refactor tls.c

4953c400 · Robert Dubner · 33c58ae5 · 4953c400 · 4953c400 · 4953c400
Commit 4953c400 authored Oct 16, 2021 by Robert Dubner
--- a/contrib/slapd-modules/radiusov/Makefile
+++ b/contrib/slapd-modules/radiusov/Makefile
@@ -28,7 +28,7 @@ NLDAPD_INC=-Iradius-pam-ldapd
 LIBTOOL = $(LDAP_BUILD)/libtool
 INSTALL = /usr/bin/install
 #OPT = -g -O2 -Wall
-OPT = -ggdb -O0 -Wall -fmax-errors=10
+OPT = -ggdb -O0 -Wall -fmax-errors=5 -Werror
 DEFS =
 INCS = $(LDAP_INC) $(NLDAPD_INC)
 LIBS = $(LDAP_LIB)

--- a/contrib/slapd-modules/radiusov/demonstration/radiusclient/hmacmd5.c
+++ b/contrib/slapd-modules/radiusov/demonstration/radiusclient/hmacmd5.c
@@ -53,20 +53,20 @@ hmac_md5_init(HMAC_MD5_CTX *context,
        md5_update(&tctx, key, key_len);
        md5_final(tk, &tctx);

-        bcopy(tk, context->key, 16);
+        memcpy(context->key, tk, 16);
        key_len = 16;
        }
    else
        {
        // Key is <= 64 bytes, so just copy it over.
-        bcopy(key, context->key, key_len);
+        memcpy(context->key, key, key_len);
        context->key_len = key_len;
        }

    /* start out by storing key in pads */
    uint8_t k_ipad[64];	   /* inner padding - key XORd with ipad */
-    bzero( k_ipad, sizeof(k_ipad));
-    bcopy( &context->key, k_ipad, context->key_len);
+    memset( k_ipad, 0, sizeof(k_ipad));
+    memcpy( k_ipad, &context->key, context->key_len);

    /* XOR key with ipad and opad values */
    for (int i = 0; i < 64; i++)
@@ -96,8 +96,8 @@ hmac_md5_final(	 HMAC_MD5_CTX *context,
                 uint8_t *digest)
    {
    uint8_t k_opad[64];	   /* outer padding - key XORd with opad */
-    bzero( k_opad, sizeof(k_opad));
-    bcopy( context->key, k_opad, context->key_len);
+    memset( k_opad, 0, sizeof(k_opad));
+    memcpy( k_opad, context->key, context->key_len);

    /* XOR key with ipad and opad values */
    for (int i = 0; i < 64; i++)

--- a/contrib/slapd-modules/radiusov/demonstration/radiusclient/mschap.c
+++ b/contrib/slapd-modules/radiusov/demonstration/radiusclient/mschap.c
@@ -49,13 +49,12 @@ ChallengeResponse(  uint8_t *Challenge,     //  8 bytes
    // See RFC2759 Section 8.5
    uint8_t ZPasswordHash [21];

-    bzero(ZPasswordHash, sizeof(ZPasswordHash));
-    bcopy(PasswordHash, ZPasswordHash, 16);
+    memset(ZPasswordHash, 0, sizeof(ZPasswordHash));
+    memcpy(ZPasswordHash, PasswordHash, 16);

    DesEncrypt( Challenge, ZPasswordHash+ 0, Response+ 0);
    DesEncrypt( Challenge, ZPasswordHash+ 7, Response+ 8);
    DesEncrypt( Challenge, ZPasswordHash+14, Response+16);
-
    }

 static void

--- a/contrib/slapd-modules/radiusov/hmacmd5.c
+++ b/contrib/slapd-modules/radiusov/hmacmd5.c
@@ -53,20 +53,20 @@ hmac_md5_init(HMAC_MD5_CTX *context,
        md5_update(&tctx, key, key_len);
        md5_final(tk, &tctx);

-        bcopy(tk, context->key, 16);
+        memcpy(context->key, tk, 16);
        key_len = 16;
        }
    else
        {
        // Key is <= 64 bytes, so just copy it over.
-        bcopy(key, context->key, key_len);
+        memcpy(context->key, key, key_len);
        context->key_len = key_len;
        }

    /* start out by storing key in pads */
    uint8_t k_ipad[64];	   /* inner padding - key XORd with ipad */
-    bzero( k_ipad, sizeof(k_ipad));
-    bcopy( &context->key, k_ipad, context->key_len);
+    memset( k_ipad, 0, sizeof(k_ipad));
+    memcpy( k_ipad, &context->key, context->key_len);

    /* XOR key with ipad and opad values */
    for (int i = 0; i < 64; i++)
@@ -96,8 +96,8 @@ hmac_md5_final(	 HMAC_MD5_CTX *context,
                 uint8_t *digest)
    {
    uint8_t k_opad[64];	   /* outer padding - key XORd with opad */
-    bzero( k_opad, sizeof(k_opad));
-    bcopy( context->key, k_opad, context->key_len);
+    memset( k_opad, 0, sizeof(k_opad));
+    memcpy( k_opad, context->key, context->key_len);

    /* XOR key with ipad and opad values */
    for (int i = 0; i < 64; i++)

--- a/contrib/slapd-modules/radiusov/mschap.c
+++ b/contrib/slapd-modules/radiusov/mschap.c
@@ -44,8 +44,8 @@ ChallengeResponse(  uint8_t *Challenge,     //  8 bytes
    // See RFC2759 Section 8.5
    uint8_t ZPasswordHash [21];

