From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Wed, 7 Dec 2016 12:23:54 +0000 (+0200)
Subject: Move func substitutes from rlm_eap to missing.c
X-Git-Tag: release_3_0_13~92^2~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c4a2b376df1d47ea291ba83f43d7dd2243d0a29;p=thirdparty%2Ffreeradius-server.git

Move func substitutes from rlm_eap to missing.c
---

diff --git a/configure b/configure
index bbefb8b427c..7ccfc171931 100755
--- a/configure
+++ b/configure
@@ -8785,6 +8785,7 @@ fi
                 for ac_func in \
       SSL_get_client_random \
       SSL_get_server_random \
+      SSL_SESSION_get_master_key \
       HMAC_CTX_new \
       HMAC_CTX_free \
       ASN1_STRING_get0_data \
diff --git a/configure.ac b/configure.ac
index 485f66c69f3..53a27a1015f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1183,6 +1183,7 @@ if test "x$WITH_OPENSSL" = xyes; then
     AC_CHECK_FUNCS( \
       SSL_get_client_random \
       SSL_get_server_random \
+      SSL_SESSION_get_master_key \
       HMAC_CTX_new \
       HMAC_CTX_free \
       ASN1_STRING_get0_data \
diff --git a/src/include/autoconf.h.in b/src/include/autoconf.h.in
index aa91effc75e..d38228199c4 100644
--- a/src/include/autoconf.h.in
+++ b/src/include/autoconf.h.in
@@ -398,6 +398,9 @@
 /* Define to 1 if you have the `SSL_get_server_random' function. */
 #undef HAVE_SSL_GET_SERVER_RANDOM
 
+/* Define to 1 if you have the `SSL_SESSION_get_master_key' function. */
+#undef HAVE_SSL_SESSION_GET_MASTER_KEY
+
 /* Define to 1 if you have the <stdbool.h> header file. */
 #undef HAVE_STDBOOL_H
 
diff --git a/src/include/missing-h b/src/include/missing-h
index 3cc205b0969..ab01978cf91 100644
--- a/src/include/missing-h
+++ b/src/include/missing-h
@@ -83,6 +83,10 @@ RCSIDH(missing_h, "$Id$")
 #  endif
 #endif
 
+#ifdef HAVE_OPENSSL_SSL_H
+#  include <openssl/ssl.h>
+#endif
+
 #ifdef HAVE_OPENSSL_HMAC_H
 #  include <openssl/hmac.h>
 #endif
@@ -492,6 +496,19 @@ static inline int CONF_modules_load_file(const char *filename,
 }
 #endif
 
+#ifdef HAVE_OPENSSL_SSL_H
+#  ifndef HAVE_SSL_GET_CLIENT_RANDOM
+size_t SSL_get_client_random(const SSL *s, unsigned char *out, size_t outlen);
+#  endif
+#  ifndef HAVE_SSL_GET_SERVER_RANDOM
+size_t SSL_get_server_random(const SSL *s, unsigned char *out, size_t outlen);
+#  endif
+#  ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
+size_t SSL_SESSION_get_master_key(const SSL_SESSION *s,
+				  unsigned char *out, size_t outlen);
+#  endif
+#endif
+
 /*
  *	Not really missing, but may be submitted as patches
  *	to the talloc project at some point in the future.
diff --git a/src/lib/missing.c b/src/lib/missing.c
index 00c21361843..22fea07f4b2 100644
--- a/src/lib/missing.c
+++ b/src/lib/missing.c
@@ -341,6 +341,43 @@ void HMAC_CTX_free(HMAC_CTX *ctx)
 #  endif
 #endif
 
