From d4303b57dd54183436182468a344f4fa8f9215cd Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 21 Sep 2023 18:27:14 +0000 Subject: [PATCH] import CS freeradius-3.0.21-38.el9 --- .../freeradius-Backport-OpenSSL3-fixes.patch | 787 ++++++++++-------- SPECS/freeradius.spec | 6 +- 2 files changed, 467 insertions(+), 326 deletions(-) diff --git a/SOURCES/freeradius-Backport-OpenSSL3-fixes.patch b/SOURCES/freeradius-Backport-OpenSSL3-fixes.patch index 3632b82..ed47871 100644 --- a/SOURCES/freeradius-Backport-OpenSSL3-fixes.patch +++ b/SOURCES/freeradius-Backport-OpenSSL3-fixes.patch @@ -9,7 +9,10 @@ Signed-off-by: Antonio Torres [antorres@redhat.com]: these changes include the macro WITH_FIPS, which allows FreeRADIUS to work on top of OpenSSL 3.0 when the system is in FIPS mode. We enable this macro on the specfile. +[antorres@redhat.com]: backported tls.c, tls-h changes from 3.2.x branch. +[antorres@redhat.com]: the sites-available/tls file has been modified to add the fix_cert_order option. --- + raddb/sites-available/tls | 8 + share/dictionary.freeradius.internal | 54 +- src/include/build.h | 25 +- src/include/libradius.h | 23 +- @@ -17,7 +20,7 @@ to work on top of OpenSSL 3.0 when the system is in FIPS mode. We enable this ma src/include/md4.h | 50 +- src/include/md5.h | 33 +- src/include/openssl3.h | 109 ++ - src/include/tls-h | 32 +- + src/include/tls-h | 45 +- src/include/token.h | 7 +- src/lib/dict.c | 150 +- src/lib/hmacmd5.c | 6 +- @@ -31,12 +34,12 @@ to work on top of OpenSSL 3.0 when the system is in FIPS mode. We enable this ma src/main/cb.c | 121 +- src/main/map.c | 54 +- src/main/radclient.c | 77 +- - src/main/tls.c | 1912 ++++++++++++++++---- + src/main/tls.c | 2012 ++++++++++++++++---- src/main/tls_listen.c | 177 +- src/modules/proto_dhcp/rlm_dhcp.c | 2 +- src/modules/rlm_eap/libeap/eap_tls.c | 178 +- src/modules/rlm_eap/libeap/eap_tls.h | 10 +- - src/modules/rlm_eap/libeap/mppe_keys.c | 211 ++- + src/modules/rlm_eap/libeap/mppe_keys.c | 211 +- src/modules/rlm_eap/radeapclient.c | 8 + src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c | 51 +- .../rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c | 64 +- @@ -45,7 +48,7 @@ to work on top of OpenSSL 3.0 when the system is in FIPS mode. We enable this ma src/modules/rlm_eap/types/rlm_eap_pwd/const_time.h | 190 ++ src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c | 779 +++++--- src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.h | 16 +- - .../rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c | 508 +++++- + .../rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c | 508 ++++- .../rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.h | 2 + .../rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c | 52 +- .../rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h | 5 + @@ -57,8 +60,7 @@ to work on top of OpenSSL 3.0 when the system is in FIPS mode. We enable this ma src/modules/rlm_ldap/ldap.h | 4 + src/modules/rlm_mschap/rlm_mschap.c | 99 +- src/modules/rlm_otp/otp_mppe.c | 16 +- - src/modules/rlm_otp/otp_pwe.c | 8 - - src/modules/rlm_otp/otp_radstate.c | 9 +- + src/modules/rlm_otp/otp_radstate.c | 3 +- src/modules/rlm_rest/rest.c | 107 +- src/modules/rlm_rest/rest.h | 18 + src/modules/rlm_rest/rlm_rest.c | 12 + @@ -66,8 +68,27 @@ to work on top of OpenSSL 3.0 when the system is in FIPS mode. We enable this ma src/modules/rlm_wimax/milenage.h | 128 ++ src/modules/rlm_wimax/rlm_wimax.c | 429 ++++- src/tests/keywords/md4 | 58 + - 56 files changed, 5913 insertions(+), 1205 deletions(-) + 56 files changed, 6029 insertions(+), 1196 deletions(-) +diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls +index e2a3b080ca..25a10b6364 100644 +--- a/raddb/sites-available/tls ++++ b/raddb/sites-available/tls +@@ -468,6 +468,14 @@ home_server tls { + # this configuration item. + ca_file = ${cadir}/ca.pem + ++ # In previous versions, outbound RadSec connections ++ # would put the home server certificate into the ++ # TLS-Client-Cert* attributes. Set this configuration ++ # item to "yes" in order to have the home server ++ # certificates placed into the "TLS-Cert-*" attributes. ++ # ++# fix_cert_order = yes ++ + # + # For TLS-PSK, the key should be specified + # dynamically, instead of using a hard-coded diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal index 724e1f7ff6..347e3e59f3 100644 --- a/share/dictionary.freeradius.internal @@ -651,10 +672,25 @@ index 0000000000..4423ee538a +#endif +#endif /* FR_OPENSSL3_H */ diff --git a/src/include/tls-h b/src/include/tls-h -index 62f57c4715..206f55db79 100644 +index 62f57c4715..4bf1665483 100644 --- a/src/include/tls-h +++ b/src/include/tls-h -@@ -94,7 +94,7 @@ typedef struct _record_t { +@@ -67,7 +67,7 @@ typedef enum { + } fr_tls_status_t; + extern FR_NAME_NUMBER const fr_tls_status_table[]; + +-#define MAX_RECORD_SIZE 16384 ++#define MAX_RECORD_SIZE 65536 + + /* + * A single TLS record may be up to 16384 octets in length, but a +@@ -89,12 +89,12 @@ extern FR_NAME_NUMBER const fr_tls_status_table[]; + * or configure TLS not to exceed MAX_RECORD_SIZE. + */ + typedef struct _record_t { +- uint8_t data[MAX_RECORD_SIZE]; + size_t used; ++ uint8_t data[MAX_RECORD_SIZE]; } record_t; typedef struct _tls_info_t { @@ -714,7 +750,15 @@ index 62f57c4715..206f55db79 100644 /* * Low-level TLS stuff -@@ -360,6 +366,10 @@ struct fr_tls_server_conf_t { +@@ -335,6 +341,7 @@ fr_tls_status_t tls_application_data(tls_session_t *ssn, REQUEST *request); + #define FR_TLS_EX_INDEX_STORE (14) + #define FR_TLS_EX_INDEX_SSN (15) + #define FR_TLS_EX_INDEX_TALLOC (16) ++#define FR_TLS_EX_INDEX_FIX_CERT_ORDER (17) + + extern int fr_tls_ex_index_certs; + extern int fr_tls_ex_index_vps; +@@ -360,6 +367,10 @@ struct fr_tls_server_conf_t { bool disable_tlsv1; bool disable_tlsv1_1; bool disable_tlsv1_2; @@ -725,7 +769,7 @@ index 62f57c4715..206f55db79 100644 char const *tls_min_version; char const *tls_max_version; -@@ -371,16 +381,20 @@ struct fr_tls_server_conf_t { +@@ -371,16 +382,21 @@ struct fr_tls_server_conf_t { bool check_crl; bool check_all_crl; bool allow_expired_crl; @@ -736,6 +780,7 @@ index 62f57c4715..206f55db79 100644 char const *cipher_list; bool cipher_server_preference; char const *check_cert_issuer; ++ char const *sigalgs_list; bool session_cache_enable; - uint32_t session_timeout; @@ -747,16 +792,18 @@ index 62f57c4715..206f55db79 100644 fr_hash_table_t *cache_ht; char session_context_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; -@@ -389,6 +403,8 @@ struct fr_tls_server_conf_t { +@@ -389,6 +405,10 @@ struct fr_tls_server_conf_t { char const *verify_client_cert_cmd; bool require_client_cert; ++ bool fix_cert_order; ++ + pthread_mutex_t mutex; + #ifdef HAVE_OPENSSL_OCSP_H /* * OCSP Configuration -@@ -414,6 +430,10 @@ struct fr_tls_server_conf_t { +@@ -414,6 +434,15 @@ struct fr_tls_server_conf_t { char const *psk_query; #endif @@ -764,6 +811,11 @@ index 62f57c4715..206f55db79 100644 + fr_hash_table_t *realms; + + char const *client_hostname; ++ ++#ifdef WITH_RADIUSV11 ++ char const *radiusv11_name; ++ fr_radiusv11_t radiusv11; ++#endif }; #ifdef __cplusplus @@ -2410,7 +2462,7 @@ index 52d2872b13..09d27c8711 100644 exit(0); } diff --git a/src/main/tls.c b/src/main/tls.c -index 78c7370a63..118978b52a 100644 +index 78c7370a63..338ccd6446 100644 --- a/src/main/tls.c +++ b/src/main/tls.c @@ -27,6 +27,7 @@ USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */ @@ -2526,7 +2578,25 @@ index 78c7370a63..118978b52a 100644 return 0; } -@@ -376,7 +403,7 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, +@@ -338,7 +365,7 @@ static bool identity_is_safe(const char *identity) + if (!identity) return true; + + while ((c = *(identity++)) != '\0') { +- if (isalpha((int) c) || isdigit((int) c) || isspace((int) c) || ++ if (isalpha((uint8_t) c) || isdigit((uint8_t) c) || isspace((uint8_t) c) || + (c == '@') || (c == '-') || (c == '_') || (c == '.')) { + continue; + } +@@ -369,24 +396,32 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, + FR_TLS_EX_INDEX_REQUEST); + if (request && conf->psk_query) { + size_t hex_len; +- VALUE_PAIR *vp; ++ VALUE_PAIR *vp, **certs; ++ TALLOC_CTX *talloc_ctx; + char buffer[2 * PSK_MAX_PSK_LEN + 4]; /* allow for too-long keys */ + + /* * The passed identity is weird. Deny it. */ if (!identity_is_safe(identity)) { @@ -2535,7 +2605,16 @@ index 78c7370a63..118978b52a 100644 return 0; } -@@ -386,7 +413,7 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, + vp = pair_make_request("TLS-PSK-Identity", identity, T_OP_SET); + if (!vp) return 0; + ++ certs = (VALUE_PAIR **)SSL_get_ex_data(ssl, fr_tls_ex_index_certs); ++ talloc_ctx = SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_TALLOC); ++ fr_assert(certs != NULL); /* pointer to sock->certs */ ++ fr_assert(talloc_ctx != NULL); /* sock */ ++ ++ fr_pair_add(certs, fr_pair_copy(talloc_ctx, vp)); ++ hex_len = radius_xlat(buffer, sizeof(buffer), request, conf->psk_query, NULL, NULL); if (!hex_len) { @@ -2544,7 +2623,7 @@ index 78c7370a63..118978b52a 100644 return 0; } -@@ -396,7 +423,7 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, +@@ -396,7 +431,7 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, * the truncation, and complain about it. */ if (hex_len > (2 * max_psk_len)) { @@ -2553,7 +2632,7 @@ index 78c7370a63..118978b52a 100644 (unsigned int) hex_len, 2 * max_psk_len); return 0; } -@@ -419,7 +446,7 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, +@@ -419,7 +454,7 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, * static identity. */ if (strcmp(identity, conf->psk_identity) != 0) { @@ -2562,7 +2641,7 @@ index 78c7370a63..118978b52a 100644 identity); return 0; } -@@ -475,8 +502,6 @@ void tls_session_id(SSL_SESSION *ssn, char *buffer, size_t bufsize) +@@ -475,8 +510,6 @@ void tls_session_id(SSL_SESSION *ssn, char *buffer, size_t bufsize) #endif } @@ -2571,7 +2650,7 @@ index 78c7370a63..118978b52a 100644 static int _tls_session_free(tls_session_t *ssn) { /* -@@ -492,6 +517,52 @@ static int _tls_session_free(tls_session_t *ssn) +@@ -492,6 +525,52 @@ static int _tls_session_free(tls_session_t *ssn) return 0; } @@ -2624,7 +2703,7 @@ index 78c7370a63..118978b52a 100644 tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, int fd, VALUE_PAIR **certs) { int ret; -@@ -506,6 +577,7 @@ tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *con +@@ -506,6 +585,7 @@ tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *con ssn->ctx = conf->ctx; ssn->mtu = conf->fragment_size; @@ -2632,7 +2711,7 @@ index 78c7370a63..118978b52a 100644 SSL_CTX_set_mode(ssn->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_AUTO_RETRY); -@@ -516,6 +588,9 @@ tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *con +@@ -516,8 +596,15 @@ tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *con } request = request_alloc(ssn); @@ -2641,8 +2720,14 @@ index 78c7370a63..118978b52a 100644 + SSL_set_ex_data(ssn->ssl, FR_TLS_EX_INDEX_REQUEST, (void *)request); ++ if (conf->fix_cert_order) { ++ SSL_set_ex_data(ssn->ssl, FR_TLS_EX_INDEX_FIX_CERT_ORDER, (void *) &conf->fix_cert_order); ++ } ++ /* -@@ -537,15 +612,14 @@ tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *con + * Add the message callback to identify what type of + * message/handshake is passed +@@ -537,17 +624,19 @@ tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *con SSL_set_ex_data(ssn->ssl, FR_TLS_EX_INDEX_CONF, (void *)conf); SSL_set_ex_data(ssn->ssl, FR_TLS_EX_INDEX_SSN, (void *)ssn); if (certs) SSL_set_ex_data(ssn->ssl, fr_tls_ex_index_certs, (void *)certs); @@ -2661,8 +2746,13 @@ index 78c7370a63..118978b52a 100644 + break; case SSL_ERROR_WANT_READ: ++ ssn->connected = false; ++ return ssn; ++ case SSL_ERROR_WANT_WRITE: -@@ -555,7 +629,7 @@ tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *con + ssn->connected = false; + return ssn; +@@ -555,7 +644,7 @@ tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *con } if (ret <= 0) { @@ -2671,7 +2761,7 @@ index 78c7370a63..118978b52a 100644 talloc_free(ssn); return NULL; -@@ -575,18 +649,61 @@ tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *con +@@ -575,18 +664,61 @@ tls_session_t *tls_new_client_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *con * @param conf to use to configure the tls session. * @param request The current #REQUEST. * @param client_cert Whether to require a client_cert. @@ -2735,13 +2825,13 @@ index 78c7370a63..118978b52a 100644 new_tls = SSL_new(conf->ctx); if (new_tls == NULL) { -@@ -594,11 +711,35 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU +@@ -594,11 +726,33 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU return NULL; } +#ifdef TLS1_3_VERSION + /* -+ * Disallow TLS 1.3 for TTLS, PEAP, and FAST. ++ * Disallow TLS 1.3 for FAST. + * + * We need another magic configuration option to allow + * it. @@ -2750,10 +2840,8 @@ index 78c7370a63..118978b52a 100644 + WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); + WARN("!! FORCING MAXIMUM TLS VERSION TO TLS 1.2 !!"); + WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); -+ WARN("!! There is either no standard for using this EAP method with TLS 1.3,"); -+ WARN("!! or FreeRADIUS does not fully support TLS 1.3 for this EAP method."); -+ WARN("!!"); -+ WARN("!! This message can be removed by setting tls_max_version = \"1.2\""); ++ WARN("!! There is no standard for using this EAP method with TLS 1.3"); ++ WARN("!! Please set tls_max_version = \"1.2\""); + WARN("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); + + if (SSL_set_max_proto_version(new_tls, TLS1_2_VERSION) == 0) { @@ -2772,7 +2860,7 @@ index 78c7370a63..118978b52a 100644 return NULL; } session_init(state); -@@ -606,6 +747,14 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU +@@ -606,6 +760,14 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU state->ctx = conf->ctx; state->ssl = new_tls; @@ -2787,7 +2875,7 @@ index 78c7370a63..118978b52a 100644 /* * Initialize callbacks -@@ -637,6 +786,85 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU +@@ -637,6 +799,85 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU SSL_set_msg_callback_arg(new_tls, state); SSL_set_info_callback(new_tls, cbtls_info); @@ -2873,7 +2961,7 @@ index 78c7370a63..118978b52a 100644 /* * In Server mode we only accept. */ -@@ -646,7 +874,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU +@@ -646,7 +887,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU * Verify the peer certificate, if asked. */ if (client_cert) { @@ -2882,7 +2970,7 @@ index 78c7370a63..118978b52a 100644 verify_mode = SSL_VERIFY_PEER; verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; verify_mode |= SSL_VERIFY_CLIENT_ONCE; -@@ -670,10 +898,41 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU +@@ -670,10 +911,41 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU * just too much. */ state->mtu = conf->fragment_size; @@ -2926,7 +3014,7 @@ index 78c7370a63..118978b52a 100644 if (conf->session_cache_enable) state->allow_session_resumption = true; /* otherwise it's false */ -@@ -697,12 +956,15 @@ int tls_handshake_recv(REQUEST *request, tls_session_t *ssn) +@@ -697,12 +969,15 @@ int tls_handshake_recv(REQUEST *request, tls_session_t *ssn) { int err; @@ -2944,7 +3032,7 @@ index 78c7370a63..118978b52a 100644 record_init(&ssn->dirty_in); return 0; } -@@ -716,24 +978,26 @@ int tls_handshake_recv(REQUEST *request, tls_session_t *ssn) +@@ -716,24 +991,26 @@ int tls_handshake_recv(REQUEST *request, tls_session_t *ssn) return 1; } @@ -2974,7 +3062,7 @@ index 78c7370a63..118978b52a 100644 case SSL2_VERSION: str_version = "SSL 2.0"; break; -@@ -767,13 +1031,15 @@ int tls_handshake_recv(REQUEST *request, tls_session_t *ssn) +@@ -767,13 +1044,15 @@ int tls_handshake_recv(REQUEST *request, tls_session_t *ssn) if (vp) { fr_pair_value_strcpy(vp, str_version); fr_pair_add(&request->state, vp); @@ -2994,7 +3082,7 @@ index 78c7370a63..118978b52a 100644 #if OPENSSL_VERSION_NUMBER >= 0x10001000L /* -@@ -791,7 +1057,7 @@ int tls_handshake_recv(REQUEST *request, tls_session_t *ssn) +@@ -791,7 +1070,7 @@ int tls_handshake_recv(REQUEST *request, tls_session_t *ssn) * to get the session is a hard fail. */ if (!ssn->ssl_session && ssn->is_init_finished) { @@ -3003,7 +3091,7 @@ index 78c7370a63..118978b52a 100644 return 0; } } -@@ -805,25 +1071,25 @@ int tls_handshake_recv(REQUEST *request, tls_session_t *ssn) +@@ -805,25 +1084,25 @@ int tls_handshake_recv(REQUEST *request, tls_session_t *ssn) err = BIO_read(ssn->from_ssl, ssn->dirty_out.data, sizeof(ssn->dirty_out.data)); if (err > 0) { @@ -3036,7 +3124,7 @@ index 78c7370a63..118978b52a 100644 } /* We are done with dirty_in, reinitialize it */ -@@ -855,13 +1121,12 @@ int tls_handshake_send(REQUEST *request, tls_session_t *ssn) +@@ -855,13 +1134,12 @@ int tls_handshake_send(REQUEST *request, tls_session_t *ssn) record_minus(&ssn->clean_in, NULL, written); /* Get the dirty data from Bio to send it */ @@ -3054,7 +3142,7 @@ index 78c7370a63..118978b52a 100644 return 0; } } -@@ -963,7 +1228,10 @@ void tls_session_information(tls_session_t *tls_session) +@@ -963,7 +1241,10 @@ void tls_session_information(tls_session_t *tls_session) { char const *str_write_p, *str_version, *str_content_type = ""; char const *str_details1 = "", *str_details2= ""; @@ -3065,7 +3153,7 @@ index 78c7370a63..118978b52a 100644 char buffer[32]; /* -@@ -972,9 +1240,20 @@ void tls_session_information(tls_session_t *tls_session) +@@ -972,9 +1253,20 @@ void tls_session_information(tls_session_t *tls_session) */ if (rad_debug_lvl == 0) return; @@ -3088,7 +3176,7 @@ index 78c7370a63..118978b52a 100644 case SSL2_VERSION: str_version = "SSL 2.0 "; break; -@@ -1001,13 +1280,12 @@ void tls_session_information(tls_session_t *tls_session) +@@ -1001,13 +1293,12 @@ void tls_session_information(tls_session_t *tls_session) #endif default: @@ -3104,7 +3192,7 @@ index 78c7370a63..118978b52a 100644 switch (tls_session->info.content_type) { case SSL3_RT_CHANGE_CIPHER_SPEC: str_content_type = "ChangeCipherSpec"; -@@ -1026,7 +1304,8 @@ void tls_session_information(tls_session_t *tls_session) +@@ -1026,7 +1317,8 @@ void tls_session_information(tls_session_t *tls_session) break; default: @@ -3114,7 +3202,7 @@ index 78c7370a63..118978b52a 100644 break; } -@@ -1045,9 +1324,12 @@ void tls_session_information(tls_session_t *tls_session) +@@ -1045,9 +1337,12 @@ void tls_session_information(tls_session_t *tls_session) } str_details2 = " ???"; @@ -3127,7 +3215,7 @@ index 78c7370a63..118978b52a 100644 break; case SSL3_AD_UNEXPECTED_MESSAGE: -@@ -1074,24 +1356,34 @@ void tls_session_information(tls_session_t *tls_session) +@@ -1074,24 +1369,34 @@ void tls_session_information(tls_session_t *tls_session) str_details2 = " handshake_failure"; break; @@ -3162,7 +3250,7 @@ index 78c7370a63..118978b52a 100644 break; case SSL3_AD_ILLEGAL_PARAMETER: -@@ -1100,6 +1392,7 @@ void tls_session_information(tls_session_t *tls_session) +@@ -1100,6 +1405,7 @@ void tls_session_information(tls_session_t *tls_session) case TLS1_AD_UNKNOWN_CA: str_details2 = " unknown_ca"; @@ -3170,7 +3258,7 @@ index 78c7370a63..118978b52a 100644 break; case TLS1_AD_ACCESS_DENIED: -@@ -1120,6 +1413,18 @@ void tls_session_information(tls_session_t *tls_session) +@@ -1120,6 +1426,18 @@ void tls_session_information(tls_session_t *tls_session) case TLS1_AD_PROTOCOL_VERSION: str_details2 = " protocol_version"; @@ -3189,7 +3277,7 @@ index 78c7370a63..118978b52a 100644 break; case TLS1_AD_INSUFFICIENT_SECURITY: -@@ -1137,12 +1442,69 @@ void tls_session_information(tls_session_t *tls_session) +@@ -1137,12 +1455,69 @@ void tls_session_information(tls_session_t *tls_session) case TLS1_AD_NO_RENEGOTIATION: str_details2 = " no_renegotiation"; break; @@ -3260,7 +3348,7 @@ index 78c7370a63..118978b52a 100644 if (tls_session->info.record_len > 0) switch (tls_session->info.handshake_type) { case SSL3_MT_HELLO_REQUEST: -@@ -1157,6 +1519,18 @@ void tls_session_information(tls_session_t *tls_session) +@@ -1157,6 +1532,18 @@ void tls_session_information(tls_session_t *tls_session) str_details1 = ", ServerHello"; break; @@ -3279,7 +3367,7 @@ index 78c7370a63..118978b52a 100644 case SSL3_MT_CERTIFICATE: str_details1 = ", Certificate"; break; -@@ -1184,31 +1558,52 @@ void tls_session_information(tls_session_t *tls_session) +@@ -1184,31 +1571,52 @@ void tls_session_information(tls_session_t *tls_session) case SSL3_MT_FINISHED: str_details1 = ", Finished"; break; @@ -3337,7 +3425,7 @@ index 78c7370a63..118978b52a 100644 CONF_PARSER_TERMINATOR }; -@@ -1256,6 +1651,7 @@ static CONF_PARSER tls_server_config[] = { +@@ -1256,6 +1664,7 @@ static CONF_PARSER tls_server_config[] = { #ifdef X509_V_FLAG_CRL_CHECK_ALL { "check_all_crl", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, check_all_crl), "no" }, #endif @@ -3345,10 +3433,14 @@ index 78c7370a63..118978b52a 100644 { "allow_expired_crl", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, allow_expired_crl), NULL }, { "check_cert_cn", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, check_cert_cn), NULL }, { "cipher_list", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, cipher_list), NULL }, -@@ -1263,6 +1659,10 @@ static CONF_PARSER tls_server_config[] = { +@@ -1263,6 +1672,14 @@ static CONF_PARSER tls_server_config[] = { { "check_cert_issuer", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, check_cert_issuer), NULL }, { "require_client_cert", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, require_client_cert), NULL }, ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L ++ { "sigalgs_list", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, sigalgs_list), NULL }, ++#endif ++ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + { "reject_unknown_intermediate_ca", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, disallow_untrusted), .dflt = "no", }, +#endif @@ -3356,7 +3448,7 @@ index 78c7370a63..118978b52a 100644 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL #ifndef OPENSSL_NO_ECDH { "ecdh_curve", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, ecdh_curve), "prime256v1" }, -@@ -1281,9 +1681,19 @@ static CONF_PARSER tls_server_config[] = { +@@ -1281,9 +1698,23 @@ static CONF_PARSER tls_server_config[] = { { "disable_tlsv1_2", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, disable_tlsv1_2), NULL }, #endif @@ -3372,28 +3464,33 @@ index 78c7370a63..118978b52a 100644 + "1.0" +#endif + }, ++ ++#ifdef WITH_RADIUSV11 ++ { "radiusv1_1", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, radiusv11_name), NULL }, ++#endif - { "tls_min_version", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, tls_min_version), "1.0" }, + { "realm_dir", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, realm_dir), NULL }, { "cache", FR_CONF_POINTER(PW_TYPE_SUBSECTION, NULL), (void const *) cache_config }, -@@ -1312,6 +1722,7 @@ static CONF_PARSER tls_client_config[] = { +@@ -1312,6 +1743,9 @@ static CONF_PARSER tls_client_config[] = { { "check_cert_cn", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, check_cert_cn), NULL }, { "cipher_list", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, cipher_list), NULL }, { "check_cert_issuer", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, check_cert_issuer), NULL }, + { "ca_path_reload_interval", FR_CONF_OFFSET(PW_TYPE_INTEGER, fr_tls_server_conf_t, ca_path_reload_interval), "0" }, ++ ++ { "fix_cert_order", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, fix_cert_order), NULL }, #if OPENSSL_VERSION_NUMBER >= 0x0090800fL #ifndef OPENSSL_NO_ECDH -@@ -1331,9 +1742,19 @@ static CONF_PARSER tls_client_config[] = { +@@ -1331,9 +1765,23 @@ static CONF_PARSER tls_client_config[] = { { "disable_tlsv1_2", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, fr_tls_server_conf_t, disable_tlsv1_2), NULL }, #endif - { "tls_max_version", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, tls_max_version), "" }, + { "tls_max_version", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, tls_max_version), NULL }, - -- { "tls_min_version", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, tls_min_version), "1.0" }, ++ + { "tls_min_version", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, tls_min_version), +#if defined(TLS1_2_VERSION) + "1.2" @@ -3404,11 +3501,16 @@ index 78c7370a63..118978b52a 100644 +#endif + }, + ++#ifdef WITH_RADIUSV11 ++ { "radiusv1_1", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, radiusv11_name), NULL }, ++#endif + +- { "tls_min_version", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, tls_min_version), "1.0" }, + { "hostname", FR_CONF_OFFSET(PW_TYPE_STRING, fr_tls_server_conf_t, client_hostname), NULL }, CONF_PARSER_TERMINATOR }; -@@ -1347,7 +1768,44 @@ static int load_dh_params(SSL_CTX *ctx, char *file) +@@ -1347,7 +1795,44 @@ static int load_dh_params(SSL_CTX *ctx, char *file) DH *dh = NULL; BIO *bio; @@ -3454,7 +3556,7 @@ index 78c7370a63..118978b52a 100644 if ((bio = BIO_new_file(file, "r")) == NULL) { ERROR(LOG_PREFIX ": Unable to open DH file - %s", file); -@@ -1422,7 +1880,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess) +@@ -1422,7 +1907,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess) conf = (fr_tls_server_conf_t *)SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_CONF); if (!conf) { @@ -3463,7 +3565,7 @@ index 78c7370a63..118978b52a 100644 return 0; } -@@ -1439,7 +1897,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess) +@@ -1439,7 +1924,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess) blob_len = i2d_SSL_SESSION(sess, NULL); if (blob_len < 1) { /* something went wrong */ @@ -3472,7 +3574,7 @@ index 78c7370a63..118978b52a 100644 return 0; } -@@ -1447,14 +1905,14 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess) +@@ -1447,14 +1932,14 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess) /* alloc and convert to ASN.1 */ sess_blob = malloc(blob_len); if (!sess_blob) { @@ -3489,7 +3591,7 @@ index 78c7370a63..118978b52a 100644 goto error; } -@@ -1463,7 +1921,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess) +@@ -1463,7 +1948,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess) conf->session_cache_path, FR_DIR_SEP, buffer); fd = open(filename, O_RDWR|O_CREAT|O_EXCL, S_IWUSR); if (fd < 0) { @@ -3498,7 +3600,7 @@ index 78c7370a63..118978b52a 100644 filename, fr_syserror(errno)); goto error; } -@@ -1486,7 +1944,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess) +@@ -1486,7 +1971,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess) while (todo > 0) { rv = write(fd, p, todo); if (rv < 1) { @@ -3507,7 +3609,7 @@ index 78c7370a63..118978b52a 100644 close(fd); goto error; } -@@ -1494,7 +1952,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess) +@@ -1494,7 +1979,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess) todo -= rv; } close(fd); @@ -3516,7 +3618,7 @@ index 78c7370a63..118978b52a 100644 } error: -@@ -1595,7 +2053,7 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l +@@ -1595,7 +2080,7 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l conf = (fr_tls_server_conf_t *)SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_CONF); if (!conf) { @@ -3525,7 +3627,7 @@ index 78c7370a63..118978b52a 100644 return NULL; } -@@ -1617,20 +2075,20 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l +@@ -1617,20 +2102,20 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l snprintf(filename, sizeof(filename), "%s%c%s.asn1", conf->session_cache_path, FR_DIR_SEP, buffer); fd = open(filename, O_RDONLY); if (fd < 0) { @@ -3549,7 +3651,7 @@ index 78c7370a63..118978b52a 100644 close(fd); goto error; } -@@ -1640,7 +2098,7 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l +@@ -1640,7 +2125,7 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l while (todo > 0) { rv = read(fd, q, todo); if (rv < 1) { @@ -3558,7 +3660,7 @@ index 78c7370a63..118978b52a 100644 close(fd); goto error; } -@@ -1664,7 +2122,7 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l +@@ -1664,7 +2149,7 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l memcpy(&o, &p, sizeof(o)); sess = d2i_SSL_SESSION(NULL, o, st.st_size); if (!sess) { @@ -3567,7 +3669,7 @@ index 78c7370a63..118978b52a 100644 goto error; } -@@ -1674,7 +2132,7 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l +@@ -1674,7 +2159,7 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l rv = pairlist_read(talloc_ctx, filename, &pairlist, 1); if (rv < 0) { /* not safe to un-persist a session w/o VPs */ @@ -3576,7 +3678,7 @@ index 78c7370a63..118978b52a 100644 SSL_SESSION_free(sess); sess = NULL; goto error; -@@ -1708,12 +2166,27 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l +@@ -1708,12 +2193,27 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l if (vp) { if ((request->timestamp + vp->vp_integer) > expires) { vp->vp_integer = expires - request->timestamp; @@ -3605,7 +3707,7 @@ index 78c7370a63..118978b52a 100644 /* move the cached VPs into the session */ fr_pair_list_mcopy_by_num(talloc_ctx, &vps, &pairlist->reply, 0, 0, TAG_ANY); -@@ -1733,34 +2206,378 @@ error: +@@ -1733,22 +2233,366 @@ error: return sess; } @@ -3626,27 +3728,19 @@ index 78c7370a63..118978b52a 100644 -static int ocsp_parse_cert_url(X509 *cert, char **host_out, char **port_out, - char **path_out, int *is_https) +static size_t tls_session_id_binary(SSL_SESSION *ssn, uint8_t *buffer, size_t bufsize) - { -- int i; -- bool found_uri = false; ++{ +#if OPENSSL_VERSION_NUMBER < 0x10001000L + size_t size; - -- AUTHORITY_INFO_ACCESS *aia; -- ACCESS_DESCRIPTION *ad; ++ + size = ssn->session_id_length; + if (size > bufsize) size = bufsize; - -- aia = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL); ++ + memcpy(buffer, ssn->session_id, size); + return size; +#else + unsigned int size; + uint8_t const *p; - -- for (i = 0; i < sk_ACCESS_DESCRIPTION_num(aia); i++) { -- ad = sk_ACCESS_DESCRIPTION_value(aia, i); -- if (OBJ_obj2nid(ad->method) != NID_ad_OCSP) continue; ++ + p = SSL_SESSION_get_id(ssn, &size); + if (size > bufsize) size = bufsize; + @@ -3993,22 +4087,10 @@ index 78c7370a63..118978b52a 100644 + */ +static int ocsp_parse_cert_url(X509 *cert, char **host_out, char **port_out, + char **path_out, int *is_https) -+{ -+ int i; -+ bool found_uri = false; -+ -+ AUTHORITY_INFO_ACCESS *aia; -+ ACCESS_DESCRIPTION *ad; -+ -+ aia = X509_get_ext_d2i(cert, NID_info_access, NULL, NULL); -+ -+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(aia); i++) { -+ ad = sk_ACCESS_DESCRIPTION_value(aia, i); -+ if (OBJ_obj2nid(ad->method) != NID_ad_OCSP) continue; - if (ad->location->type != GEN_URI) continue; - found_uri = true; - -@@ -1811,7 +2628,7 @@ static ocsp_status_t ocsp_check(REQUEST *request, X509_STORE *store, X509 *issue + { + int i; + bool found_uri = false; +@@ -1811,7 +2655,7 @@ static ocsp_status_t ocsp_check(REQUEST *request, X509_STORE *store, X509 *issue VALUE_PAIR *vp; if (issuer_cert == NULL) { @@ -4017,7 +4099,7 @@ index 78c7370a63..118978b52a 100644 goto skipped; } -@@ -1836,7 +2653,7 @@ static ocsp_status_t ocsp_check(REQUEST *request, X509_STORE *store, X509 *issue +@@ -1836,7 +2680,7 @@ static ocsp_status_t ocsp_check(REQUEST *request, X509_STORE *store, X509 *issue /* Reading the libssl src, they do a strdup on the URL, so it could of been const *sigh* */ OCSP_parse_url(url, &host, &port, &path, &use_ssl); if (!host || !port || !path) { @@ -4026,7 +4108,7 @@ index 78c7370a63..118978b52a 100644 goto skipped; } } else { -@@ -1845,15 +2662,15 @@ static ocsp_status_t ocsp_check(REQUEST *request, X509_STORE *store, X509 *issue +@@ -1845,15 +2689,15 @@ static ocsp_status_t ocsp_check(REQUEST *request, X509_STORE *store, X509 *issue ret = ocsp_parse_cert_url(client_cert, &host, &port, &path, &use_ssl); switch (ret) { case -1: @@ -4045,7 +4127,7 @@ index 78c7370a63..118978b52a 100644 goto skipped; case 1: -@@ -1865,7 +2682,7 @@ static ocsp_status_t ocsp_check(REQUEST *request, X509_STORE *store, X509 *issue +@@ -1865,7 +2709,7 @@ static ocsp_status_t ocsp_check(REQUEST *request, X509_STORE *store, X509 *issue /* Check host and port length are sane, then create Host: HTTP header */ if ((strlen(host) + strlen(port) + 2) > sizeof(hostheader)) { @@ -4054,7 +4136,7 @@ index 78c7370a63..118978b52a 100644 goto skipped; } snprintf(hostheader, sizeof(hostheader), "%s:%s", host, port); -@@ -2038,15 +2855,15 @@ ocsp_end: +@@ -2038,15 +2882,15 @@ ocsp_end: vp = pair_make_request("TLS-OCSP-Cert-Valid", NULL, T_OP_SET); vp->vp_integer = 2; /* skipped */ if (conf->ocsp_softfail) { @@ -4073,7 +4155,7 @@ index 78c7370a63..118978b52a 100644 ocsp_status = OCSP_STATUS_FAILED; } break; -@@ -2054,7 +2871,7 @@ ocsp_end: +@@ -2054,7 +2898,7 @@ ocsp_end: default: vp = pair_make_request("TLS-OCSP-Cert-Valid", NULL, T_OP_SET); vp->vp_integer = 0; /* no */ @@ -4082,7 +4164,7 @@ index 78c7370a63..118978b52a 100644 break; } -@@ -2087,6 +2904,10 @@ static char const *cert_attr_names[9][2] = { +@@ -2087,6 +2931,10 @@ static char const *cert_attr_names[9][2] = { #define FR_TLS_SAN_UPN (7) #define FR_TLS_VALID_SINCE (8) @@ -4093,18 +4175,60 @@ index 78c7370a63..118978b52a 100644 /* * Before trusting a certificate, you must make sure that the * certificate is 'valid'. There are several steps that your -@@ -2183,8 +3004,8 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) +@@ -2152,12 +3000,6 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) + + lookup = depth; + +- /* +- * Log client/issuing cert. If there's an error, log +- * issuing cert. +- */ +- if ((lookup > 1) && !my_ok) lookup = 1; +- + /* + * Retrieve the pointer to the SSL of the connection currently treated + * and the application specific data stored into the SSL object. +@@ -2177,14 +3019,37 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) + + talloc_ctx = SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_TALLOC); + ++ /* ++ * Log client/issuing cert. If there's an error, log ++ * issuing cert. ++ * ++ * Inbound: 0 = client, 1 = server (intermediate CA), 2 = issuing CA ++ * Outbound: 0 = server, 2 = issuing CA. ++ * ++ * Our array of certificates uses 0 for client, and 1 for server. We ++ * also ignore subsequent certs. ++ */ ++ if (lookup > 1) { ++ if (!my_ok) lookup = 1; ++ ++ } else if (lookup == 0) { ++ /* ++ * This flag is only set for outbound ++ * connections. And then allows us to remap SSL ++ * offset 0 (server) to our offset 1 (also ++ * server). ++ */ ++ lookup = (SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_FIX_CERT_ORDER) != NULL); ++ } ++ + /* + * Get the Serial Number + */ buf[0] = '\0'; sn = X509_get_serialNumber(client_cert); - RDEBUG2("TLS - Creating attributes from certificate OIDs"); - RINDENT(); -+ RDEBUG2("(TLS) Creating attributes from %s certificate", cert_names[lookup]); ++ RDEBUG2("(TLS) Creating attributes from %s certificate", cert_names[lookup ]); + RINDENT(); /* * For this next bit, we create the attributes *only* if -@@ -2328,8 +3149,14 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) +@@ -2328,8 +3193,14 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) if (!my_ok) { char const *p = X509_verify_cert_error_string(err); @@ -4120,7 +4244,7 @@ index 78c7370a63..118978b52a 100644 return my_ok; } -@@ -2405,7 +3232,6 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) +@@ -2405,7 +3276,6 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) fr_bin2hex(value + 2, srcp, asn1len); } @@ -4128,7 +4252,7 @@ index 78c7370a63..118978b52a 100644 vp = fr_pair_make(talloc_ctx, certs, attribute, value, T_OP_ADD); if (!vp) { RDEBUG3("Skipping %s += '%s'. Please check that both the " -@@ -2446,20 +3272,28 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) +@@ -2446,20 +3316,28 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) switch (X509_STORE_CTX_get_error(ctx)) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: @@ -4160,7 +4284,7 @@ index 78c7370a63..118978b52a 100644 #if 0 ASN1_TIME_print(bio_err, X509_get_notAfter(ctx->current_cert)); #endif -@@ -2471,12 +3305,49 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) +@@ -2471,12 +3349,49 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) * checks. */ if (depth == 0) { @@ -4211,7 +4335,7 @@ index 78c7370a63..118978b52a 100644 (strcmp(issuer, conf->check_cert_issuer) != 0)) { AUTH(LOG_PREFIX ": Certificate issuer (%s) does not match specified value (%s)!", issuer, conf->check_cert_issuer); -@@ -2595,45 +3466,54 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) +@@ -2595,45 +3510,54 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx) unlink(filename); break; } @@ -4278,8 +4402,15 @@ index 78c7370a63..118978b52a 100644 return NULL; } -@@ -2647,36 +3527,58 @@ static X509_STORE *init_revocation_store(fr_tls_server_conf_t *conf) +@@ -2645,38 +3569,65 @@ static X509_STORE *init_revocation_store(fr_tls_server_conf_t *conf) + if (conf->check_all_crl) + X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK_ALL); #endif ++ ++#if defined(X509_V_FLAG_PARTIAL_CHAIN) ++ X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN); ++#endif ++ return store; } -#endif /* HAVE_OPENSSL_OCSP_H */ @@ -4290,25 +4421,18 @@ index 78c7370a63..118978b52a 100644 { - int nid; - EC_KEY *ecdh; -- ++ if (!disable_single_dh_use) { ++ SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE); ++ } + - if (!ecdh_curve || !*ecdh_curve) return 0; -- ++ if (!ecdh_curve) return 0; + - nid = OBJ_sn2nid(ecdh_curve); - if (!nid) { - ERROR(LOG_PREFIX ": Unknown ecdh_curve \"%s\"", ecdh_curve); - return -1; -+ if (!disable_single_dh_use) { -+ SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE); - } - -- ecdh = EC_KEY_new_by_curve_name(nid); -- if (!ecdh) { -- ERROR(LOG_PREFIX ": Unable to create new curve \"%s\"", ecdh_curve); -- return -1; - } -+ if (!ecdh_curve) return 0; - -- SSL_CTX_set_tmp_ecdh(ctx, ecdh); +#if OPENSSL_VERSION_NUMBER >= 0x1000200fL + /* + * A colon-separated list of curves. @@ -4316,8 +4440,10 @@ index 78c7370a63..118978b52a 100644 + if (*ecdh_curve) { + char *list; -- if (!disable_single_dh_use) { -- SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE); +- ecdh = EC_KEY_new_by_curve_name(nid); +- if (!ecdh) { +- ERROR(LOG_PREFIX ": Unable to create new curve \"%s\"", ecdh_curve); +- return -1; + memcpy(&list, &ecdh_curve, sizeof(list)); /* const issues */ + + if (SSL_CTX_set1_curves_list(ctx, list) == 0) { @@ -4326,7 +4452,7 @@ index 78c7370a63..118978b52a 100644 + } } -- EC_KEY_free(ecdh); +- SSL_CTX_set_tmp_ecdh(ctx, ecdh); + (void) SSL_CTX_set_ecdh_auto(ctx, 1); +#else + /* @@ -4335,13 +4461,17 @@ index 78c7370a63..118978b52a 100644 + { + int nid; + EC_KEY *ecdh; -+ + +- if (!disable_single_dh_use) { +- SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE); +- } + nid = OBJ_sn2nid(ecdh_curve); + if (!nid) { + ERROR(LOG_PREFIX ": Unknown ecdh_curve \"%s\"", ecdh_curve); + return -1; + } -+ + +- EC_KEY_free(ecdh); + ecdh = EC_KEY_new_by_curve_name(nid); + if (!ecdh) { + ERROR(LOG_PREFIX ": Unable to create new curve \"%s\"", ecdh_curve); @@ -4356,15 +4486,15 @@ index 78c7370a63..118978b52a 100644 return 0; } -@@ -2708,10 +3610,32 @@ int tls_global_init(bool spawn_flag, bool check) +@@ -2708,10 +3659,32 @@ int tls_global_init(bool spawn_flag, bool check) * and we don't want to have tls.c depend on globals. */ if (spawn_flag && !check && (tls_mutexes_init() < 0)) { - ERROR("FATAL: Failed to set up SSL mutexes"); + ERROR("(TLS) FATAL: Failed to set up SSL mutexes"); - return -1; - } - ++ return -1; ++ } ++ +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + /* + * Load the default provider for most algorithms @@ -4372,9 +4502,9 @@ index 78c7370a63..118978b52a 100644 + openssl_default_provider = OSSL_PROVIDER_load(NULL, "default"); + if (!openssl_default_provider) { + ERROR("(TLS) Failed loading default provider"); -+ return -1; -+ } -+ + return -1; + } + + /* + * Needed for MD4 + * @@ -4390,7 +4520,7 @@ index 78c7370a63..118978b52a 100644 return 0; } -@@ -2777,6 +3701,19 @@ void tls_global_cleanup(void) +@@ -2777,6 +3750,19 @@ void tls_global_cleanup(void) #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif @@ -4410,7 +4540,7 @@ index 78c7370a63..118978b52a 100644 CONF_modules_unload(1); ERR_free_strings(); EVP_cleanup(); -@@ -2797,9 +3734,6 @@ static const FR_NAME_NUMBER version2int[] = { +@@ -2797,9 +3783,6 @@ static const FR_NAME_NUMBER version2int[] = { #endif #ifdef TLS1_3_VERSION { "1.3", TLS1_3_VERSION }, @@ -4420,7 +4550,7 @@ index 78c7370a63..118978b52a 100644 #endif { NULL, 0 } }; -@@ -2816,18 +3750,18 @@ static const FR_NAME_NUMBER version2int[] = { +@@ -2816,18 +3799,18 @@ static const FR_NAME_NUMBER version2int[] = { * - Load the Private key & the certificate * - Set the Context options & Verify options */ @@ -4443,7 +4573,7 @@ index 78c7370a63..118978b52a 100644 /* * SHA256 is in all versions of OpenSSL, but isn't -@@ -2840,7 +3774,7 @@ SSL_CTX *tls_init_ctx(fr_tls_server_conf_t *conf, int client) +@@ -2840,7 +3823,7 @@ SSL_CTX *tls_init_ctx(fr_tls_server_conf_t *conf, int client) ctx = SSL_CTX_new(SSLv23_method()); /* which is really "all known SSL / TLS methods". Idiots. */ if (!ctx) { @@ -4452,7 +4582,7 @@ index 78c7370a63..118978b52a 100644 return NULL; } -@@ -3033,39 +3967,55 @@ SSL_CTX *tls_init_ctx(fr_tls_server_conf_t *conf, int client) +@@ -3033,39 +4016,56 @@ SSL_CTX *tls_init_ctx(fr_tls_server_conf_t *conf, int client) * the cert chain needs to be given in PEM from * openSSL.org */ @@ -4482,17 +4612,20 @@ index 78c7370a63..118978b52a 100644 + /* + * Load the CAs we trust and configure CRL checks if needed + */ ++ if (conf->ca_file || conf->ca_path) { ++ if ((certstore = fr_init_x509_store(conf)) == NULL ) return NULL; ++ SSL_CTX_set_cert_store(ctx, certstore); ++ } else { #if defined(X509_V_FLAG_PARTIAL_CHAIN) - X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), X509_V_FLAG_PARTIAL_CHAIN); +- X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), X509_V_FLAG_PARTIAL_CHAIN); ++ X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), X509_V_FLAG_PARTIAL_CHAIN); #endif - if (conf->ca_file || conf->ca_path) { +- if (conf->ca_file || conf->ca_path) { - if (!SSL_CTX_load_verify_locations(ctx, conf->ca_file, conf->ca_path)) { - tls_error_log(NULL, "Failed reading Trusted root CA list \"%s\"", - conf->ca_file); - return NULL; - } -+ if ((certstore = fr_init_x509_store(conf)) == NULL ) return NULL; -+ SSL_CTX_set_cert_store(ctx, certstore); } + if (conf->ca_file && *conf->ca_file) SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(conf->ca_file)); @@ -4522,7 +4655,7 @@ index 78c7370a63..118978b52a 100644 return NULL; } -@@ -3088,6 +4038,18 @@ post_ca: +@@ -3088,6 +4088,18 @@ post_ca: ctx_options |= SSL_OP_NO_SSLv2; ctx_options |= SSL_OP_NO_SSLv3; @@ -4541,7 +4674,7 @@ index 78c7370a63..118978b52a 100644 /* * SSL_CTX_set_(min|max)_proto_version was included in OpenSSL 1.1.0 * -@@ -3095,168 +4057,250 @@ post_ca: +@@ -3095,168 +4107,291 @@ post_ca: * below, so we don't need to check for them explicitly. * * TLS1_3_VERSION is available in OpenSSL 1.1.1. @@ -4582,6 +4715,16 @@ index 78c7370a63..118978b52a 100644 -#elif defined(TLS1_3_VERSION) - max_version = TLS1_2_VERSION; /* NOT a typo! EAP methods for TLS 1.3 are NOT finished */ +#if defined(TLS1_3_VERSION) ++#ifdef WITH_RADIUSV11 ++ /* ++ * RADIUS 1.1 requires TLS 1.3 or later. ++ */ ++ if (conf->radiusv11) { ++ max_version = TLS1_3_VERSION; ++ } else ++#endif ++ ++ + max_version = TLS1_2_VERSION; /* yes, we only use TLS 1.3 if it's EXPLICITELY ENABLED */ #elif defined(TLS1_2_VERSION) - max_version = TLS1_2_VERSION; @@ -4606,69 +4749,30 @@ index 78c7370a63..118978b52a 100644 + return NULL; + } + } else { ++#ifdef WITH_RADIUSV11 /* - * Set these for the rest of the code. -+ * Allow TLS 1.0. It is horribly insecure, but -+ * some systems still use it. ++ * RADIUS 1.1 requires TLS 1.3 or later. */ -+ min_version = TLS1_VERSION; -+ } -+ -+ /* -+ * Compare the two. -+ */ -+ if ((min_version > max_version) || (max_version < min_version)) { -+ ERROR("tls_min_version '%s' must be <= tls_max_version '%s'", -+ conf->tls_min_version, conf->tls_max_version); -+ return NULL; -+ } -+ -+#ifdef CHECK_FOR_PSK_CERTS -+ /* -+ * Disable TLS 1.3 when using PSKs and certs. -+ * This doesn't work. -+ * -+ * It's best to disable the offending -+ * configuration and warn about it. The -+ * alternative is to have the admin wonder why it -+ * doesn't work. -+ * -+ * Note that the admin can over-ride this by -+ * setting "min_version = max_version = 1.3" -+ */ -+ if (psk_and_certs && -+ (min_version < TLS1_3_VERSION) && (max_version >= TLS1_3_VERSION)) { -+ max_version = TLS1_2_VERSION; -+ radlog(L_DBG | L_WARN, "Disabling TLS 1.3 due to PSK and certificates being configured simultaneously. This is not supported by the standards."); -+ } -+#endif -+ -+ /* -+ * No one should be using TLS 1.0 or TLS 1.1 any more -+ * -+ * If TLS1.2 isn't defined by OpenSSL, then we _know_ -+ * it's an insecure version of OpenSSL. -+ */ - #ifdef TLS1_2_VERSION +-#ifdef TLS1_2_VERSION - if (max_version < TLS1_2_VERSION) { - conf->disable_tlsv1_2 = true; - } -+ if (max_version < TLS1_2_VERSION) - #endif +-#endif -#ifdef TLS1_1_VERSION - if (max_version < TLS1_1_VERSION) { - conf->disable_tlsv1_1 = true; -+ { -+ if (rad_debug_lvl) { -+ WARN(LOG_PREFIX ": The configuration allows TLS 1.0 and/or TLS 1.1. We STRONGLY recommned using only TLS 1.2 for security"); -+ WARN(LOG_PREFIX ": Please set: tls_min_version = '1.2'"); - } --#endif -+ } - -- /* +- } ++ if (conf->radiusv11) { ++ min_version = TLS1_3_VERSION; ++ } else + #endif +- + /* - * Get the min version. -- */ ++ * Allow TLS 1.0. It is horribly insecure, but ++ * some systems still use it. + */ - if (conf->tls_min_version && *conf->tls_min_version) { - min_version = fr_str2int(version2int, conf->tls_min_version, 0); - if (!min_version) { @@ -4677,31 +4781,29 @@ index 78c7370a63..118978b52a 100644 - } - } else { - min_version = TLS1_VERSION; -+#ifdef SSL_OP_NO_TLSv1 -+ /* -+ * Check min / max against the old-style "disable" flag. -+ */ -+ if (conf->disable_tlsv1) { -+ if (min_version == TLS1_VERSION) { -+ ERROR(LOG_PREFIX ": 'disable_tlsv1' is set, but 'min_version = 1.0'. These cannot both be true."); -+ return NULL; - } -- +- } ++ min_version = TLS1_VERSION; ++ } + - /* - * Compare the two. - */ - if (min_version > max_version) { - ERROR("tls_min_version '%s' must be <= tls_max_version '%s'", - conf->tls_min_version, conf->tls_max_version); -+ if (max_version == TLS1_VERSION) { -+ ERROR(LOG_PREFIX ": 'disable_tlsv1' is set, but 'max_version = 1.0'. These cannot both be true."); - return NULL; - } -+ ctx_options |= SSL_OP_NO_TLSv1; +- return NULL; +- } ++ /* ++ * Compare the two. ++ */ ++ if ((min_version > max_version) || (max_version < min_version)) { ++ ERROR("tls_min_version '%s' must be <= tls_max_version '%s'", ++ conf->tls_min_version, conf->tls_max_version); ++ return NULL; + } -#if OPENSSL_VERSION_NUMBER >= 0x10100000L --#ifdef CHECK_FOR_PSK_CERTS + #ifdef CHECK_FOR_PSK_CERTS - /* - * Disable TLS 1.3 when using PSKs and certs. - * This doesn't work. @@ -4719,30 +4821,60 @@ index 78c7370a63..118978b52a 100644 - max_version = TLS1_2_VERSION; - radlog(L_DBG | L_WARN, "Disabling TLS 1.3 due to PSK and certificates being configured simultaneously. This is not supported by the standards."); - } -+ if (min_version > TLS1_VERSION) ctx_options |= SSL_OP_NO_TLSv1; -+ -+ ctx_available |= SSL_OP_NO_TLSv1; ++ /* ++ * Disable TLS 1.3 when using PSKs and certs. ++ * This doesn't work. ++ * ++ * It's best to disable the offending ++ * configuration and warn about it. The ++ * alternative is to have the admin wonder why it ++ * doesn't work. ++ * ++ * Note that the admin can over-ride this by ++ * setting "min_version = max_version = 1.3" ++ */ ++ if (psk_and_certs && ++ (min_version < TLS1_3_VERSION) && (max_version >= TLS1_3_VERSION)) { ++ max_version = TLS1_2_VERSION; ++ radlog(L_DBG | L_WARN, "Disabling TLS 1.3 due to PSK and certificates being configured simultaneously. This is not supported by the standards."); ++ } #endif - if (!SSL_CTX_set_max_proto_version(ctx, max_version)) { - ERROR("Failed setting TLS maximum version"); -+#ifdef SSL_OP_NO_TLSv1_1 +- return NULL; ++ /* ++ * No one should be using TLS 1.0 or TLS 1.1 any more ++ * ++ * If TLS1.2 isn't defined by OpenSSL, then we _know_ ++ * it's an insecure version of OpenSSL. ++ */ ++#ifdef TLS1_2_VERSION ++ if (max_version < TLS1_2_VERSION) ++#endif ++ { ++ if (rad_debug_lvl) { ++ WARN(LOG_PREFIX ": The configuration allows TLS 1.0 and/or TLS 1.1. We STRONGLY recommned using only TLS 1.2 for security"); ++ WARN(LOG_PREFIX ": Please set: tls_min_version = '1.2'"); + } ++ } + +- if (!SSL_CTX_set_min_proto_version(ctx, min_version)) { +- ERROR("Failed setting TLS minimum version"); ++#ifdef SSL_OP_NO_TLSv1 + /* + * Check min / max against the old-style "disable" flag. + */ -+ if (conf->disable_tlsv1_1) { -+ if (min_version <= TLS1_1_VERSION) { -+ ERROR(LOG_PREFIX ": 'disable_tlsv1_1' is set, but 'min_version <= 1.1'. These cannot both be true."); ++ if (conf->disable_tlsv1) { ++ if (min_version == TLS1_VERSION) { ++ ERROR(LOG_PREFIX ": 'disable_tlsv1' is set, but 'min_version = 