Support OpenSSL v1.1.0b in v3.0.x

[spbnick]

Issue type

• Questions about the server or its usage should be posted to the users mailing list.
• Remote security exploits MUST be sent to security@freeradius.org.
• Defect - Crash or memory corruption.
• Defect - Non compliance with a standards document, or incorrect API usage.
• Defect - Unexpected behaviour (obvious or verified by project member).
• Feature request.

Defect/Feature description

The v3.0.12 release, as well as the latest FreeRADIUS v3.0.x branch don't
build with OpenSSL v1.1.0b, in particular in Fedora Rawhide with openssl
package version 1:1.1.0b-3.fc26:

CC src/modules/rlm_eap/libeap/mppe_keys.c
src/modules/rlm_eap/libeap/mppe_keys.c: In function 'P_hash':
src/modules/rlm_eap/libeap/mppe_keys.c:40:11: error: storage size of 'ctx_a' isn't known
  HMAC_CTX ctx_a, ctx_out;
           ^~~~~
src/modules/rlm_eap/libeap/mppe_keys.c:40:18: error: storage size of 'ctx_out' isn't known
  HMAC_CTX ctx_a, ctx_out;
                  ^~~~~~~
src/modules/rlm_eap/libeap/mppe_keys.c:44:2: warning: implicit declaration of function 'HMAC_CTX_init' [-Wimplicit-function-declaration]
  HMAC_CTX_init(&ctx_a);
  ^~~~~~~~~~~~~
src/modules/rlm_eap/libeap/mppe_keys.c:83:2: warning: implicit declaration of function 'HMAC_CTX_cleanup' [-Wimplicit-function-declaration]
  HMAC_CTX_cleanup(&ctx_a);
  ^~~~~~~~~~~~~~~~
src/modules/rlm_eap/libeap/mppe_keys.c:40:18: warning: unused variable 'ctx_out' [-Wunused-variable]
  HMAC_CTX ctx_a, ctx_out;
                  ^~~~~~~
src/modules/rlm_eap/libeap/mppe_keys.c:40:11: warning: unused variable 'ctx_a' [-Wunused-variable]
  HMAC_CTX ctx_a, ctx_out;
           ^~~~~
src/modules/rlm_eap/libeap/mppe_keys.c: In function 'eaptls_gen_eap_key':
src/modules/rlm_eap/libeap/mppe_keys.c:250:17: error: dereferencing pointer to incomplete type 'SSL {aka struct ssl_st}'
  memcpy(p + 1, s->s3->client_random, SSL3_RANDOM_SIZE);
                 ^~
make: *** [scripts/boiler.mk:635: build/objs/src/modules/rlm_eap/libeap/mppe_keys.lo] Error 1

Would it be possible to make FreeRADIUS v3.0.x build with OpenSSL v1.1.0b?
If yes, then when, and when a release supporting it will be available?

Thank you.

[alandekok]

Would it be possible to make FreeRADIUS v3.0.x build with OpenSSL v1.1.0b?

I suppose.

If yes, then when, and when a release supporting it will be available?

You're free to submit a patch.

[arr2036]

It's fully supported in v3.1.x and v4.0.x so you should be able to pull in the fixes from there.

[spbnick]

Thanks, @alandekok, I know, I'm always free to submit patches :) The question was rather if you're going to do it in the near future. I'll see if I can find the time to do it myself.

@arr2036 Thanks, I'll look for them. Can you tell what I should be looking for in the history to pinpoint the commits necessary? Or perhaps, what were the major changes adding support, in general?

[alandekok]

The point is that this is open source. No one gets paid to work on it. Filing a bug and asking "when will this be fixed?" comes across as demanding that we jump immediately to make you happy. Which isn't friendly.

The file "mppe_keys.c" is in the same location in v3.1.x and in v3.0.x. Perhaps looking there would be a good idea.

[spbnick]

@alandekok Sorry, didn't mean to come across that way, tried to be polite. Will work on my wording.

Sure, I looked at the differences, couldn't see what exactly is changing and assumed it wouldn't be the only place broken. So, not being able to fix it quickly myself came here with the question and a hope. Will look again.

[spbnick]

For the record, the same issue happens on v3.1.x:

src/modules/rlm_eap/libeap/mppe_keys.c: In function 'P_hash':
src/modules/rlm_eap/libeap/mppe_keys.c:41:11: error: storage size of 'ctx_a' isn't known
  HMAC_CTX ctx_a, ctx_out;
           ^~~~~
src/modules/rlm_eap/libeap/mppe_keys.c:41:18: error: storage size of 'ctx_out' isn't known
  HMAC_CTX ctx_a, ctx_out;
                  ^~~~~~~
src/modules/rlm_eap/libeap/mppe_keys.c:45:2: warning: implicit declaration of function 'HMAC_CTX_init' [-Wimplicit-function-declaration]
  HMAC_CTX_init(&ctx_a);
  ^~~~~~~~~~~~~
src/modules/rlm_eap/libeap/mppe_keys.c:80:2: warning: implicit declaration of function 'HMAC_CTX_cleanup' [-Wimplicit-function-declaration]
  HMAC_CTX_cleanup(&ctx_a);
  ^~~~~~~~~~~~~~~~
src/modules/rlm_eap/libeap/mppe_keys.c:41:18: warning: unused variable 'ctx_out' [-Wunused-variable]
  HMAC_CTX ctx_a, ctx_out;
                  ^~~~~~~
src/modules/rlm_eap/libeap/mppe_keys.c:41:11: warning: unused variable 'ctx_a' [-Wunused-variable]
  HMAC_CTX ctx_a, ctx_out;
           ^~~~~
src/modules/rlm_eap/libeap/mppe_keys.c: In function 'eap_tls_gen_mppe_keys':
src/modules/rlm_eap/libeap/mppe_keys.c:171:14: error: dereferencing pointer to incomplete type 'SSL {aka struct ssl_st}'
   memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
              ^~
make: *** [scripts/boiler.mk:635: build/objs/src/modules/rlm_eap/libeap/mppe_keys.lo] Error 1

[arr2036]

Yeah apparently they added more things after the first alpha releases sigh. @alandekok is looking at fixing it in v4.0.x.

[spbnick]

Just an update: I finally got it to build, but with a bunch of warnings. Will hunt them down and submit a draft pull request this week.

[herwinw]

@spbnick You could use #1839 for inspiration

[spbnick]

Thanks a lot, @herwinw, I will!

[arr2036]

Is this issue resolved now?

[spbnick]

Yes, it is, thank you.