From: Juergen Perlinger <perlinger@ntp.org>
Date: Sat, 24 Oct 2020 06:52:24 +0000 (+0200)
Subject: [Bug 3682] Fixes for warnings when compiled without OpenSSL
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3539faabe53a24f6b956a179c28773014d33fcf0;p=thirdparty%2Fntp.git

[Bug 3682] Fixes for warnings when compiled without OpenSSL

bk: 5f93cf28W4Obs6AISUUcIY8jPcivPA
---

diff --git a/ChangeLog b/ChangeLog
index eeceaa9f1..50ed500bf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+---
+* [Bug 3682] Fixes for warnings when compiled without OpenSSL <perlinger@ntp.org>
+  - original patch by Gerry Garvey
+
 ---
 (4.2.8p15) 2020/06/23 Released by Harlan Stenn <stenn@ntp.org>
 
diff --git a/libntp/a_md5encrypt.c b/libntp/a_md5encrypt.c
index 57100de3a..b55ccbdbc 100644
--- a/libntp/a_md5encrypt.c
+++ b/libntp/a_md5encrypt.c
@@ -51,9 +51,9 @@ make_mac(
 	 * was created.
 	 */
 	size_t	retlen = 0;
-	
+
 #ifdef OPENSSL
-	
+
 	INIT_SSL();
 
 	/* Check if CMAC key type specific code required */
@@ -70,7 +70,7 @@ make_mac(
 			       (AES_128_KEY_SIZE - key->len));
 			keyptr = keybuf;
 		}
-		
+
 		if (NULL == (ctx = CMAC_CTX_new())) {
 			msyslog(LOG_ERR, "MAC encrypt: CMAC %s CTX new failed.", CMAC);
 			goto cmac_fail;
@@ -100,13 +100,13 @@ make_mac(
 	{	/* generic MAC handling */
 		EVP_MD_CTX *	ctx   = EVP_MD_CTX_new();
 		u_int		uilen = 0;
-		
+
 		if ( ! ctx) {
 			msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest CTX new failed.",
 				OBJ_nid2sn(ktype));
 			goto mac_fail;
 		}
-		
+
            #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
 		/* make sure MD5 is allowd */
 		EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
@@ -140,13 +140,13 @@ make_mac(
 		}
 	  mac_fail:
 		retlen = (size_t)uilen;
-		
+
 		if (ctx)
 			EVP_MD_CTX_free(ctx);
 	}
 
 #else /* !OPENSSL follows */
-	
+
 	if (ktype == NID_md5)
 	{
 		EVP_MD_CTX *	ctx   = EVP_MD_CTX_new();
@@ -158,8 +158,10 @@ make_mac(
 		else if ( ! ctx) {
 			msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 Digest CTX new failed.");
 		}
+		else if (!EVP_DigestInit(ctx, EVP_get_digestbynid(ktype))) {
+			msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 Digest INIT failed.");
+		}
 		else {
-			EVP_DigestInit(ctx, EVP_get_digestbynid(ktype));
 			EVP_DigestUpdate(ctx, key->buf, key->len);
 			EVP_DigestUpdate(ctx, msg->buf, msg->len);
 			EVP_DigestFinal(ctx, digest->buf, &uilen);
@@ -172,7 +174,7 @@ make_mac(
 	{
 		msyslog(LOG_ERR, "MAC encrypt: invalid key type %d"  , ktype);
 	}
-	
+
 #endif /* !OPENSSL */
 
 	return retlen;
@@ -196,7 +198,7 @@ MD5authencrypt(
 	u_char	digest[EVP_MAX_MD_SIZE];
 	rwbuffT digb = { digest, sizeof(digest) };
 	robuffT keyb = { key, klen };
-	robuffT msgb = { pkt, length };	
+	robuffT msgb = { pkt, length };
 	size_t	dlen = 0;
 
 	dlen = make_mac(&digb, type, &keyb, &msgb);
@@ -226,11 +228,11 @@ MD5authdecrypt(
 	u_char	digest[EVP_MAX_MD_SIZE];
 	rwbuffT digb = { digest, sizeof(digest) };
 	robuffT keyb = { key, klen };
-	robuffT msgb = { pkt, length };	
+	robuffT msgb = { pkt, length };
 	size_t	dlen = 0;
 
 	dlen = make_mac(&digb, type, &keyb, &msgb);
-	
+
 	/* If the MAC is longer than the MAX then truncate it. */
 	if (dlen > MAX_MDG_LEN)
 		dlen = MAX_MDG_LEN;
diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c
index 9c408034a..0d8749bbb 100644
--- a/ntpd/ntp_control.c
+++ b/ntpd/ntp_control.c
@@ -3656,6 +3656,7 @@ static u_int32 derive_nonce(
 	}		d;
 	EVP_MD_CTX	*ctx;
 	u_int		len;
+	int rc;
 
