From 4b6fd798a7228b2985040a28a5056788fe6cabb0 Mon Sep 17 00:00:00 2001 From: Arran Cudbard-Bell Date: Mon, 21 Mar 2022 21:17:51 -0400 Subject: [PATCH] Fix free lists for md4/md5 for our internal md4/md5 functions --- src/lib/util/hmac_md5.c | 4 +- src/lib/util/md4.c | 194 +++++++++++---------- src/lib/util/md4.h | 12 +- src/lib/util/md5.c | 235 ++++++++++++-------------- src/lib/util/md5.h | 13 +- src/modules/rlm_pap/rlm_pap.c | 4 +- src/protocols/radius/base.c | 8 +- src/protocols/radius/decode.c | 16 +- src/protocols/radius/encode.c | 20 +-- src/tests/util/radius1_test.c | 4 +- src/tests/util/radius_schedule_test.c | 4 +- 11 files changed, 264 insertions(+), 250 deletions(-) diff --git a/src/lib/util/hmac_md5.c b/src/lib/util/hmac_md5.c index bdc900f2d3..630138e69b 100644 --- a/src/lib/util/hmac_md5.c +++ b/src/lib/util/hmac_md5.c @@ -124,7 +124,7 @@ int fr_hmac_md5(uint8_t digest[MD5_DIGEST_LENGTH], uint8_t const *in, size_t inl uint8_t tk[16]; int i; - ctx = fr_md5_ctx_alloc(true); + ctx = fr_md5_ctx_alloc_from_list(); /* if key is longer than 64 bytes reset it to key=MD5(key) */ if (key_len > 64) { @@ -175,7 +175,7 @@ int fr_hmac_md5(uint8_t digest[MD5_DIGEST_LENGTH], uint8_t const *in, size_t inl fr_md5_update(ctx, digest, 16); /* then results of 1st hash */ fr_md5_final(digest, ctx); /* finish up 2nd pass */ - fr_md5_ctx_free(&ctx); + fr_md5_ctx_free_from_list(&ctx); return 0; } diff --git a/src/lib/util/md4.c b/src/lib/util/md4.c index 38311ecf46..d47bab9647 100644 --- a/src/lib/util/md4.c +++ b/src/lib/util/md4.c @@ -16,8 +16,16 @@ RCSID("$Id$") */ #include -static _Thread_local fr_md4_ctx_t *md4_ctx; - +/** The thread local free list + * + * Any entries remaining in the list will be freed when the thread is joined + */ +#define ARRAY_SIZE (8) +typedef struct { + bool used; + fr_md4_ctx_t *md_ctx; +} fr_md4_free_list_t; +static _Thread_local fr_md4_free_list_t *md4_array; /* * If we have OpenSSL's EVP API available, then build wrapper functions. * @@ -36,11 +44,6 @@ static _Thread_local fr_md4_ctx_t *md4_ctx; static int have_openssl_md4 = -1; -static void _md4_ctx_openssl_free_on_exit(void *arg) -{ - EVP_MD_CTX_free(arg); -} - /** @copydoc fr_md4_ctx_reset * */ @@ -63,46 +66,21 @@ static void fr_md4_openssl_ctx_copy(fr_md4_ctx_t *dst, fr_md4_ctx_t const *src) /** @copydoc fr_md4_ctx_alloc * */ -static fr_md4_ctx_t *fr_md4_openssl_ctx_alloc(bool thread_local) +static fr_md4_ctx_t *fr_md4_openssl_ctx_alloc(void) { EVP_MD_CTX *md_ctx; - /* - * Use the thread local ctx to avoid heap allocations. - */ - if (thread_local) { - if (unlikely(!md4_ctx)) { - md_ctx = EVP_MD_CTX_new(); - if (unlikely(!md_ctx)) { - oom: - fr_strerror_const("Out of memory"); - return NULL; - } - fr_atexit_thread_local(md4_ctx, _md4_ctx_openssl_free_on_exit, md_ctx); - if (unlikely(EVP_DigestInit_ex(md_ctx, EVP_md4(), NULL) != 1)) { - char buffer[256]; - error: + md_ctx = EVP_MD_CTX_new(); + if (unlikely(!md_ctx)) return NULL; - ERR_error_string_n(ERR_get_error(), buffer, sizeof(buffer)); + if (EVP_DigestInit_ex(md_ctx, EVP_md4(), NULL) != 1) { + char buffer[256]; - fr_strerror_printf("Failed initialising MD4 ctx: %s", buffer); - EVP_MD_CTX_free(md_ctx); - md_ctx = NULL; + ERR_error_string_n(ERR_get_error(), buffer, sizeof(buffer)); + fr_strerror_printf("Failed initialising md4 ctx: %s", buffer); + EVP_MD_CTX_free(md_ctx); - return NULL; - } - } else { - md_ctx = md4_ctx; - } - /* - * If the MD4 ctx might be used across a yield point - * shared should be set to false, and new contexts - * should be allocated. - */ - } else { - md_ctx = EVP_MD_CTX_new(); - if (unlikely(!md_ctx)) goto oom; - if (EVP_DigestInit_ex(md_ctx, EVP_md4(), NULL) != 1) goto error; + return NULL; } return md_ctx; @@ -113,12 +91,6 @@ static fr_md4_ctx_t *fr_md4_openssl_ctx_alloc(bool thread_local) */ static void fr_md4_openssl_ctx_free(fr_md4_ctx_t **ctx) { - if (md4_ctx && (md4_ctx == *ctx)) { - fr_md4_openssl_ctx_reset(*ctx); - *ctx = NULL; - return; - } - EVP_MD_CTX_free(*ctx); *ctx = NULL; } @@ -149,7 +121,7 @@ static void fr_md4_openssl_final(uint8_t out[static MD4_DIGEST_LENGTH], fr_md4_c * The algorithm is due to Ron Rivest. This code was * written by Colin Plumb in 1993, no copyright is claimed. * This code is in the public domain; do with it what you wish. - * Todd C. Miller modified the MD5 code to do MD4 based on RFC 1186. + * Todd C. Miller modified the md4 code to do MD4 based on RFC 1186. * * Equivalent code is available from RSA Data Security, Inc. * This code has been tested against that, and is equivalent, @@ -336,15 +308,10 @@ static void fr_md4_local_ctx_copy(fr_md4_ctx_t *dst, fr_md4_ctx_t const *src) memcpy(ctx_local_dst, ctx_local_src, sizeof(*ctx_local_dst)); } -static void _md4_ctx_local_free_on_exit(void *arg) -{ - talloc_free(arg); -} - /** @copydoc fr_md4_ctx_alloc * */ -static fr_md4_ctx_t *fr_md4_local_ctx_alloc(bool thread_local) +static fr_md4_ctx_t *fr_md4_local_ctx_alloc(void) { fr_md4_ctx_local_t *ctx_local; @@ -373,35 +340,15 @@ static fr_md4_ctx_t *fr_md4_local_ctx_alloc(bool thread_local) fr_md4_update = fr_md4_openssl_update; fr_md4_final = fr_md4_openssl_final; - return fr_md4_ctx_alloc(thread_local); + return fr_md4_ctx_alloc(); } have_openssl_md4 = 0; } #endif - - /* - * Use the thread local ctx to avoid heap allocations. - */ - if (thread_local) { - if (unlikely(!md4_ctx)) { - ctx_local = talloc(NULL, fr_md4_ctx_local_t); - if (unlikely(!ctx_local)) return NULL; - fr_md4_local_ctx_reset(ctx_local); - fr_atexit_thread_local(md4_ctx, _md4_ctx_local_free_on_exit, ctx_local); - } else { - ctx_local = md4_ctx; - } - /* - * If the MD4 ctx might be used across a yield point - * shared should be set to false, and new contexts - * should be allocated. - */ - } else { - ctx_local = talloc(NULL, fr_md4_ctx_local_t); - if (unlikely(!ctx_local)) return NULL; - fr_md4_local_ctx_reset(ctx_local); - } + ctx_local = talloc(NULL, fr_md4_ctx_local_t); + if (unlikely(!ctx_local)) return NULL; + fr_md4_local_ctx_reset(ctx_local); return ctx_local; } @@ -411,12 +358,6 @@ static fr_md4_ctx_t *fr_md4_local_ctx_alloc(bool thread_local) */ static void fr_md4_local_ctx_free(fr_md4_ctx_t **ctx) { - if (md4_ctx && (md4_ctx == *ctx)) { - fr_md4_local_ctx_reset(*ctx); - *ctx = NULL; - return; /* Don't free the thread_local ctx */ - } - talloc_free(*ctx); *ctx = NULL; } @@ -544,8 +485,89 @@ void fr_md4_calc(uint8_t out[static MD4_DIGEST_LENGTH], uint8_t const *in, size_ { fr_md4_ctx_t *ctx; - ctx = fr_md4_ctx_alloc(true); + ctx = fr_md4_ctx_alloc_from_list(); fr_md4_update(ctx, in, inlen); fr_md4_final(out, ctx); - fr_md4_ctx_free(&ctx); + fr_md4_ctx_free_from_list(&ctx); +} + +static void _md4_ctx_free_on_exit(void *arg) +{ + int i; + fr_md4_free_list_t *free_list = arg; + + for (i = 0; i < ARRAY_SIZE; i++) { + if (free_list[i].used) continue; + + fr_md4_ctx_free(&free_list[i].md_ctx); + } + talloc_free(free_list); +} + +/** @copydoc fr_md4_ctx_alloc + * + */ +fr_md4_ctx_t *fr_md4_ctx_alloc_from_list(void) +{ + int i; + fr_md4_ctx_t *md_ctx; + fr_md4_free_list_t *free_list; + + if (unlikely(!md4_array)) { + free_list = talloc_zero_array(NULL, fr_md4_free_list_t, ARRAY_SIZE); + if (unlikely(!free_list)) { + oom: + fr_strerror_const("Out of Memory"); + return NULL; + } + + fr_atexit_thread_local(md4_array, _md4_ctx_free_on_exit, free_list); + + /* + * Initialize all md4 contexts + */ + for (i = 0; i < ARRAY_SIZE; i++) { + md_ctx = fr_md4_ctx_alloc(); + if (unlikely(md_ctx == NULL)) goto oom; + + free_list[i].md_ctx = md_ctx; + } + } else { + free_list = md4_array; + } + + for (i = 0; i < ARRAY_SIZE; i++) { + if (free_list[i].used) continue; + + free_list[i].used = true; + return free_list[i].md_ctx; + } + + /* + * No more free contexts, just allocate a new one. + */ + return fr_md4_ctx_alloc(); +} + +/** @copydoc fr_md4_ctx_free + * + */ +void fr_md4_ctx_free_from_list(fr_md4_ctx_t **ctx) +{ + int i; + fr_md4_free_list_t *free_list = md4_array; + + if (free_list) { + for (i = 0; i < ARRAY_SIZE; i++) { + if (free_list[i].md_ctx == *ctx) { + free_list[i].used = false; + fr_md4_ctx_reset(*ctx); + *ctx = NULL; + return; + } + } + } + + fr_md4_ctx_free(*ctx); + *ctx = NULL; } diff --git a/src/lib/util/md4.h b/src/lib/util/md4.h index b4eb5ca6b0..8ae9010f53 100644 --- a/src/lib/util/md4.h +++ b/src/lib/util/md4.h @@ -46,12 +46,11 @@ extern fr_md4_ctx_copy_t fr_md4_ctx_copy; /** Allocation function for MD4 digest context * - * @param[in] shared Whether we allocate a new context or use the thread local context. * @return * - An MD4 ctx. * - NULL if out of memory. */ -typedef fr_md4_ctx_t *(*fr_md4_ctx_alloc_t)(bool shared); +typedef fr_md4_ctx_t *(*fr_md4_ctx_alloc_t)(void); extern fr_md4_ctx_alloc_t fr_md4_ctx_alloc; /** Free function for MD4 digest ctx @@ -85,6 +84,15 @@ extern fr_md4_final_t fr_md4_final; */ void fr_md4_calc(uint8_t out[static MD4_DIGEST_LENGTH], uint8_t const *in, size_t inlen); +/** Allocate an md4 context from a free list + * + */ +fr_md4_ctx_t *fr_md4_ctx_alloc_from_list(void); + +/** Release an md4 context back to a free list + * + */ +void fr_md4_ctx_free_from_list(fr_md4_ctx_t **ctx); #ifdef __cplusplus } #endif diff --git a/src/lib/util/md5.c b/src/lib/util/md5.c index ff999c583d..67d7047755 100644 --- a/src/lib/util/md5.c +++ b/src/lib/util/md5.c @@ -20,7 +20,12 @@ RCSID("$Id$") * * Any entries remaining in the list will be freed when the thread is joined */ -static _Thread_local fr_md5_ctx_t * md5_ctx; +#define ARRAY_SIZE (8) +typedef struct { + bool used; + fr_md5_ctx_t *md_ctx; +} fr_md5_free_list_t; +static _Thread_local fr_md5_free_list_t *md5_array; /* * If we have OpenSSL's EVP API available, then build wrapper functions. @@ -29,13 +34,6 @@ static _Thread_local fr_md5_ctx_t * md5_ctx; * be operating in FIPS mode where MD5 digest functions are unavailable. */ #ifdef HAVE_OPENSSL_EVP_H -#define ARRAY_SIZE (8) -typedef struct { - bool used; - fr_md5_ctx_t *md_ctx; -} fr_md5_free_list_t; -static _Thread_local fr_md5_free_list_t *md5_array; - # include # include # include @@ -47,19 +45,6 @@ static _Thread_local fr_md5_free_list_t *md5_array; static int have_openssl_md5 = -1; -static void _md5_ctx_openssl_free_on_exit(void *arg) -{ - int i; - fr_md5_free_list_t *free_list = arg; - - for (i = 0; i < ARRAY_SIZE; i++) { - if (free_list[i].used) continue; - - EVP_MD_CTX_free(free_list[i].md_ctx); - } - talloc_free(free_list); -} - /** @copydoc fr_md5_ctx_reset * */ @@ -68,7 +53,7 @@ static void fr_md5_openssl_ctx_reset(fr_md5_ctx_t *ctx) EVP_MD_CTX *md_ctx = ctx; EVP_MD_CTX_reset(md_ctx); - EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL); + (void)EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL); } /** @copydoc fr_md5_ctx_copy @@ -82,71 +67,24 @@ static void fr_md5_openssl_ctx_copy(fr_md5_ctx_t *dst, fr_md5_ctx_t const *src) /** @copydoc fr_md5_ctx_alloc * */ -static fr_md5_ctx_t *fr_md5_openssl_ctx_alloc(bool thread_local) +static fr_md5_ctx_t *fr_md5_openssl_ctx_alloc(void) { - int i; EVP_MD_CTX *md_ctx; - fr_md5_free_list_t *free_list; - thread_local = true; - - /* - * Use the thread local ctx to avoid heap allocations. - */ - if (!thread_local) { - alloc: - md_ctx = EVP_MD_CTX_new(); - if (unlikely(!md_ctx)) { - oom: - fr_strerror_const("Out of memory"); - return NULL; - } - if (unlikely(EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL) != 1)) { - char buffer[256]; - error: + md_ctx = EVP_MD_CTX_new(); + if (unlikely(!md_ctx)) return NULL; - ERR_error_string_n(ERR_get_error(), buffer, sizeof(buffer)); + if (EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL) != 1) { + char buffer[256]; - fr_strerror_printf("Failed initialising MD5 ctx: %s", buffer); - EVP_MD_CTX_free(md_ctx); - md_ctx = NULL; + ERR_error_string_n(ERR_get_error(), buffer, sizeof(buffer)); + fr_strerror_printf("Failed initialising MD5 ctx: %s", buffer); + EVP_MD_CTX_free(md_ctx); - return NULL; - } - return md_ctx; + return NULL; } - if (unlikely(!md5_array)) { - free_list = talloc_zero_array(NULL, fr_md5_free_list_t, ARRAY_SIZE); - if (unlikely(!free_list)) goto oom; - - fr_atexit_thread_local(md5_array, _md5_ctx_openssl_free_on_exit, free_list); - - /* - * Initialize all MD5 contexts - */ - for (i = 0; i < ARRAY_SIZE; i++) { - md_ctx = EVP_MD_CTX_new(); - if (unlikely(md_ctx == NULL)) goto oom; - - if (unlikely(EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL) != 1)) goto error; - free_list[i].md_ctx = md_ctx; - } - } else { - free_list = md5_array; - } - - for (i = 0; i < ARRAY_SIZE; i++) { - if (free_list[i].used) continue; - - free_list[i].used = true; - return free_list[i].md_ctx; - } - - /* - * No more free