freeradius 2: prevent upcoming build breakage

Fri, 07 May 2021 08:18:26 -0700 

We are going to make SSL3_STATE (ssl->s3) and SSL_SESSION opaque in an
upcoming libssl bump.

In the old freeradius, we need to switch to using to accessors to get
the client and server random and the session id in two files.

I'd appreciate a careful set of eyes on this one.

This builds on -current and should be a no-op.

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/freeradius/Makefile,v
retrieving revision 1.78
diff -u -p -r1.78 Makefile
--- Makefile    12 Jul 2019 20:48:26 -0000      1.78
+++ Makefile    5 May 2021 11:33:20 -0000
@@ -12,7 +12,7 @@ COMMENT-pgsql=        freeradius pgsql rlm addo
 COMMENT-ldap=  freeradius ldap rlm addon
 
 V=             2.2.10
-REVISION=      1
+REVISION=      2
 DISTNAME=      freeradius-server-$V
 EXTRACT_SUFX=  .tar.bz2
 
Index: patches/patch-src_modules_rlm_eap_libeap_mppe_keys_c
===================================================================
RCS file: patches/patch-src_modules_rlm_eap_libeap_mppe_keys_c
diff -N patches/patch-src_modules_rlm_eap_libeap_mppe_keys_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_modules_rlm_eap_libeap_mppe_keys_c        22 Apr 2021 
07:07:30 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+
+Index: src/modules/rlm_eap/libeap/mppe_keys.c
+--- src/modules/rlm_eap/libeap/mppe_keys.c.orig
++++ src/modules/rlm_eap/libeap/mppe_keys.c
+@@ -233,9 +233,8 @@ void eaptls_gen_eap_key(SSL *s, uint32_t header, VALUE
+       if (!vp) return;
+ 
+       vp->vp_octets[0] = header & 0xff;
+-      memcpy(vp->vp_octets + 1, s->s3->client_random, SSL3_RANDOM_SIZE);
+-      memcpy(vp->vp_octets + 1 + SSL3_RANDOM_SIZE,
+-             s->s3->server_random, SSL3_RANDOM_SIZE);
++      SSL_get_client_random(s, vp->vp_octets + 1, SSL3_RANDOM_SIZE);
++      SSL_get_server_random(s, vp->vp_octets + 1 + SSL3_RANDOM_SIZE, 
SSL3_RANDOM_SIZE);
+       vp->length = 1 + 2 * SSL3_RANDOM_SIZE;
+       pairadd(vps, vp);
+ }
Index: patches/patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls_c
===================================================================
RCS file: patches/patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls_c
diff -N patches/patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls_c   22 Apr 
2021 07:26:32 -0000
@@ -0,0 +1,41 @@
+$OpenBSD$
+
+Index: src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
+--- src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c.orig
++++ src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
+@@ -228,12 +228,15 @@ static int generate_eph_rsa_key(SSL_CTX *ctx)
+ static void cbtls_remove_session(UNUSED SSL_CTX *ctx, SSL_SESSION *sess)
+ {
+       size_t size;
++      const unsigned char *session_id;
++      unsigned int session_id_length;
+       char buffer[2 * MAX_SESSION_SIZE + 1];
+ 
+-      size = sess->session_id_length;
++      session_id = SSL_SESSION_get_id(sess, &session_id_length);
++      size = session_id_length;
+       if (size > MAX_SESSION_SIZE) size = MAX_SESSION_SIZE;
+ 
+-      fr_bin2hex(sess->session_id, buffer, size);
++      fr_bin2hex(session_id, buffer, size);
+ 
+         DEBUG2("  SSL: Removing session %s from the cache", buffer);
+         SSL_SESSION_free(sess);
+@@ -244,12 +247,15 @@ static void cbtls_remove_session(UNUSED SSL_CTX *ctx, 
+ static int cbtls_new_session(UNUSED SSL *s, SSL_SESSION *sess)
+ {
+       size_t size;
++      const unsigned char *session_id;
++      unsigned int session_id_length;
+       char buffer[2 * MAX_SESSION_SIZE + 1];
+ 
+-      size = sess->session_id_length;
++      session_id = SSL_SESSION_get_id(sess, &session_id_length);
++      size = session_id_length;
+       if (size > MAX_SESSION_SIZE) size = MAX_SESSION_SIZE;
+ 
+-      fr_bin2hex(sess->session_id, buffer, size);
++      fr_bin2hex(session_id, buffer, size);
+ 
+       DEBUG2("  SSL: adding session %s to cache", buffer);
+

Reply via email to