#ifdef HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
+#include <freeradius-devel/util/md4.h>
+#include <freeradius-devel/util/md5.h>
#endif
#include <ctype.h>
return -1;
}
+ fr_md5_openssl_init();
+ fr_md4_openssl_init();
+
return 0;
}
ERROR("Failed unloading legacy provider");
}
openssl_legacy_provider = NULL;
+
+ fr_md5_openssl_free();
+ fr_md4_openssl_free();
}
#else
#define openssl3_init()
#include <freeradius-devel/util/chap.h>
#ifdef HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
+#include <freeradius-devel/util/md5.h>
+#include <freeradius-devel/util/md4.h>
#endif
#include <ctype.h>
return -1;
}
+ fr_md5_openssl_init();
+ fr_md4_openssl_init();
+
return 0;
}
ERROR("Failed unloading legacy provider");
}
openssl_legacy_provider = NULL;
+
+ fr_md5_openssl_free();
+ fr_md4_openssl_free();
}
#else
#define openssl3_init()
#include <freeradius-devel/util/debug.h>
#include <freeradius-devel/util/math.h>
#include <freeradius-devel/util/syserror.h>
+#include <freeradius-devel/util/md5.h>
+#include <freeradius-devel/util/md4.h>
static uint32_t openssl_instance_count = 0;
fr_tls_log_free();
fr_tls_bio_free();
+
+ fr_md5_openssl_free();
+ fr_md4_openssl_free();
}
static void _openssl_provider_free(void)
fr_tls_bio_init();
+ fr_md5_openssl_init();
+ fr_md4_openssl_init();
+
/*
* Use an atexit handler to try and ensure
* that OpenSSL gets freed last.
return -1;
}
+ /*
+ * Swap the MD4 / MD5 functions as appropriate.
+ */
+ if (enabled) {
+ fr_md5_openssl_init();
+ fr_md4_openssl_init();
+ } else {
+ fr_md5_openssl_free();
+ fr_md4_openssl_free();
+ }
+
return 0;
}
static void fr_md4_local_ctx_reset(fr_md4_ctx_t *ctx);
static void fr_md4_local_ctx_copy(fr_md4_ctx_t *dst, fr_md4_ctx_t const *src);
-#ifdef HAVE_OPENSSL_EVP_H
-static fr_md4_ctx_t *fr_md4_local_ctx_init(void);
-#else
static fr_md4_ctx_t *fr_md4_local_ctx_alloc(void);
-#endif
static void fr_md4_local_ctx_free(fr_md4_ctx_t **ctx);
static void fr_md4_local_update(fr_md4_ctx_t *ctx, uint8_t const *in, size_t inlen);
static void fr_md4_local_final(uint8_t out[static MD4_DIGEST_LENGTH], fr_md4_ctx_t *ctx);
static fr_md4_funcs_t md4_local_funcs = {
.reset = fr_md4_local_ctx_reset,
.copy = fr_md4_local_ctx_copy,
-#ifdef HAVE_OPENSSL_EVP_H
- .alloc = fr_md4_local_ctx_init,
-#else
.alloc = fr_md4_local_ctx_alloc,
-#endif
.free = fr_md4_local_ctx_free,
.update = fr_md4_local_update,
.final = fr_md4_local_final
return ctx_local;
}
-#ifdef HAVE_OPENSSL_EVP_H
-/** Initialize whether or not we use the local allocator, or the OpenSSL one.
- *
- */
-static fr_md4_ctx_t *fr_md4_local_ctx_init(void)
-{
- /*
- * If we are in FIPS mode, then use the local allocator.
- */
- if (!EVP_default_properties_is_fips_enabled(NULL)) {
- /*
- * OpenSSL isn't in FIPS mode. Swap out the functions
- * pointers for the OpenSSL versions.
- *
- * We do this by swapping out a pointer to a structure
- * containing the functions, as this prevents possible
- * skew where some threads see a mixture of functions.
- */
- fr_md4_funcs = &md4_openssl_funcs;
- } else {
- md4_local_funcs.alloc = fr_md4_local_ctx_alloc; /* Don't call this (init) function again */
- }
-
- return fr_md4_ctx_alloc();
-}
-#endif
/** @copydoc fr_md4_ctx_free
*
memset(ctx_local, 0, sizeof(*ctx_local)); /* in case it's sensitive */
}
-/*
- * Digest function pointers
- */
-fr_md4_ctx_reset_t fr_md4_ctx_reset = fr_md4_local_ctx_reset;
-fr_md4_ctx_copy_t fr_md4_ctx_copy = fr_md4_local_ctx_copy;
-fr_md4_ctx_alloc_t fr_md4_ctx_alloc = fr_md4_local_ctx_alloc;
-fr_md4_ctx_free_t fr_md4_ctx_free = fr_md4_local_ctx_free;
-fr_md4_update_t fr_md4_update = fr_md4_local_update;
-fr_md4_final_t fr_md4_final = fr_md4_local_final;
-
/** Calculate the MD4 hash of the contents of a buffer
*
* @param[out] out Where to write the MD4 digest. Must be a minimum of MD4_DIGEST_LENGTH.
fr_md4_ctx_free(*ctx);
*ctx = NULL;
}
+
+#ifdef HAVE_OPENSSL_EVP_H
+void fr_md4_openssl_init(void)
+{
+ /*
+ * If we are in FIPS mode, then we still use the local
+ * allocator.