contexts, just allocate a new one. - */ - goto alloc; + return md_ctx; } /** @copydoc fr_md5_ctx_free @@ -154,18 +92,6 @@ static fr_md5_ctx_t *fr_md5_openssl_ctx_alloc(bool thread_local) */ static void fr_md5_openssl_ctx_free(fr_md5_ctx_t **ctx) { - int i; - fr_md5_free_list_t *free_list = md5_array; - - if (free_list) for (i = 0; i < ARRAY_SIZE; i++) { - if (free_list[i].md_ctx == *ctx) { - free_list[i].used = false; - fr_md5_openssl_ctx_reset(*ctx); - *ctx = NULL; - return; - } - } - EVP_MD_CTX_free(*ctx); *ctx = NULL; } @@ -198,7 +124,6 @@ typedef struct { uint8_t buffer[MD5_BLOCK_LENGTH]; //!< Input buffer. } fr_md5_ctx_local_t; - /* * This code implements the MD5 message-digest algorithm. * The algorithm is due to Ron Rivest. This code was @@ -378,15 +303,10 @@ static void fr_md5_local_ctx_copy(fr_md5_ctx_t *dst, fr_md5_ctx_t const *src) memcpy(ctx_local_dst, ctx_local_src, sizeof(*ctx_local_dst)); } -static void _md5_ctx_local_free_on_exit(void *arg) -{ - talloc_free(arg); -} - /** @copydoc fr_md5_ctx_alloc * */ -static fr_md5_ctx_t *fr_md5_local_ctx_alloc(bool thread_local) +static fr_md5_ctx_t *fr_md5_local_ctx_alloc(void) { fr_md5_ctx_local_t *ctx_local; @@ -415,35 +335,15 @@ static fr_md5_ctx_t *fr_md5_local_ctx_alloc(bool thread_local) fr_md5_update = fr_md5_openssl_update; fr_md5_final = fr_md5_openssl_final; - return fr_md5_ctx_alloc(thread_local); + return fr_md5_ctx_alloc(); } have_openssl_md5 = 0; } #endif - - /* - * Use the thread local ctx to avoid heap allocations. - */ - if (thread_local) { - if (unlikely(!md5_ctx)) { - ctx_local = talloc(NULL, fr_md5_ctx_local_t); - if (unlikely(!ctx_local)) return NULL; - fr_md5_local_ctx_reset(ctx_local); - fr_atexit_thread_local(md5_ctx, _md5_ctx_local_free_on_exit, ctx_local); - } else { - ctx_local = md5_ctx; - } - /* - * If the MD5 ctx might be used across a yield point - * shared should be set to false, and new contexts - * should be allocated. - */ - } else { - ctx_local = talloc(NULL, fr_md5_ctx_local_t); - if (unlikely(!ctx_local)) return NULL; - fr_md5_local_ctx_reset(ctx_local); - } + ctx_local = talloc(NULL, fr_md5_ctx_local_t); + if (unlikely(!ctx_local)) return NULL; + fr_md5_local_ctx_reset(ctx_local); return ctx_local; } @@ -453,12 +353,6 @@ static fr_md5_ctx_t *fr_md5_local_ctx_alloc(bool thread_local) */ static void fr_md5_local_ctx_free(fr_md5_ctx_t **ctx) { - if (md5_ctx && (md5_ctx == *ctx)) { - fr_md5_local_ctx_reset(*ctx); - *ctx = NULL; - return; /* Don't free the thread_local ctx */ - } - talloc_free(*ctx); *ctx = NULL; } @@ -564,8 +458,89 @@ void fr_md5_calc(uint8_t out[static MD5_DIGEST_LENGTH], uint8_t const *in, size_ { fr_md5_ctx_t *ctx; - ctx = fr_md5_ctx_alloc(true); + ctx = fr_md5_ctx_alloc_from_list(); fr_md5_update(ctx, in, inlen); fr_md5_final(out, ctx); - fr_md5_ctx_free(&ctx); + fr_md5_ctx_free_from_list(&ctx); +} + +static void _md5_ctx_free_on_exit(void *arg) +{ + int i; + fr_md5_free_list_t *free_list = arg; + + for (i = 0; i < ARRAY_SIZE; i++) { + if (free_list[i].used) continue; + + fr_md5_ctx_free(&free_list[i].md_ctx); + } + talloc_free(free_list); +} + +/** @copydoc fr_md5_ctx_alloc + * + */ +fr_md5_ctx_t *fr_md5_ctx_alloc_from_list(void) +{ + int i; + fr_md5_ctx_t *md_ctx; + fr_md5_free_list_t *free_list; + + if (unlikely(!md5_array)) { + free_list = talloc_zero_array(NULL, fr_md5_free_list_t, ARRAY_SIZE); + if (unlikely(!free_list)) { + oom: + fr_strerror_const("Out of Memory"); + return NULL; + } + + fr_atexit_thread_local(md5_array, _md5_ctx_free_on_exit, free_list); + + /* + * Initialize all MD5 contexts + */ + for (i = 0; i < ARRAY_SIZE; i++) { + md_ctx = fr_md5_ctx_alloc(); + if (unlikely(md_ctx == NULL)) goto oom; + + free_list[i].md_ctx = md_ctx; + } + } else { + free_list = md5_array; + } + + for (i = 0; i < ARRAY_SIZE; i++) { + if (free_list[i].used) continue; + + free_list[i].used = true; + return free_list[i].md_ctx; + } + + /* + * No more free contexts, just allocate a new one. + */ + return fr_md5_ctx_alloc(); +} + +/** @copydoc fr_md5_ctx_free + * + */ +void fr_md5_ctx_free_from_list(fr_md5_ctx_t **ctx) +{ + int i; + fr_md5_free_list_t *free_list = md5_array; + + if (free_list) { + for (i = 0; i < ARRAY_SIZE; i++) { + if (free_list[i].md_ctx == *ctx) { + free_list[i].used = false; + fr_md5_ctx_reset(*ctx); + *ctx = NULL; + return; + } + } + } + + fr_md5_ctx_free(*ctx); + *ctx = NULL; } diff --git a/src/lib/util/md5.h b/src/lib/util/md5.h index 6da77ec546..de408dca67 100644 --- a/src/lib/util/md5.h +++ b/src/lib/util/md5.h @@ -46,12 +46,11 @@ extern fr_md5_ctx_copy_t fr_md5_ctx_copy; /** Allocation function for MD5 digest context * - * @param[in] shared Whether we allocate a new context or use the thread local context. * @return * - An MD5 ctx. * - NULL if out of memory. */ -typedef fr_md5_ctx_t *(*fr_md5_ctx_alloc_t)(bool shared); +typedef fr_md5_ctx_t *(*fr_md5_ctx_alloc_t)(void); extern fr_md5_ctx_alloc_t fr_md5_ctx_alloc; /** Free function for MD5 digest ctx @@ -84,6 +83,16 @@ extern fr_md5_final_t fr_md5_final; */ void fr_md5_calc(uint8_t out[static MD5_DIGEST_LENGTH], uint8_t const *in, size_t inlen); +/** Allocate an MD5 context from a free list + * + */ +fr_md5_ctx_t *fr_md5_ctx_alloc_from_list(void); + +/** Release an MD5 context back to a free list + * + */ +void fr_md5_ctx_free_from_list(fr_md5_ctx_t **ctx); + /* hmac.c */ int fr_hmac_md5(uint8_t digest[static MD5_DIGEST_LENGTH], uint8_t const *in, size_t inlen, uint8_t const *key, size_t key_len); diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c index ecdb98fe9f..102fbbb49a 100644 --- a/src/modules/rlm_pap/rlm_pap.c +++ b/src/modules/rlm_pap/rlm_pap.c @@ -258,11 +258,11 @@ static unlang_action_t CC_HINT(nonnull) pap_auth_smd5(rlm_rcode_t *p_result, RETURN_MODULE_INVALID; } - md5_ctx = fr_md5_ctx_alloc(true); + md5_ctx = fr_md5_ctx_alloc_from_list(); fr_md5_update(md5_ctx, password->vp_octets, password->vp_length); fr_md5_update(md5_ctx, known_good->vp_octets + MD5_DIGEST_LENGTH, known_good->vp_length - MD5_DIGEST_LENGTH); fr_md5_final(digest, md5_ctx); - fr_md5_ctx_free(&md5_ctx); + fr_md5_ctx_free_from_list(&md5_ctx); /* * Compare only the MD5 hash results, not the salt. diff --git a/src/protocols/radius/base.c b/src/protocols/radius/base.c index 8a5b917cd3..561e4923a4 100644 --- a/src/protocols/radius/base.c +++ b/src/protocols/radius/base.c @@ -238,11 +238,11 @@ ssize_t fr_radius_ascend_secret(fr_dbuff_t *dbuff, uint8_t const *in, size_t inl FR_DBUFF_EXTEND_LOWAT_OR_RETURN(&work_dbuff, sizeof(digest)); - md5_ctx = fr_md5_ctx_alloc(true); + md5_ctx = fr_md5_ctx_alloc_from_list(); fr_md5_update(md5_ctx, vector, RADIUS_AUTH_VECTOR_LENGTH); fr_md5_update(md5_ctx, (uint8_t const *) secret, talloc_array_length(secret) - 1); fr_md5_final(digest, md5_ctx); - fr_md5_ctx_free(&md5_ctx); + fr_md5_ctx_free_from_list(&md5_ctx); if (inlen > sizeof(digest)) inlen = sizeof(digest); for (i = 0; i < inlen; i++) digest[i] ^= in[i]; @@ -478,11 +478,11 @@ int fr_radius_sign(uint8_t *packet, uint8_t const *original, { fr_md5_ctx_t *md5_ctx; - md5_ctx = fr_md5_ctx_alloc(true); + md5_ctx = fr_md5_ctx_alloc_from_list(); fr_md5_update(md5_ctx, packet, packet_len); fr_md5_update(md5_ctx, secret, secret_len); fr_md5_final(packet + 4, md5_ctx); - fr_md5_ctx_free(&md5_ctx); + fr_md5_ctx_free_from_list(&md5_ctx); } return 0; diff --git a/src/protocols/radius/decode.c b/src/protocols/radius/decode.c index 085cfcd06e..9c1776d936 100644 --- a/src/protocols/radius/decode.c +++ b/src/protocols/radius/decode.c @@ -101,8 +101,8 @@ ssize_t fr_radius_decode_tunnel_password(uint8_t *passwd, size_t *pwlen, */ secretlen = talloc_array_length(secret) - 1; - md5_ctx = fr_md5_ctx_alloc(true); - md5_ctx_old = fr_md5_ctx_alloc(true); + md5_ctx = fr_md5_ctx_alloc_from_list(); + md5_ctx_old = fr_md5_ctx_alloc_from_list(); fr_md5_update(md5_ctx, (uint8_t const *) secret, secretlen); fr_md5_ctx_copy(md5_ctx_old, md5_ctx); /* save intermediate work */ @@ -163,8 +163,8 @@ ssize_t fr_radius_decode_tunnel_password(uint8_t *passwd, size_t *pwlen, } } - fr_md5_ctx_free(&md5_ctx); - fr_md5_ctx_free(&md5_ctx_old); + fr_md5_ctx_free_from_list(&md5_ctx); + fr_md5_ctx_free_from_list(&md5_ctx_old); /* * Check trailing bytes @@ -212,8 +212,8 @@ ssize_t fr_radius_decode_password(char *passwd, size_t pwlen, char const *secret */ secretlen = talloc_array_length(secret) - 1; - md5_ctx = fr_md5_ctx_alloc(true); - md5_ctx_old = fr_md5_ctx_alloc(true); + md5_ctx = fr_md5_ctx_alloc_from_list(); + md5_ctx_old = fr_md5_ctx_alloc_from_list(); fr_md5_update(md5_ctx, (uint8_t const *) secret, secretlen); fr_md5_ctx_copy(md5_ctx_old, md5_ctx); /* save intermediate work */ @@ -242,8 +242,8 @@ ssize_t fr_radius_decode_password(char *passwd, size_t pwlen, char const *secret for (i = 0; i < AUTH_PASS_LEN; i++) passwd[i + n] ^= digest[i]; } - fr_md5_ctx_free(&md5_ctx); - fr_md5_ctx_free(&md5_ctx_old); + fr_md5_ctx_free_from_list(&md5_ctx); + fr_md5_ctx_free_from_list(&md5_ctx_old); done: passwd[pwlen] = '\0'; diff --git a/src/protocols/radius/encode.c b/src/protocols/radius/encode.c index 665e5f2b31..2f503e6df1 100644 --- a/src/protocols/radius/encode.c +++ b/src/protocols/radius/encode.c @@ -55,7 +55,7 @@ void fr_radius_encode_chap_password(uint8_t out[static 1 + RADIUS_CHAP_CHALLENGE { fr_md5_ctx_t *md5_ctx; - md5_ctx = fr_md5_ctx_alloc(true); + md5_ctx = fr_md5_ctx_alloc_from_list(); /* * First ingest the ID and the password. @@ -66,7 +66,7 @@ void fr_radius_encode_chap_password(uint8_t out[static 