From: Alan T. DeKok Date: Mon, 7 Nov 2016 15:42:02 +0000 (-0500) Subject: OpenSSL 1.1.0 compatability fixes X-Git-Tag: release_3_0_13~118 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=264aa1cbff78e15550a52b1c5f5b8ba573584ab4;p=thirdparty%2Ffreeradius-server.git OpenSSL 1.1.0 compatability fixes --- diff --git a/src/modules/rlm_eap/libeap/eap_tls.h b/src/modules/rlm_eap/libeap/eap_tls.h index 9c357e2a75c..6b345d93ad7 100644 --- a/src/modules/rlm_eap/libeap/eap_tls.h +++ b/src/modules/rlm_eap/libeap/eap_tls.h @@ -63,6 +63,11 @@ int eaptls_request(EAP_DS *eap_ds, tls_session_t *ssn) CC_HINT(nonnull); /* MPPE key generation */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen); +size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen); +#endif + void T_PRF(unsigned char const *secret, unsigned int secret_len, char const *prf_label, unsigned char const *seed, unsigned int seed_len, unsigned char *out, unsigned int out_len) CC_HINT(nonnull(1,3,6)); void eaptls_gen_mppe_keys(REQUEST *request, SSL *s, char const *prf_label); void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size); diff --git a/src/modules/rlm_eap/libeap/mppe_keys.c b/src/modules/rlm_eap/libeap/mppe_keys.c index 88db26e36bd..4fcb797b70a 100644 --- a/src/modules/rlm_eap/libeap/mppe_keys.c +++ b/src/modules/rlm_eap/libeap/mppe_keys.c @@ -29,6 +29,41 @@ USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */ #include +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +/* + * OpenSSL compatibility, to avoid ifdef's through the rest of the code. + */ +size_t SSL_get_client_random(const SSL *s, unsigned char *out, size_t outlen) +{ + if (!outlen) return sizeof(s->s3->client_random); + + if (outlen > sizeof(s->s3->client_random)) outlen = sizeof(s->s3->client_random); + + memcpy(out, s->s3->client_random, outlen); + return outlen; +} + +size_t SSL_get_server_random(const SSL *s, unsigned char *out, size_t outlen) +{ + if (!outlen) return sizeof(s->s3->server_random); + + if (outlen > sizeof(s->s3->server_random)) outlen = sizeof(s->s3->server_random); + + memcpy(out, s->s3->server_random, outlen); + return outlen; +} + +static size_t SSL_SESSION_get_master_key(const SSL_SESSION *s, unsigned char *out, size_t outlen) +{ + if (!outlen) return s->master_key_length; + + if (outlen > (size_t)s->master_key_length) outlen = (size_t)s->master_key_length; + + memcpy(out, s->master_key, outlen); + return outlen; +} +#endif + /* * TLS PRF from RFC 2246 */ @@ -243,14 +278,9 @@ void eaptls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header) p[0] = header & 0xff; -#ifdef HAVE_SSL_GET_CLIENT_RANDOM SSL_get_client_random(s, p + 1, SSL3_RANDOM_SIZE); SSL_get_server_random(s, p + 1 + SSL3_RANDOM_SIZE, SSL3_RANDOM_SIZE); -#else - memcpy(p + 1, s->s3->client_random, SSL3_RANDOM_SIZE); - memcpy(p + 1 + SSL3_RANDOM_SIZE, - s->s3->server_random, SSL3_RANDOM_SIZE); -#endif + vp->vp_octets = p; fr_pair_add(&packet->vps, vp); } @@ -260,13 +290,15 @@ void eaptls_gen_eap_key(RADIUS_PACKET *packet, SSL *s, uint32_t header) */ void eap_fast_tls_gen_challenge(SSL *s, uint8_t *buffer, uint8_t *scratch, size_t size, char const *prf_label) { + uint8_t *p; + size_t len, master_key_len; uint8_t seed[128 + 2*SSL3_RANDOM_SIZE]; - uint8_t *p = seed; - size_t len; + uint8_t master_key[SSL_MAX_MASTER_KEY_LENGTH]; len = strlen(prf_label); if (len > 128) len = 128; + p = seed; memcpy(p, prf_label, len); p += len; memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE); @@ -274,8 +306,8 @@ void eap_fast_tls_gen_challenge(SSL *s, uint8_t *buffer, uint8_t *scratch, size_ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); p += SSL3_RANDOM_SIZE; - PRF(s->session->master_key, s->session->master_key_length, - seed, p - seed, buffer, scratch, size); + master_key_len = SSL_SESSION_get_master_key(SSL_get_session(s), master_key, sizeof(master_key)); + PRF(master_key, master_key_len, seed, p - seed, buffer, scratch, size); }