+#ifdef HAVE_OPENSSL_SSL_H
+#  ifndef HAVE_SSL_GET_CLIENT_RANDOM
+size_t SSL_get_client_random(const SSL *s, unsigned char *out, size_t outlen)
+{
+	if (!outlen) return sizeof(s->s3->client_random);
+
+	if (outlen > sizeof(s->s3->client_random)) outlen = sizeof(s->s3->client_random);
+
+	memcpy(out, s->s3->client_random, outlen);
+	return outlen;
+}
+#  endif
+#  ifndef HAVE_SSL_GET_SERVER_RANDOM
+size_t SSL_get_server_random(const SSL *s, unsigned char *out, size_t outlen)
+{
+	if (!outlen) return sizeof(s->s3->server_random);
+
+	if (outlen > sizeof(s->s3->server_random)) outlen = sizeof(s->s3->server_random);
+
+	memcpy(out, s->s3->server_random, outlen);
+	return outlen;
+}
+#  endif
+#  ifndef HAVE_SSL_SESSION_GET_MASTER_KEY
+size_t SSL_SESSION_get_master_key(const SSL_SESSION *s,
+				  unsigned char *out, size_t outlen)
+{
+	if (!outlen) return s->master_key_length;
+
+	if (outlen > (size_t)s->master_key_length) outlen = (size_t)s->master_key_length;
+
+	memcpy(out, s->master_key, outlen);
+	return outlen;
+}
+#  endif
+#endif
+
 /** Call talloc strdup, setting the type on the new chunk correctly
  *
  * For some bizarre reason the talloc string functions don't set the
diff --git a/src/modules/rlm_eap/libeap/eap_tls.h b/src/modules/rlm_eap/libeap/eap_tls.h
index 6b345d93ad7..73c7fdd53b5 100644
--- a/src/modules/rlm_eap/libeap/eap_tls.h
+++ b/src/modules/rlm_eap/libeap/eap_tls.h
@@ -62,12 +62,6 @@ int	eaptls_fail(eap_handler_t *handler, int peap_flag) CC_HINT(nonnull);
 int	eaptls_request(EAP_DS *eap_ds, tls_session_t *ssn) CC_HINT(nonnull);
 
 
-/* MPPE key generation */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen);
-size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen);
-#endif
-
 void			T_PRF(unsigned char const *secret, unsigned int secret_len, char const *prf_label, unsigned char const *seed,  unsigned int seed_len, unsigned char *out, unsigned int out_len) CC_HINT(nonnull(1,3,6));
 void	eaptls_gen_mppe_keys(REQUEST *request, SSL *s, char const *prf_label);
 void	eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size);
diff --git a/src/modules/rlm_eap/libeap/mppe_keys.c b/src/modules/rlm_eap/libeap/mppe_keys.c
index 4fcb797b70a..63de855246a 100644
--- a/src/modules/rlm_eap/libeap/mppe_keys.c
+++ b/src/modules/rlm_eap/libeap/mppe_keys.c
@@ -29,41 +29,6 @@ USES_APPLE_DEPRECATED_API	/* OpenSSL API has been deprecated by Apple */
 #include <openssl/hmac.h>
 
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-/*
- *	OpenSSL compatibility, to avoid ifdef's through the rest of the code.
- */
-size_t SSL_get_client_random(const SSL *s, unsigned char *out, size_t outlen)
-{
-	if (!outlen) return sizeof(s->s3->client_random);
-
-	if (outlen > sizeof(s->s3->client_random)) outlen = sizeof(s->s3->client_random);
-
-	memcpy(out, s->s3->client_random, outlen);
-	return outlen;
-}
-
-size_t SSL_get_server_random(const SSL *s, unsigned char *out, size_t outlen)
-{
-	if (!outlen) return sizeof(s->s3->server_random);
-
-	if (outlen > sizeof(s->s3->server_random)) outlen = sizeof(s->s3->server_random);
-
-	memcpy(out, s->s3->server_random, outlen);
-	return outlen;
-}
-
-static size_t SSL_SESSION_get_master_key(const SSL_SESSION *s, unsigned char *out, size_t outlen)
-{
-	if (!outlen) return s->master_key_length;
-
-	if (outlen > (size_t)s->master_key_length) outlen = (size_t)s->master_key_length;
-
-	memcpy(out, s->master_key, outlen);
-	return outlen;
-}
-#endif
-
 /*
  * TLS PRF from RFC 2246
  */