1 + RADIUS_CHAP_CHALLENGE fr_md5_update(md5_ctx, vector, RADIUS_AUTH_VECTOR_LENGTH); out[0] = id; fr_md5_final(out + 1, md5_ctx); - fr_md5_ctx_free(&md5_ctx); + fr_md5_ctx_free_from_list(&md5_ctx); } /** "encrypt" a password RADIUS style @@ -98,8 +98,8 @@ static ssize_t encode_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *input, size len &= ~0x0f; } - md5_ctx = fr_md5_ctx_alloc(true); - md5_ctx_old = fr_md5_ctx_alloc(true); + md5_ctx = fr_md5_ctx_alloc_from_list(); + md5_ctx_old = fr_md5_ctx_alloc_from_list(); fr_md5_update(md5_ctx, (uint8_t const *) secret, talloc_array_length(secret) - 1); fr_md5_ctx_copy(md5_ctx_old, md5_ctx); @@ -119,8 +119,8 @@ static ssize_t encode_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *input, size for (i = 0; i < AUTH_PASS_LEN; i++) passwd[i + n] ^= digest[i]; } - fr_md5_ctx_free(&md5_ctx); - fr_md5_ctx_free(&md5_ctx_old); + fr_md5_ctx_free_from_list(&md5_ctx); + fr_md5_ctx_free_from_list(&md5_ctx_old); return fr_dbuff_in_memcpy(dbuff, passwd, len); } @@ -198,8 +198,8 @@ static ssize_t encode_tunnel_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *in, tpasswd[1] = r & 0xff; tpasswd[2] = inlen; /* length of the password string */ - md5_ctx = fr_md5_ctx_alloc(true); - md5_ctx_old = fr_md5_ctx_alloc(true); + md5_ctx = fr_md5_ctx_alloc_from_list(); + md5_ctx_old = fr_md5_ctx_alloc_from_list(); fr_md5_update(md5_ctx, (uint8_t const *) packet_ctx->secret, talloc_array_length(packet_ctx->secret) - 1); fr_md5_ctx_copy(md5_ctx_old, md5_ctx); @@ -222,8 +222,8 @@ static ssize_t encode_tunnel_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *in, for (i = 0; i < block_len; i++) tpasswd[i + 2 + n] ^= digest[i]; } - fr_md5_ctx_free(&md5_ctx); - fr_md5_ctx_free(&md5_ctx_old); + fr_md5_ctx_free_from_list(&md5_ctx); + fr_md5_ctx_free_from_list(&md5_ctx_old); FR_DBUFF_IN_MEMCPY_RETURN(&work_dbuff, tpasswd, len); diff --git a/src/tests/util/radius1_test.c b/src/tests/util/radius1_test.c index b948da80c2..147445114a 100644 --- a/src/tests/util/radius1_test.c +++ b/src/tests/util/radius1_test.c @@ -127,11 +127,11 @@ static ssize_t test_encode(UNUSED void const *instance, request_t *request, uint memcpy(buffer + 4, pc->vector, 16); - md5_ctx = fr_md5_ctx_alloc(true); + md5_ctx = fr_md5_ctx_alloc_from_list(); fr_md5_update(md5_ctx, buffer, 20); fr_md5_update(md5_ctx, (uint8_t const *) secret, strlen(secret)); fr_md5_final(buffer + 4, md5_ctx); - fr_md5_ctx_free(&md5_ctx); + fr_md5_ctx_free_from_list(&md5_ctx); return 20; } diff --git a/src/tests/util/radius_schedule_test.c b/src/tests/util/radius_schedule_test.c index 16003621be..64e3b357bc 100644 --- a/src/tests/util/radius_schedule_test.c +++ b/src/tests/util/radius_schedule_test.c @@ -93,11 +93,11 @@ static ssize_t test_encode(void const *instance, request_t *request, uint8_t *bu memcpy(buffer + 4, tpc.vector, 16); - md5_ctx = fr_md5_ctx_alloc(true); + md5_ctx = fr_md5_ctx_alloc_from_list(); fr_md5_update(md5_ctx, buffer, 20); fr_md5_update(md5_ctx, (uint8_t const *) secret, strlen(secret)); fr_md5_final(buffer + 4, md5_ctx); - fr_md5_ctx_free(&md5_ctx); + fr_md5_ctx_free_from_list(&md5_ctx); return 20; } -- 2.47.3