Avoid segfault when trying to use MD4 with legacy provider disabled

OpenSSL legacy provider should be enabled in order to use MD4 algorithm. Related: #1978216 Signed-off-by: Antonio Torres <antorres@redhat.com>
2022-01-13 14:04:05 +01:00 · 2022-01-13 14:04:05 +01:00 · 39a61df66f
commit 39a61df66f
parent 76fc6be83c
2 changed files with 17 additions and 7 deletions
--- a/freeradius-Backport-OpenSSL3-fixes.patch
+++ b/freeradius-Backport-OpenSSL3-fixes.patch
@ -4,6 +4,9 @@ Subject: [PATCH] Backport OpenSSL3 fixes from 3.0.26

 Backport TLS and OpenSSL3 fixes from the future 3.0.26 FreeRADIUS release.

+Additionally include checks to avoid segfault when trying to use MD4 algorithm
+while having OpenSSL legacy provider disabled.
+
 Related: rhbz#1978216
 Signed-off-by: Antonio Torres <antorres@redhat.com>
 ---
@ -11,7 +14,7 @@ Signed-off-by: Antonio Torres <antorres@redhat.com>
 src/include/build.h                                |   25 +-
 src/include/libradius.h                            |   23 +-
 src/include/listen.h                               |   24 +-
- src/include/md4.h                                  |   46 +-
+ src/include/md4.h                                  |   49 +-
 src/include/md5.h                                  |   29 +-
 src/include/openssl3.h                             |  109 ++
 src/include/tls-h                                  |   32 +-
@ -61,7 +64,7 @@ Signed-off-by: Antonio Torres <antorres@redhat.com>
 src/modules/rlm_wimax/milenage.h                   |  128 ++
 src/modules/rlm_wimax/rlm_wimax.c                  |  429 ++++-
 src/tests/keywords/md4                             |   58 +
- 54 files changed, 5580 insertions(+), 1114 deletions(-)
+ 54 files changed, 5583 insertions(+), 1114 deletions(-)

 diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal
 index 724e1f7ff6..53dd04ec9a 100644
@ -377,10 +380,10 @@ index 4f50bbf808..b395aeb046 100644
 
 	RADCLIENT_LIST	*clients;
 diff --git a/src/include/md4.h b/src/include/md4.h
-index b7bdd6a15e..21317f2c72 100644
+index b7bdd6a15e..f3801728c8 100644
 --- a/src/include/md4.h
 +++ b/src/include/md4.h
-@@ -71,14 +71,58 @@ void	fr_md4_final(uint8_t out[MD4_DIGEST_LENGTH], FR_MD4_CTX *ctx)
+@@ -71,14 +71,61 @@ void	fr_md4_final(uint8_t out[MD4_DIGEST_LENGTH], FR_MD4_CTX *ctx)
 void	fr_md4_transform(uint32_t buf[4], uint8_t const inc[MD4_BLOCK_LENGTH])
 	CC_BOUNDED(__size__, 1, 4, 4)
 	CC_BOUNDED(__minbytes__, 2, MD4_BLOCK_LENGTH);
@ -416,7 +419,10 @@ index b7bdd6a15e..21317f2c72 100644
 +	ctx->len = MD4_DIGEST_LENGTH;
 +
 +	EVP_MD_CTX_set_flags(ctx->ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-+	EVP_DigestInit_ex(ctx->ctx, ctx->md, NULL);
+	if (EVP_DigestInit_ex(ctx->ctx, ctx->md, NULL) != 1) {
+		fprintf(stderr, "Couldn't init MD4 algorithm. Enable OpenSSL legacy provider.\n");
+		exit(EXIT_FAILURE);
+	}
 +}
 +
 +static inline void fr_md4_update(FR_MD4_CTX *ctx, uint8_t const *in, size_t inlen)
--- a/freeradius.spec
+++ b/freeradius.spec
@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
 Version: 3.0.21
-Release: 23%{?dist}
+Release: 24%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: http://www.freeradius.org/

@ -855,7 +855,11 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest

 %changelog
-* Mon Oct 18 2021 Antonio Torres <antorres@redhat.com> - 3.0.21-23
+* Thu Jan 13 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-24
+- Avoid segfault when trying to use MD4 without legacy provider
+  Related: rhbz#1978216
+
+* Wed Jan 12 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-23
 - Backport OpenSSL3 fixes
  Related: rhbz#1978216