+ */
+ if (!EVP_default_properties_is_fips_enabled(NULL)) return;
+
+ /*
+ * OpenSSL isn't in FIPS mode. Swap out the functions
+ * pointers for the OpenSSL versions.
+ *
+ * We do this by swapping out a pointer to a structure
+ * containing the functions, as this prevents possible
+ * skew where some threads see a mixture of functions.
+ */
+ fr_md4_funcs = &md4_openssl_funcs;
+}
+
+void fr_md4_openssl_free(void)
+{
+ fr_md4_funcs = &md4_local_funcs;
+}
+#endif
*
*/
void fr_md4_ctx_free_from_list(fr_md4_ctx_t **ctx);
+
+#ifdef HAVE_OPENSSL_EVP_H
+void fr_md4_openssl_init(void);
+void fr_md4_openssl_free(void);
+#endif
+
#ifdef __cplusplus
}
#endif
static void fr_md5_local_ctx_reset(fr_md5_ctx_t *ctx);
static void fr_md5_local_ctx_copy(fr_md5_ctx_t *dst, fr_md5_ctx_t const *src);
-#ifdef HAVE_OPENSSL_EVP_H
-static fr_md5_ctx_t *fr_md5_local_ctx_init(void);
-#else
static fr_md5_ctx_t *fr_md5_local_ctx_alloc(void);
-#endif
static void fr_md5_local_ctx_free(fr_md5_ctx_t **ctx);
static void fr_md5_local_update(fr_md5_ctx_t *ctx, uint8_t const *in, size_t inlen);
static void fr_md5_local_final(uint8_t out[static MD5_DIGEST_LENGTH], fr_md5_ctx_t *ctx);
static fr_md5_funcs_t md5_local_funcs = {
.reset = fr_md5_local_ctx_reset,
.copy = fr_md5_local_ctx_copy,
-#ifdef HAVE_OPENSSL_EVP_H
- .alloc = fr_md5_local_ctx_init,
-#else
.alloc = fr_md5_local_ctx_alloc,
-#endif
.free = fr_md5_local_ctx_free,
.update = fr_md5_local_update,
.final = fr_md5_local_final
return ctx_local;
}
-#ifdef HAVE_OPENSSL_EVP_H
-/** Initialize whether or not we use the local allocator, or the OpenSSL one.
- *
- */
-static fr_md5_ctx_t *fr_md5_local_ctx_init(void)
-{
- /*
- * If we are in FIPS mode, then use the local allocator.
- */
- if (!EVP_default_properties_is_fips_enabled(NULL)) {
- /*
- * OpenSSL isn't in FIPS mode. Swap out the functions
- * pointers for the OpenSSL versions.
- *
- * We do this by swapping out a pointer to a structure
- * containing the functions, as this prevents possible
- * skew where some threads see a mixture of functions.
- */
- fr_md5_funcs = &md5_openssl_funcs;
- } else {
- md5_local_funcs.alloc = fr_md5_local_ctx_alloc; /* Don't call this (init) function again */
- }
-
- return fr_md5_ctx_alloc();
-}
-#endif
-
/** @copydoc fr_md5_ctx_free
*
*/
fr_md5_ctx_free(*ctx);
*ctx = NULL;
}
+
+#ifdef HAVE_OPENSSL_EVP_H
+void fr_md5_openssl_init(void)
+{
+ /*
+ * If we are in FIPS mode, then we still use the local
+ * allocator.
+ */
+ if (!EVP_default_properties_is_fips_enabled(NULL)) return;
+
+ /*
+ * OpenSSL isn't in FIPS mode. Swap out the functions
+ * pointers for the OpenSSL versions.
+ *
+ * We do this by swapping out a pointer to a structure
+ * containing the functions, as this prevents possible
+ * skew where some threads see a mixture of functions.
+ */
+ fr_md5_funcs = &md5_openssl_funcs;
+}
+
+void fr_md5_openssl_free(void)
+{
+ fr_md5_funcs = &md5_local_funcs;
+}
+#endif
/* hmac.c */
int fr_hmac_md5(uint8_t digest[static MD5_DIGEST_LENGTH], uint8_t const *in, size_t inlen,
uint8_t const *key, size_t key_len);
+
+#ifdef HAVE_OPENSSL_EVP_H
+void fr_md5_openssl_init(void);
+void fr_md5_openssl_free(void);
+#endif
+
#ifdef __cplusplus
}
#endif
projects / thirdparty / freeradius-server.git / commitdiff