 	while (!salt[0] || current_time - last_salt_update >= 3600) {
 		salt[0] = ntp_random();
@@ -3669,10 +3670,15 @@ static u_int32 derive_nonce(
 #   if defined(OPENSSL) && defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
 	/* [Bug 3457] set flags and don't kill them again */
 	EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-	EVP_DigestInit_ex(ctx, EVP_get_digestbynid(NID_md5), NULL);
+	rc = EVP_DigestInit_ex(ctx, EVP_get_digestbynid(NID_md5), NULL);
 #   else
-	EVP_DigestInit(ctx, EVP_get_digestbynid(NID_md5));
+	rc = EVP_DigestInit(ctx, EVP_get_digestbynid(NID_md5));
 #   endif
+	if (!rc) {
+		msyslog(LOG_ERR, "EVP_DigestInit failed in '%s'", __func__);
+		return (0);
+	}
+
 	EVP_DigestUpdate(ctx, salt, sizeof(salt));
 	EVP_DigestUpdate(ctx, &ts_i, sizeof(ts_i));
 	EVP_DigestUpdate(ctx, &ts_f, sizeof(ts_f));
diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c
index eeb7a88fe..52357e9e0 100644
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -684,8 +684,7 @@ detach_from_terminal(
  * Map user name/number to user ID
 */
 static int
-map_user(
-	)
+map_user(void)
 {
 	char *endp;
 
diff --git a/ntpq/ntpq.c b/ntpq/ntpq.c
index 0382c0f94..e70b9547b 100644
--- a/ntpq/ntpq.c
+++ b/ntpq/ntpq.c
@@ -236,13 +236,15 @@ static	int	assoccmp	(const void *, const void *);
 
 #ifndef BUILD_AS_LIB
 static	char   *list_digest_names(void);
-static	char   *insert_cmac	(char *list);
 static	void	on_ctrlc	(void);
 static	int	my_easprintf	(char**, const char *, ...) NTP_PRINTF(2, 3);
-# if defined(OPENSSL) && defined(HAVE_EVP_MD_DO_ALL_SORTED)
+#ifdef OPENSSL
+static	char   *insert_cmac	(char *list);
+# ifdef HAVE_EVP_MD_DO_ALL_SORTED
 static	void	list_md_fn	(const EVP_MD *m, const char *from,
 				 const char *to, void *arg);
-# endif /* defined(OPENSSL) && defined(HAVE_EVP_MD_DO_ALL_SORTED) */
+# endif /* HAVE_EVP_MD_DO_ALL_SORTED */
+#endif /* OPENSSL */
 #endif /* !defined(BUILD_AS_LIB) */
 
 
diff --git a/sntp/crypto.c b/sntp/crypto.c
index 8a47edef7..5456c092a 100644
--- a/sntp/crypto.c
+++ b/sntp/crypto.c
@@ -36,7 +36,7 @@ compute_mac(
 	size_t		slen = 0;
 #endif
 	int		key_type;
-	
+
 	INIT_SSL();
 	key_type = keytype_from_text(macname, NULL);
 
@@ -69,16 +69,16 @@ compute_mac(
 			slen = 0;
 		}
 		len = (u_int)slen;
-		
+
 		if (ctx)
 			CMAC_CTX_free(ctx);
 		/* Test our AES-128-CMAC implementation */
-		
+
 	} else	/* MD5 MAC handling */
 #endif
 	{
 		EVP_MD_CTX *	ctx;
-		
+
 		if (!(ctx = EVP_MD_CTX_new())) {
 			msyslog(LOG_ERR, "make_mac: MAC %s Digest CTX new failed.",
 				macname);
@@ -111,7 +111,11 @@ compute_mac(
 			len = 0;
 		}
 #else /* !OPENSSL */
-		EVP_DigestInit(ctx, EVP_get_digestbynid(key_type));
+		(void)key_type; /* unused, so try to prevent compiler from croaks */
+		if (!EVP_DigestInit(ctx, EVP_get_digestbynid(key_type))) {
+			msyslog(LOG_ERR, "make_mac: MAC MD5 Digest Init failed.");
+			goto mac_fail;
+		}
 		EVP_DigestUpdate(ctx, key_data, key_size);
 		EVP_DigestUpdate(ctx, pkt_data, pkt_size);
 		EVP_DigestFinal(ctx, digest, &len);
@@ -134,7 +138,7 @@ make_mac(
 {
 	u_int		len;
 	u_char		dbuf[EVP_MAX_MD_SIZE];
-	
+
 	if (cmp_key->key_len > 64 || mac_size <= 0)
 		return 0;
 	if (pkt_size % 4 != 0)
@@ -143,7 +147,7 @@ make_mac(
 	len = compute_mac(dbuf, cmp_key->typen,
 			  pkt_data, (u_int)pkt_size,
 			  cmp_key->key_seq, (u_int)cmp_key->key_len);
-			  
+
 
 	if (len) {
 		if (len > (u_int)mac_size)
@@ -170,10 +174,10 @@ auth_md5(
 	u_int		len       = 0;
 	u_char const *	pkt_ptr   = pkt_data;
 	u_char		dbuf[EVP_MAX_MD_SIZE];
-	
+
 	if (mac_size <= 0 || (size_t)mac_size > sizeof(dbuf))
 		return FALSE;
-	
+
 	len = compute_mac(dbuf, cmp_key->typen,
 			  pkt_ptr, (u_int)pkt_size,
 			  cmp_key->key_seq, (u_int)cmp_key->key_len);
@@ -181,7 +185,7 @@ auth_md5(
 	pkt_ptr += pkt_size + 4;
 	if (len > (u_int)mac_size)
 		len = (u_int)mac_size;
-	
+
 	/* isc_tsmemcmp will be better when its easy to link with.  sntp
 	 * is a 1-shot program, so snooping for timing attacks is
 	 * Harder.
@@ -226,7 +230,7 @@ auth_init(
 
 	/* HMS: Is it OK to do this later, after we know we have a key file? */
 	INIT_SSL();
-	
+
 	if (keyf == NULL) {
 		if (debug)
 			printf("sntp auth_init: Couldn't open key file %s for reading!\n", keyfile);