaf872b0e9748f15f
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20180228/2780c854/attachment.html>

More information about the vc mailing list