Avoid segfault when trying to use MD4 with legacy provider disabled
OpenSSL legacy provider should be enabled in order to use MD4 algorithm. Related: #1978216 Signed-off-by: Antonio Torres <antorres@redhat.com>
This commit is contained in:
parent
76fc6be83c
commit
39a61df66f
@ -4,6 +4,9 @@ Subject: [PATCH] Backport OpenSSL3 fixes from 3.0.26
|
|||||||
|
|
||||||
Backport TLS and OpenSSL3 fixes from the future 3.0.26 FreeRADIUS release.
|
Backport TLS and OpenSSL3 fixes from the future 3.0.26 FreeRADIUS release.
|
||||||
|
|
||||||
|
Additionally include checks to avoid segfault when trying to use MD4 algorithm
|
||||||
|
while having OpenSSL legacy provider disabled.
|
||||||
|
|
||||||
Related: rhbz#1978216
|
Related: rhbz#1978216
|
||||||
Signed-off-by: Antonio Torres <antorres@redhat.com>
|
Signed-off-by: Antonio Torres <antorres@redhat.com>
|
||||||
---
|
---
|
||||||
@ -11,7 +14,7 @@ Signed-off-by: Antonio Torres <antorres@redhat.com>
|
|||||||
src/include/build.h | 25 +-
|
src/include/build.h | 25 +-
|
||||||
src/include/libradius.h | 23 +-
|
src/include/libradius.h | 23 +-
|
||||||
src/include/listen.h | 24 +-
|
src/include/listen.h | 24 +-
|
||||||
src/include/md4.h | 46 +-
|
src/include/md4.h | 49 +-
|
||||||
src/include/md5.h | 29 +-
|
src/include/md5.h | 29 +-
|
||||||
src/include/openssl3.h | 109 ++
|
src/include/openssl3.h | 109 ++
|
||||||
src/include/tls-h | 32 +-
|
src/include/tls-h | 32 +-
|
||||||
@ -61,7 +64,7 @@ Signed-off-by: Antonio Torres <antorres@redhat.com>
|
|||||||
src/modules/rlm_wimax/milenage.h | 128 ++
|
src/modules/rlm_wimax/milenage.h | 128 ++
|
||||||
src/modules/rlm_wimax/rlm_wimax.c | 429 ++++-
|
src/modules/rlm_wimax/rlm_wimax.c | 429 ++++-
|
||||||
src/tests/keywords/md4 | 58 +
|
src/tests/keywords/md4 | 58 +
|
||||||
54 files changed, 5580 insertions(+), 1114 deletions(-)
|
54 files changed, 5583 insertions(+), 1114 deletions(-)
|
||||||
|
|
||||||
diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal
|
diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal
|
||||||
index 724e1f7ff6..53dd04ec9a 100644
|
index 724e1f7ff6..53dd04ec9a 100644
|
||||||
@ -377,10 +380,10 @@ index 4f50bbf808..b395aeb046 100644
|
|||||||
|
|
||||||
RADCLIENT_LIST *clients;
|
RADCLIENT_LIST *clients;
|
||||||
diff --git a/src/include/md4.h b/src/include/md4.h
|
diff --git a/src/include/md4.h b/src/include/md4.h
|
||||||
index b7bdd6a15e..21317f2c72 100644
|
index b7bdd6a15e..f3801728c8 100644
|
||||||
--- a/src/include/md4.h
|
--- a/src/include/md4.h
|
||||||
+++ b/src/include/md4.h
|
+++ b/src/include/md4.h
|
||||||
@@ -71,14 +71,58 @@ void fr_md4_final(uint8_t out[MD4_DIGEST_LENGTH], FR_MD4_CTX *ctx)
|
@@ -71,14 +71,61 @@ void fr_md4_final(uint8_t out[MD4_DIGEST_LENGTH], FR_MD4_CTX *ctx)
|
||||||
void fr_md4_transform(uint32_t buf[4], uint8_t const inc[MD4_BLOCK_LENGTH])
|
void fr_md4_transform(uint32_t buf[4], uint8_t const inc[MD4_BLOCK_LENGTH])
|
||||||
CC_BOUNDED(__size__, 1, 4, 4)
|
CC_BOUNDED(__size__, 1, 4, 4)
|
||||||
CC_BOUNDED(__minbytes__, 2, MD4_BLOCK_LENGTH);
|
CC_BOUNDED(__minbytes__, 2, MD4_BLOCK_LENGTH);
|
||||||
@ -416,7 +419,10 @@ index b7bdd6a15e..21317f2c72 100644
|
|||||||
+ ctx->len = MD4_DIGEST_LENGTH;
|
+ ctx->len = MD4_DIGEST_LENGTH;
|
||||||
+
|
+
|
||||||
+ EVP_MD_CTX_set_flags(ctx->ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
+ EVP_MD_CTX_set_flags(ctx->ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||||
+ EVP_DigestInit_ex(ctx->ctx, ctx->md, NULL);
|
+ if (EVP_DigestInit_ex(ctx->ctx, ctx->md, NULL) != 1) {
|
||||||
|
+ fprintf(stderr, "Couldn't init MD4 algorithm. Enable OpenSSL legacy provider.\n");
|
||||||
|
+ exit(EXIT_FAILURE);
|
||||||
|
+ }
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+static inline void fr_md4_update(FR_MD4_CTX *ctx, uint8_t const *in, size_t inlen)
|
+static inline void fr_md4_update(FR_MD4_CTX *ctx, uint8_t const *in, size_t inlen)
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
Summary: High-performance and highly configurable free RADIUS server
|
Summary: High-performance and highly configurable free RADIUS server
|
||||||
Name: freeradius
|
Name: freeradius
|
||||||
Version: 3.0.21
|
Version: 3.0.21
|
||||||
Release: 23%{?dist}
|
Release: 24%{?dist}
|
||||||
License: GPLv2+ and LGPLv2+
|
License: GPLv2+ and LGPLv2+
|
||||||
URL: http://www.freeradius.org/
|
URL: http://www.freeradius.org/
|
||||||
|
|
||||||
@ -855,7 +855,11 @@ exit 0
|
|||||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
|
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Oct 18 2021 Antonio Torres <antorres@redhat.com> - 3.0.21-23
|
* Thu Jan 13 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-24
|
||||||
|
- Avoid segfault when trying to use MD4 without legacy provider
|
||||||
|
Related: rhbz#1978216
|
||||||
|
|
||||||
|
* Wed Jan 12 2022 Antonio Torres <antorres@redhat.com> - 3.0.21-23
|
||||||
- Backport OpenSSL3 fixes
|
- Backport OpenSSL3 fixes
|
||||||
Related: rhbz#1978216
|
Related: rhbz#1978216
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user