NSD v3.2.4

1 files changed, 17 insertions, 19 deletions

diff --git a/usr.sbin/nsd/tsig-openssl.c b/usr.sbin/nsd/tsig-openssl.c
index 40a35f50324..5773fd2a674 100644
--- a/usr.sbin/nsd/tsig-openssl.c
+++ b/usr.sbin/nsd/tsig-openssl.c
@@ -7,9 +7,9 @@
  *
  */
 
-#include "config.h"
+#include <config.h>
 
-#if defined(HAVE_SSL)
+#if defined(TSIG) && defined(HAVE_SSL)
 
 #include "tsig-openssl.h"
 #include "tsig.h"
@@ -31,7 +31,7 @@ tsig_openssl_init_algorithm(region_type* region,
 
 	hmac_algorithm = EVP_get_digestbyname(digest);
 	if (!hmac_algorithm) {
-		/* skip but don't error */
+		log_msg(LOG_ERR, "%s digest not available", digest);
 		return 0;
 	}
 
@@ -58,23 +58,21 @@ tsig_openssl_init_algorithm(region_type* region,
 int
 tsig_openssl_init(region_type *region)
 {
-	int count = 0;
 	OpenSSL_add_all_digests();
 
-	count += tsig_openssl_init_algorithm(region,
-	    "md5", "hmac-md5","hmac-md5.sig-alg.reg.int.");
-	count += tsig_openssl_init_algorithm(region,
-	    "sha1", "hmac-sha1", "hmac-sha1.");
-	count += tsig_openssl_init_algorithm(region,
-	    "sha224", "hmac-sha224", "hmac-sha224.");
-	count += tsig_openssl_init_algorithm(region,
-	    "sha256", "hmac-sha256", "hmac-sha256.");
-	count += tsig_openssl_init_algorithm(region,
-	    "sha384", "hmac-sha384", "hmac-sha384.");
-	count += tsig_openssl_init_algorithm(region,
-	    "sha512", "hmac-sha512", "hmac-sha512.");
-
-	return count;
+	/* TODO: walk lookup supported algorithms table */
+	if (!tsig_openssl_init_algorithm(region, "md5", "hmac-md5","hmac-md5.sig-alg.reg.int."))
+		return 0;
+#ifdef HAVE_EVP_SHA1
+	if (!tsig_openssl_init_algorithm(region, "sha1", "hmac-sha1", "hmac-sha1."))
+		return 0;
+#endif /* HAVE_EVP_SHA1 */
+
+#ifdef HAVE_EVP_SHA256
+	if (!tsig_openssl_init_algorithm(region, "sha256", "hmac-sha256", "hmac-sha256."))
+		return 0;
+#endif /* HAVE_EVP_SHA256 */
+	return 1;
 }
 
 static void
@@ -126,4 +124,4 @@ tsig_openssl_finalize()
 	EVP_cleanup();
 }
 
-#endif /* defined(HAVE_SSL) */
+#endif /* defined(TSIG) && defined(HAVE_SSL) */