+---
+* [Bug 3682] Fixes for warnings when compiled without OpenSSL <perlinger@ntp.org>
+ - original patch by Gerry Garvey
+
---
(4.2.8p15) 2020/06/23 Released by Harlan Stenn <stenn@ntp.org>
* was created.
*/
size_t retlen = 0;
-
+
#ifdef OPENSSL
-
+
INIT_SSL();
/* Check if CMAC key type specific code required */
(AES_128_KEY_SIZE - key->len));
keyptr = keybuf;
}
-
+
if (NULL == (ctx = CMAC_CTX_new())) {
msyslog(LOG_ERR, "MAC encrypt: CMAC %s CTX new failed.", CMAC);
goto cmac_fail;
{ /* generic MAC handling */
EVP_MD_CTX * ctx = EVP_MD_CTX_new();
u_int uilen = 0;
-
+
if ( ! ctx) {
msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest CTX new failed.",
OBJ_nid2sn(ktype));
goto mac_fail;
}
-
+
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* make sure MD5 is allowd */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
}
mac_fail:
retlen = (size_t)uilen;
-
+
if (ctx)
EVP_MD_CTX_free(ctx);
}
#else /* !OPENSSL follows */
-
+
if (ktype == NID_md5)
{
EVP_MD_CTX * ctx = EVP_MD_CTX_new();
else if ( ! ctx) {
msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 Digest CTX new failed.");
}
+ else if (!EVP_DigestInit(ctx, EVP_get_digestbynid(ktype))) {
+ msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 Digest INIT failed.");
+ }
else {
- EVP_DigestInit(ctx, EVP_get_digestbynid(ktype));
EVP_DigestUpdate(ctx, key->buf, key->len);
EVP_DigestUpdate(ctx, msg->buf, msg->len);
EVP_DigestFinal(ctx, digest->buf, &uilen);
{
msyslog(LOG_ERR, "MAC encrypt: invalid key type %d" , ktype);
}
-
+
#endif /* !OPENSSL */
return retlen;
u_char digest[EVP_MAX_MD_SIZE];
rwbuffT digb = { digest, sizeof(digest) };
robuffT keyb = { key, klen };
- robuffT msgb = { pkt, length };
+ robuffT msgb = { pkt, length };
size_t dlen = 0;
dlen = make_mac(&digb, type, &keyb, &msgb);
u_char digest[EVP_MAX_MD_SIZE];
rwbuffT digb = { digest, sizeof(digest) };
robuffT keyb = { key, klen };
- robuffT msgb = { pkt, length };
+ robuffT msgb = { pkt, length };
size_t dlen = 0;
dlen = make_mac(&digb, type, &keyb, &msgb);
-
+
/* If the MAC is longer than the MAX then truncate it. */
if (dlen > MAX_MDG_LEN)
dlen = MAX_MDG_LEN;
} d;
EVP_MD_CTX *ctx;
u_int len;
+ int rc;
while (!salt[0] || current_time - last_salt_update >= 3600) {
salt[0] = ntp_random();
# if defined(OPENSSL) && defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
/* [Bug 3457] set flags and don't kill them again */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_DigestInit_ex(ctx, EVP_get_digestbynid(NID_md5), NULL);
+ rc = EVP_DigestInit_ex(ctx, EVP_get_digestbynid(NID_md5), NULL);
# else
- EVP_DigestInit(ctx, EVP_get_digestbynid(NID_md5));
+ rc = EVP_DigestInit(ctx, EVP_get_digestbynid(NID_md5));
# endif
+ if (!rc) {
+ msyslog(LOG_ERR, "EVP_DigestInit failed in '%s'", __func__);
+ return (0);
+ }
+
EVP_DigestUpdate(ctx, salt, sizeof(salt));
EVP_DigestUpdate(ctx, &ts_i, sizeof(ts_i));
EVP_DigestUpdate(ctx, &ts_f, sizeof(ts_f));
* Map user name/number to user ID
*/
static int
-map_user(
- )
+map_user(void)
{
char *endp;
#ifndef BUILD_AS_LIB
static char *list_digest_names(void);
-static char *insert_cmac (char *list);
static void on_ctrlc (void);
static int my_easprintf (char**, const char *, ...) NTP_PRINTF(2, 3);
-# if defined(OPENSSL) && defined(HAVE_EVP_MD_DO_ALL_SORTED)
+#ifdef OPENSSL
+static char *insert_cmac (char *list);
+# ifdef HAVE_EVP_MD_DO_ALL_SORTED
static void list_md_fn (const EVP_MD *m, const char *from,
const char *to, void *arg);
-# endif /* defined(OPENSSL) && defined(HAVE_EVP_MD_DO_ALL_SORTED) */
+# endif /* HAVE_EVP_MD_DO_ALL_SORTED */
+#endif /* OPENSSL */
#endif /* !defined(BUILD_AS_LIB) */
size_t slen = 0;
#endif
int key_type;
-
+
INIT_SSL();
key_type = keytype_from_text(macname, NULL);
slen = 0;
}
len = (u_int)slen;
-
+
if (ctx)
CMAC_CTX_free(ctx);
/* Test our AES-128-CMAC implementation */
-
+
} else /* MD5 MAC handling */
#endif
{
EVP_MD_CTX * ctx;
-
+
if (!(ctx = EVP_MD_CTX_new())) {
msyslog(LOG_ERR, "make_mac: MAC %s Digest CTX new failed.",
macname);
len = 0;
}
#else /* !OPENSSL */
- EVP_DigestInit(ctx, EVP_get_digestbynid(key_type));
+ (void)key_type; /* unused, so try to prevent compiler from croaks */
+ if (!EVP_DigestInit(ctx, EVP_get_digestbynid(key_type))) {
+ msyslog(LOG_ERR, "make_mac: MAC MD5 Digest Init failed.");
+ goto mac_fail;
+ }
EVP_DigestUpdate(ctx, key_data, key_size);
EVP_DigestUpdate(ctx, pkt_data, pkt_size);
EVP_DigestFinal(ctx, digest, &len);
{
u_int len;
u_char dbuf[EVP_MAX_MD_SIZE];
-
+
if (cmp_key->key_len > 64 || mac_size <= 0)
return 0;
if (pkt_size % 4 != 0)
len = compute_mac(dbuf, cmp_key->typen,
pkt_data, (u_int)pkt_size,
cmp_key->key_seq, (u_int)cmp_key->key_len);
-
+
if (len) {
if (len > (u_int)mac_size)
u_int len = 0;
u_char const * pkt_ptr = pkt_data;
u_char dbuf[EVP_MAX_MD_SIZE];
-
+
if (mac_size <= 0 || (size_t)mac_size > sizeof(dbuf))
return FALSE;
-
+
len = compute_mac(dbuf, cmp_key->typen,
pkt_ptr, (u_int)pkt_size,
cmp_key->key_seq, (u_int)cmp_key->key_len);
pkt_ptr += pkt_size + 4;
if (len > (u_int)mac_size)
len = (u_int)mac_size;
-
+
/* isc_tsmemcmp will be better when its easy to link with. sntp
* is a 1-shot program, so snooping for timing attacks is
* Harder.
/* HMS: Is it OK to do this later, after we know we have a key file? */
INIT_SSL();
-
+
if (keyf == NULL) {
if (debug)
printf("sntp auth_init: Couldn't open key file %s for reading!\n", keyfile);
projects / thirdparty / ntp.git / commitdiff
