From: Juergen Perlinger Date: Thu, 29 Sep 2016 20:53:30 +0000 (+0000) Subject: created 'X509_get_signature_nid()' shim for OpenSSL < v1.1.0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=23475d3fa44ba63eca4c64a6dd25834a3eecbe72;p=thirdparty%2Fntp.git created 'X509_get_signature_nid()' shim for OpenSSL < v1.1.0 fixed unit test for sntp/packetProcessing to work with or without AUTOKEY flag bk: 57ed7f4aEPHp3EQbeJpLKxn7HiXyzA --- diff --git a/include/libssl_compat.h b/include/libssl_compat.h index 65d7501f8..a8938a151 100644 --- a/include/libssl_compat.h +++ b/include/libssl_compat.h @@ -28,6 +28,9 @@ #if OPENSSL_VERSION_NUMBER < 0x10100000L /* ----------------------------------------------------------------- */ +# include +# include + /* shim the new-style API on an old-style OpenSSL */ extern BN_GENCB* sslshimBN_GENCB_new(void); @@ -62,6 +65,8 @@ extern void sslshim_DSA_get0_key(const DSA *pdsa, const BIGNUM **ppub_key, extern int sslshim_DSA_set0_key(DSA *pdsa, BIGNUM *pub_key, BIGNUM *priv_key); +extern int sslshim_X509_get_signature_nid(const X509 *x); + #define BN_GENCB_new sslshimBN_GENCB_new #define BN_GENCB_free sslshimBN_GENCB_free @@ -86,8 +91,10 @@ extern int sslshim_DSA_set0_key(DSA *pdsa, BIGNUM *pub_key, #define DSA_get0_key sslshim_DSA_get0_key #define DSA_set0_key sslshim_DSA_set0_key +#define X509_get_signature_nid sslshim_X509_get_signature_nid + /* ----------------------------------------------------------------- */ -#endif /* OPENSSL_VERSION_NUMBER checks */ +#endif /* OPENSSL_VERSION_NUMBER < v1.1.0 */ /* ----------------------------------------------------------------- */ #endif /* NTP_LIBSSL_COMPAT_H */ diff --git a/libntp/libssl_compat.c b/libntp/libssl_compat.c index 513d3d8ee..ce6acb7d3 100644 --- a/libntp/libssl_compat.c +++ b/libntp/libssl_compat.c @@ -316,8 +316,16 @@ sslshim_DSA_set0_key( return 1; } +int +sslshim_X509_get_signature_nid( + const X509 *x + ) +{ + return OBJ_obj2nid(x->sig_alg->algorithm); +} + /* ----------------------------------------------------------------- */ -#else +#else /* OPENSSL_VERSION_NUMBER >= v1.1.0 */ /* ----------------------------------------------------------------- */ NONEMPTY_TRANSLATION_UNIT diff --git a/libntp/ssl_init.c b/libntp/ssl_init.c index 16438ad7d..ef0f1c185 100644 --- a/libntp/ssl_init.c +++ b/libntp/ssl_init.c @@ -64,17 +64,6 @@ ssl_check_version(void) INIT_SSL(); } -# if OPENSSL_VERSION_NUMBER < 0x10002000L -# include -# include - -int X509_get_signature_nid(const X509 *x); - -int X509_get_signature_nid(const X509 *x) -{ - return OBJ_obj2nid(x->sig_alg->algorithm); -} -# endif #endif /* OPENSSL */ diff --git a/sntp/tests/packetProcessing.c b/sntp/tests/packetProcessing.c index 408054616..660b5b6e2 100644 --- a/sntp/tests/packetProcessing.c +++ b/sntp/tests/packetProcessing.c @@ -163,7 +163,6 @@ test_LengthNotMultipleOfFour(void) void test_TooShortExtensionFieldLength(void) { -XXX BO FRAG 1 /* [Bug 2998] We have to get around the formal specification of * the extension field if AUTOKEY is undefined. (At least CLANG * issues a warning in this case. It's just a warning, but @@ -171,9 +170,6 @@ XXX BO FRAG 1 */ uint32_t * pe = testpkt.p.exten + 7; -XXX ELSE -#ifdef AUTOKEY -XXX EO FRAG 1 /* The lower 16-bits are the length of the extension field. * This lengths must be multiples of 4 bytes, which gives * a minimum of 4 byte extension field length. @@ -187,17 +183,8 @@ XXX EO FRAG 1 int pkt_len = LEN_PKT_NOMAC + 4 + 24; TEST_ASSERT_EQUAL(PACKET_UNUSEABLE, -XXX ORIG FRAG 2 - process_pkt(&testpkt, &testsock, pkt_len, - MODE_SERVER, &testspkt, "UnitTest")); -XXX BO FRAG 2 process_pkt(&testpkt.p, &testsock, pkt_len, MODE_SERVER, &testspkt.p, "UnitTest")); -XXX ELSE FRAG 2 - process_pkt(&testpkt, &testsock, pkt_len, - MODE_SERVER, &testspkt, "UnitTest")); -#endif /* AUTOKEY */ -XXX EO FRAG 2 }