1.0'. These cannot both be true."); return NULL; } -- -- if (!SSL_CTX_set_min_proto_version(ctx, min_version)) { -- ERROR("Failed setting TLS minimum version"); -+ if (max_version == TLS1_1_VERSION) { -+ ERROR(LOG_PREFIX ": 'disable_tlsv1_1' is set, but 'max_version = 1.1'. These cannot both be true."); - return NULL; - } -+ ctx_options |= SSL_OP_NO_TLSv1_1; ++ if (max_version == TLS1_VERSION) { ++ ERROR(LOG_PREFIX ": 'disable_tlsv1' is set, but 'max_version = 1.0'. These cannot both be true."); ++ return NULL; ++ } ++ ctx_options |= SSL_OP_NO_TLSv1; + } - /* @@ -4750,16 +4882,35 @@ index 78c7370a63..118978b52a 100644 - */ - if (min_version < TLS1_2_VERSION) insecure_tls_version = true; -#else /* OpenSSL version < 1.1.0 */ -+ if (min_version > TLS1_1_VERSION) ctx_options |= SSL_OP_NO_TLSv1_1; -+ if (max_version < TLS1_1_VERSION) ctx_options |= SSL_OP_NO_TLSv1_1; ++ if (min_version > TLS1_VERSION) ctx_options |= SSL_OP_NO_TLSv1; -#ifdef SSL_OP_NO_TLSv1 - insecure_tls_version |= (conf->disable_tlsv1 == false); ++ ctx_available |= SSL_OP_NO_TLSv1; + #endif ++ + #ifdef SSL_OP_NO_TLSv1_1 +- insecure_tls_version |= (conf->disable_tlsv1_1 == false); ++ /* ++ * Check min / max against the old-style "disable" flag. ++ */ ++ if (conf->disable_tlsv1_1) { ++ if (min_version <= TLS1_1_VERSION) { ++ ERROR(LOG_PREFIX ": 'disable_tlsv1_1' is set, but 'min_version <= 1.1'. These cannot both be true."); ++ return NULL; ++ } ++ if (max_version == TLS1_1_VERSION) { ++ ERROR(LOG_PREFIX ": 'disable_tlsv1_1' is set, but 'max_version = 1.1'. These cannot both be true."); ++ return NULL; ++ } ++ ctx_options |= SSL_OP_NO_TLSv1_1; ++ } ++ ++ if (min_version > TLS1_1_VERSION) ctx_options |= SSL_OP_NO_TLSv1_1; ++ if (max_version < TLS1_1_VERSION) ctx_options |= SSL_OP_NO_TLSv1_1; ++ + ctx_available |= SSL_OP_NO_TLSv1_1; #endif --#ifdef SSL_OP_NO_TLSv1_1 -- insecure_tls_version |= (conf->disable_tlsv1_1 == false); --#endif -#endif /* OpenSSL version ? 1.1.0 */ - if (rad_debug_lvl && insecure_tls_version) { @@ -4792,9 +4943,25 @@ index 78c7370a63..118978b52a 100644 + if (max_version < TLS1_3_VERSION) ctx_options |= SSL_OP_NO_TLSv1_3; +#endif ++ ++#ifdef WITH_RADIUSV11 /* - * For historical config compatibility, we also allow - * these, but complain if the admin uses them. ++ * RADIUS 1.1 requires TLS 1.3 or later. + */ +-#ifdef SSL_OP_NO_TLSv1 +- if (conf->disable_tlsv1) { +- ctx_options |= SSL_OP_NO_TLSv1; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L +- WARN("Please use tls_min_version and tls_max_version instead of disable_tlsv1"); ++ if (conf->radiusv11 && (min_version < TLS1_3_VERSION)) { ++ ERROR(LOG_PREFIX ": Please set 'tls_min_version = 1.2' or greater to use 'radiusv1_1 = true'"); ++ return NULL; ++ } + #endif ++ ++ /* + * Set the cipher list if we were told to do so. We do + * this before setting min/max TLS version. In a sane + * world, OpenSSL would error out if we set the max TLS @@ -4802,13 +4969,7 @@ index 78c7370a63..118978b52a 100644 + * current security level. However, this is OpenSSL. If + * you set conflicting options, it doesn't give an error. + * Instead, it just picks something to do. - */ --#ifdef SSL_OP_NO_TLSv1 -- if (conf->disable_tlsv1) { -- ctx_options |= SSL_OP_NO_TLSv1; --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -- WARN("Please use tls_min_version and tls_max_version instead of disable_tlsv1"); --#endif ++ */ + if (conf->cipher_list) { + if (!SSL_CTX_set_cipher_list(ctx, conf->cipher_list)) { + tls_error_log(NULL, "Failed setting cipher list"); @@ -4817,12 +4978,24 @@ index 78c7370a63..118978b52a 100644 } - ctx_tls_versions |= SSL_OP_NO_TLSv1; --#endif ++#if OPENSSL_VERSION_NUMBER >= 0x10101000L ++ if (conf->sigalgs_list) { ++ char *list; ++ ++ memcpy(&list, &(conf->sigalgs_list), sizeof(list)); /* const issues */ ++ ++ if (SSL_CTX_set1_sigalgs_list(ctx, list) == 0) { ++ tls_error_log(NULL, "Failed setting signature list '%s'", conf->sigalgs_list); ++ return NULL; ++ } ++ } + #endif -#ifdef SSL_OP_NO_TLSv1_1 - if (conf->disable_tlsv1_1) { - ctx_options |= SSL_OP_NO_TLSv1_1; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L - WARN("Please use tls_min_version and tls_max_version instead of disable_tlsv1_2"); ++ + /* + * Tell OpenSSL PRETTY PLEASE MAY WE USE TLS 1.1. + * @@ -4881,7 +5054,6 @@ index 78c7370a63..118978b52a 100644 + ERROR("Failed setting TLS maximum version"); + return NULL; + } -+ + if (!SSL_CTX_set_min_proto_version(ctx, min_version)) { + ERROR("Failed setting TLS minimum version"); + return NULL; @@ -4905,7 +5077,7 @@ index 78c7370a63..118978b52a 100644 #ifdef SSL_OP_NO_TICKET ctx_options |= SSL_OP_NO_TICKET; #endif -@@ -3291,6 +4335,19 @@ post_ca: +@@ -3291,6 +4426,19 @@ post_ca: SSL_CTX_set_options(ctx, ctx_options); @@ -4925,7 +5097,7 @@ index 78c7370a63..118978b52a 100644 /* * TODO: Set the RSA & DH * SSL_CTX_set_tmp_rsa_callback(ctx, cbtls_rsa); -@@ -3336,12 +4393,21 @@ post_ca: +@@ -3336,12 +4484,21 @@ post_ca: /* * Cache sessions on disk if requested. */ @@ -4948,7 +5120,7 @@ index 78c7370a63..118978b52a 100644 SSL_CTX_set_quiet_shutdown(ctx, 1); if (fr_tls_ex_index_vps < 0) fr_tls_ex_index_vps = SSL_SESSION_get_ex_new_index(0, NULL, NULL, NULL, NULL); -@@ -3359,6 +4425,17 @@ post_ca: +@@ -3359,6 +4516,17 @@ post_ca: } X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK); @@ -4966,7 +5138,7 @@ index 78c7370a63..118978b52a 100644 #ifdef X509_V_FLAG_CRL_CHECK_ALL if (conf->check_all_crl) X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK_ALL); -@@ -3389,16 +4466,6 @@ post_ca: +@@ -3389,16 +4557,6 @@ post_ca: } #endif @@ -4983,7 +5155,7 @@ index 78c7370a63..118978b52a 100644 /* * Setup session caching */ -@@ -3424,9 +4491,9 @@ post_ca: +@@ -3424,9 +4582,9 @@ post_ca: (unsigned int) strlen(conf->session_context_id)); /* @@ -4995,7 +5167,7 @@ index 78c7370a63..118978b52a 100644 /* * Set the maximum number of entries in the -@@ -3468,11 +4535,15 @@ static int _tls_server_conf_free(fr_tls_server_conf_t *conf) +@@ -3468,11 +4626,15 @@ static int _tls_server_conf_free(fr_tls_server_conf_t *conf) if (conf->cache_ht) fr_hash_table_free(conf->cache_ht); @@ -5011,7 +5183,7 @@ index 78c7370a63..118978b52a 100644 #ifndef NDEBUG memset(conf, 0, sizeof(*conf)); #endif -@@ -3505,9 +4576,109 @@ static int store_cmp(void const *a, void const *b) +@@ -3505,9 +4667,109 @@ static int store_cmp(void const *a, void const *b) DICT_ATTR const *one = a; DICT_ATTR const *two = b; @@ -5122,7 +5294,7 @@ index 78c7370a63..118978b52a 100644 fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs) { fr_tls_server_conf_t *conf; -@@ -3535,6 +4706,16 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs) +@@ -3535,6 +4797,16 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs) */ if (conf->fragment_size < 100) conf->fragment_size = 100; @@ -5139,7 +5311,7 @@ index 78c7370a63..118978b52a 100644 /* * Only check for certificate things if we don't have a * PSK query. -@@ -3563,10 +4744,15 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs) +@@ -3563,10 +4835,15 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs) } } @@ -5156,7 +5328,7 @@ index 78c7370a63..118978b52a 100644 if (conf->ctx == NULL) { goto error; } -@@ -3633,10 +4819,11 @@ skip_list: +@@ -3633,10 +4910,11 @@ skip_list: * Initialize OCSP Revocation Store */ if (conf->ocsp_enable) { @@ -5169,7 +5341,7 @@ index 78c7370a63..118978b52a 100644 { char *dh_file; -@@ -3655,7 +4842,7 @@ skip_list: +@@ -3655,7 +4933,7 @@ skip_list: } if (conf->verify_client_cert_cmd && !conf->verify_tmp_dir) { @@ -5178,7 +5350,7 @@ index 78c7370a63..118978b52a 100644 goto error; } -@@ -3663,12 +4850,17 @@ skip_list: +@@ -3663,12 +4941,17 @@ skip_list: /* * OpenSSL 1.0.1f and 1.0.1g get the MS-MPPE keys wrong. */ @@ -5197,7 +5369,7 @@ index 78c7370a63..118978b52a 100644 /* * Cache conf in cs in case we're asked to parse this again. */ -@@ -3703,7 +4895,7 @@ fr_tls_server_conf_t *tls_client_conf_parse(CONF_SECTION *cs) +@@ -3703,7 +4986,7 @@ fr_tls_server_conf_t *tls_client_conf_parse(CONF_SECTION *cs) /* * Initialize TLS */ @@ -5206,7 +5378,7 @@ index 78c7370a63..118978b52a 100644 if (conf->ctx == NULL) { goto error; } -@@ -3755,7 +4947,7 @@ int tls_success(tls_session_t *ssn, REQUEST *request) +@@ -3755,7 +5038,7 @@ int tls_success(tls_session_t *ssn, REQUEST *request) * not allowed, */ if (SSL_session_reused(ssn->ssl)) { @@ -5215,7 +5387,7 @@ index 78c7370a63..118978b52a 100644 return -1; } -@@ -3763,12 +4955,14 @@ int tls_success(tls_session_t *ssn, REQUEST *request) +@@ -3763,12 +5046,14 @@ int tls_success(tls_session_t *ssn, REQUEST *request) * Else resumption IS allowed, so we store the * user data in the cache. */ @@ -5231,7 +5403,7 @@ index 78c7370a63..118978b52a 100644 vp = fr_pair_list_copy_by_num(talloc_ctx, request->reply->vps, PW_USER_NAME, 0, TAG_ANY); if (vp) fr_pair_add(&vps, vp); -@@ -3778,6 +4972,9 @@ int tls_success(tls_session_t *ssn, REQUEST *request) +@@ -3778,6 +5063,9 @@ int tls_success(tls_session_t *ssn, REQUEST *request) vp = fr_pair_list_copy_by_num(talloc_ctx, request->packet->vps, PW_STRIPPED_USER_DOMAIN, 0, TAG_ANY); if (vp) fr_pair_add(&vps, vp); @@ -5241,7 +5413,7 @@ index 78c7370a63..118978b52a 100644 vp = fr_pair_list_copy_by_num(talloc_ctx, request->reply->vps, PW_CHARGEABLE_USER_IDENTITY, 0, TAG_ANY); if (vp) fr_pair_add(&vps, vp); -@@ -3836,7 +5033,7 @@ int tls_success(tls_session_t *ssn, REQUEST *request) +@@ -3836,7 +5124,7 @@ int tls_success(tls_session_t *ssn, REQUEST *request) if (vp) { if ((request->timestamp + vp->vp_integer) > expires) { vp->vp_integer = expires - request->timestamp; @@ -5250,7 +5422,7 @@ index 78c7370a63..118978b52a 100644 vp->vp_integer); } } -@@ -3858,7 +5055,7 @@ int tls_success(tls_session_t *ssn, REQUEST *request) +@@ -3858,7 +5146,7 @@ int tls_success(tls_session_t *ssn, REQUEST *request) FR_DIR_SEP, buffer); vp_file = fopen(filename, "w"); if (vp_file == NULL) { @@ -5259,7 +5431,7 @@ index 78c7370a63..118978b52a 100644 fr_syserror(errno)); } else { VALUE_PAIR *prev = NULL; -@@ -3889,6 +5086,10 @@ int tls_success(tls_session_t *ssn, REQUEST *request) +@@ -3889,6 +5177,10 @@ int tls_success(tls_session_t *ssn, REQUEST *request) fprintf(vp_file, "\n"); fclose(vp_file); } @@ -5270,7 +5442,7 @@ index 78c7370a63..118978b52a 100644 } else { RDEBUG("Failed to find 'persist_dir' in TLS configuration. Session will not be cached on disk."); } -@@ -3901,15 +5102,27 @@ int tls_success(tls_session_t *ssn, REQUEST *request) +@@ -3901,15 +5193,27 @@ int tls_success(tls_session_t *ssn, REQUEST *request) * Else the session WAS allowed. Copy the cached reply. */ } else { @@ -5301,7 +5473,7 @@ index 78c7370a63..118978b52a 100644 /* "touch" the cached session/vp file */ char filename[3 * MAX_SESSION_SIZE + 1]; -@@ -3921,6 +5134,10 @@ int tls_success(tls_session_t *ssn, REQUEST *request) +@@ -3921,6 +5225,10 @@ int tls_success(tls_session_t *ssn, REQUEST *request) utime(filename, NULL); } @@ -5312,7 +5484,7 @@ index 78c7370a63..118978b52a 100644 /* * Mark the request as resumed. */ -@@ -3953,49 +5170,69 @@ fr_tls_status_t tls_application_data(tls_session_t *ssn, REQUEST *request) +@@ -3953,49 +5261,69 @@ fr_tls_status_t tls_application_data(tls_session_t *ssn, REQUEST *request) err = BIO_write(ssn->into_ssl, ssn->dirty_in.data, ssn->dirty_in.used); if (err != (int) ssn->dirty_in.used) { @@ -5395,7 +5567,7 @@ index 78c7370a63..118978b52a 100644 return FR_TLS_FAIL; } } -@@ -4003,8 +5240,9 @@ fr_tls_status_t tls_application_data(tls_session_t *ssn, REQUEST *request) +@@ -4003,8 +5331,9 @@ fr_tls_status_t tls_application_data(tls_session_t *ssn, REQUEST *request) /* * Passed all checks, successfully decrypted data */ @@ -5406,7 +5578,7 @@ index 78c7370a63..118978b52a 100644 /* * Add the certificates to intermediate packets, so that * the inner tunnel policies can use them. -@@ -4026,27 +5264,27 @@ fr_tls_status_t tls_application_data(tls_session_t *ssn, REQUEST *request) +@@ -4026,27 +5355,33 @@ fr_tls_status_t tls_application_data(tls_session_t *ssn, REQUEST *request) fr_tls_status_t tls_ack_handler(tls_session_t *ssn, REQUEST *request) { if (ssn == NULL){ @@ -5433,20 +5605,28 @@ index 78c7370a63..118978b52a 100644 return FR_TLS_FAIL; case handshake: - if ((ssn->is_init_finished) && (ssn->dirty_out.used == 0)) { +- if ((ssn->is_init_finished) && (ssn->dirty_out.used == 0)) { - RDEBUG2("Peer ACKed our handshake fragment. handshake is finished"); ++ if (ssn->dirty_out.used > 0) { ++ RDEBUG2("(TLS) Peer ACKed our handshake fragment"); ++ /* Fragmentation handler, send next fragment */ ++ return FR_TLS_REQUEST; ++ } ++ ++ if (ssn->is_init_finished || SSL_is_init_finished(ssn->ssl)) { + RDEBUG2("(TLS) Peer ACKed our handshake fragment. handshake is finished"); /* * From now on all the content is -@@ -4057,12 +5295,12 @@ fr_tls_status_t tls_ack_handler(tls_session_t *ssn, REQUEST *request) +@@ -4057,12 +5392,11 @@ fr_tls_status_t tls_ack_handler(tls_session_t *ssn, REQUEST *request) return FR_TLS_SUCCESS; } /* else more data to send */ - RDEBUG2("Peer ACKed our handshake fragment"); -+ RDEBUG2("(TLS) Peer ACKed our handshake fragment"); - /* Fragmentation handler, send next fragment */ - return FR_TLS_REQUEST; +- /* Fragmentation handler, send next fragment */ +- return FR_TLS_REQUEST; ++ REDEBUG("(TLS) Cannot continue, as the peer is misbehaving."); ++ return FR_TLS_FAIL; case application_data: - RDEBUG2("Peer ACKed our application data fragment"); @@ -5454,7 +5634,7 @@ index 78c7370a63..118978b52a 100644 return FR_TLS_REQUEST; /* -@@ -4070,7 +5308,7 @@ fr_tls_status_t tls_ack_handler(tls_session_t *ssn, REQUEST *request) +@@ -4070,7 +5404,7 @@ fr_tls_status_t tls_ack_handler(tls_session_t *ssn, REQUEST *request) * to the default section below. */ default: @@ -9765,54 +9945,11 @@ index 399689abf3..932e44abe9 100644 } /* switch (pwe) */ return; -diff --git a/src/modules/rlm_otp/otp_pwe.c b/src/modules/rlm_otp/otp_pwe.c -index 56a4dbc71b..99a6d07769 100644 ---- a/src/modules/rlm_otp/otp_pwe.c -+++ b/src/modules/rlm_otp/otp_pwe.c -@@ -28,19 +28,11 @@ - RCSID("$Id: 56a4dbc71b0117cb5eb788367e1fad7be9c8419a $") - - /* avoid inclusion of these FR headers which conflict w/ OpenSSL */ --#define _FR_MD4_H --#define _FR_SHA1_H - #include - #include - - #include "extern.h" - --USES_APPLE_DEPRECATED_API --#include --#include --#include --#include -- - #include - - /* Attribute IDs for supported password encodings. */ diff --git a/src/modules/rlm_otp/otp_radstate.c b/src/modules/rlm_otp/otp_radstate.c -index 66fd8b4987..6e53430c2f 100644 +index 66fd8b4987..256437a552 100644 --- a/src/modules/rlm_otp/otp_radstate.c +++ b/src/modules/rlm_otp/otp_radstate.c -@@ -22,17 +22,13 @@ - RCSID("$Id: 66fd8b4987c0353e5679da23efc31595aa7017db $") - USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */ - --/* avoid inclusion of these FR headers which conflict w/ OpenSSL */ --#define _FR_MD4_H --#define _FR_SHA1_H -- - #include "extern.h" - - #include - --#include /* des_cblock */ - #include - #include -+#include - - /* - * Generate the State attribute, suitable for passing to fr_pair_make(). -@@ -113,6 +109,7 @@ size_t otp_gen_state(char state[OTP_MAX_RADSTATE_LEN], +@@ -113,6 +113,7 @@ size_t otp_gen_state(char state[OTP_MAX_RADSTATE_LEN], HMAC_CTX *hmac_ctx; uint8_t hmac[MD5_DIGEST_LENGTH]; char *p; @@ -9820,7 +9957,7 @@ index 66fd8b4987..6e53430c2f 100644 /* * Generate the hmac. We already have a dependency on openssl for -@@ -125,7 +122,7 @@ size_t otp_gen_state(char state[OTP_MAX_RADSTATE_LEN], +@@ -125,7 +126,7 @@ size_t otp_gen_state(char state[OTP_MAX_RADSTATE_LEN], HMAC_Update(hmac_ctx, (uint8_t const *) challenge, clen); HMAC_Update(hmac_ctx, (uint8_t *) &flags, 4); HMAC_Update(hmac_ctx, (uint8_t *) &when, 4); diff --git a/SPECS/freeradius.spec b/SPECS/freeradius.spec index a0f515d..51bea14 100644 --- a/SPECS/freeradius.spec +++ b/SPECS/freeradius.spec @@ -1,7 +1,7 @@ Summary: High-performance and highly configurable free RADIUS server Name: freeradius Version: 3.0.21 -Release: 37%{?dist} +Release: 38%{?dist} License: GPLv2+ and LGPLv2+ URL: http://www.freeradius.org/ @@ -862,6 +862,10 @@ EOF %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest %changelog +* Mon May 22 2023 Antonio Torres - 3.0.21-38 +- Fix crash when verifying client certificate + Resolves: #2183447 + * Wed Dec 14 2022 Antonio Torres - 3.0.21-37 - Fix defect found by covscan Resolves: #2151705