-    bzero(ZPasswordHash, sizeof(ZPasswordHash));
-    bcopy(PasswordHash, ZPasswordHash, 16);
+    memset(ZPasswordHash, 0, sizeof(ZPasswordHash));
+    memcpy(ZPasswordHash, PasswordHash, 16);

    DesEncrypt( Challenge, ZPasswordHash+ 0, Response+ 0);
    DesEncrypt( Challenge, ZPasswordHash+ 7, Response+ 8);

--- a/contrib/slapd-modules/radiusov/radius.c
+++ b/contrib/slapd-modules/radiusov/radius.c
--- a/contrib/slapd-modules/radiusov/radiusov.h
+++ b/contrib/slapd-modules/radiusov/radiusov.h
@@ -61,7 +61,7 @@
 //                                    // that requests from outside the local
 //                                    server will be ignored.

-typedef struct _STATE_VOLATILES
+typedef struct _s_STATE_VOLATILES
    {
    struct _RADIUS_INFO       *radius_info;
    struct sockaddr_in        *client_addr;
@@ -70,47 +70,69 @@ typedef struct _STATE_VOLATILES
    struct _EAP_MESSAGE       *eap_message;
    } STATE_VOLATILES;

-typedef struct _STATE
+typedef struct _s_SIZED_BUFFER
+    {
+    uint8_t data[MAX_TLS_RECORD_SIZE];
+    ssize_t size;
+    } SIZED_BUFFER;
+
+typedef struct _s_STATE
    {
    // Copy of the RATV-State text for identifying the state
    char        state_identifier_text[IDENTIFIER_SIZE];

-    struct      _STATE *left;     // We maintain a doubly-linked list of states
-    struct      _STATE *right;
+    struct      _s_STATE *left;     // We maintain a doubly-linked list of states
+    struct      _s_STATE *right;

-    // Runs from zero to ciphertext_out.used when sending sequential
-    // RADIUS packets
-    size_t      dirty_bytes_sent_so_far;
    uint8_t     encrypted_message_id;
    char        username[MAXIMUM_USERNAME_CHARACTERS+1];
    uint8_t     challenge[CHAP_AUTHENTICATOR_CHALLENGE_SIZE];
    uint8_t     peer_nt_response[24];
    uint8_t     nthashhash[MD4_DIGEST_LENGTH];

-    // An MD5 challenge random sequence is sixteen bytes.
+    // An MD5 challenge random sequence is sixteen bytes. We save it in the
+    // STATE because it's needed in a couple of sequential packets
    uint8_t     md5_challenge[16];

    // Birthdate, in Unix epoch seconds, of this state.
    time_t      birthday;

+    // This is the OpenSSL object:
    SSL        *ssl;
+
+    // This is used by the ssl message callback to establish information
    TLS_INFO    info;

-    // These elements are used for sending/receiving TLS data
-    BIO         *inbound_bio;
-    BIO         *outbound_bio;
-    SSL_RECORD   ciphertext_in;    // Data EAP server receives from the client.
-    SSL_RECORD   cleartext_in;     // The decrypted ciphertext_in
+    // UDP packets are limited in size; we will keep the payload within a few
+    // bytes of the mtu (the term is borrowed from Maximum Transmission Unit)
+    // value here:
+    size_t       mtu;                // Current fragment size

-    SSL_RECORD   cleartext_out;    // Data the EAP server sends to the client
-    SSL_RECORD   ciphertext_out;   // The encrypted cleartext_out
+    // OpenSSL uses the BIO, the "Basic I/O abstraction" for encryption and
+    // decryption.

-    size_t       mtu;                // Current fragment size
+    // We collect incoming ciphertext in the ciphertext_in array until
+    // tls_record_in_recvd_len is equal to tls_record_expected_length.  At that
+    // point we move it to inbound_bio with BIO_write, and then SSL_read() is
+    // used to decrypt it.  The result is placed in cleartext_in

-    // The peer says the TLS data will be this long
+    // The peer says the incoming TLS data will be this long
    size_t       tls_record_expected_length;

-    // This is how much of thatwe've already read in
+    // For incoming data:
+    // comm-channel->ciphertext->inbound_bio->SSL_read()->cleartext
+    SIZED_BUFFER   ciphertext_in;    // Data EAP server receives from the client.
+    BIO         *inbound_bio;
+    SIZED_BUFFER   cleartext_in;     // The decrypted ciphertext_in
+
+    size_t      dirty_bytes_sent_so_far;
+    // For outgoing data:
+    // cleartext->SSL_write->outbound_bio->ciphertext->comm channel
+    SIZED_BUFFER   cleartext_out;    // Data the EAP server sends to the client
+    BIO         *outbound_bio;
+    SIZED_BUFFER   ciphertext_out;   // The encrypted cleartext_out
+
+    // This is how much of that we've already read in
    size_t       tls_record_in_recvd_len;

    char const  *keying_material_label;

--- a/contrib/slapd-modules/radiusov/tls.c
+++ b/contrib/slapd-modules/radiusov/tls.c
--- a/contrib/slapd-modules/radiusov/tls.h
+++ b/contrib/slapd-modules/radiusov/tls.h
@@ -22,23 +22,17 @@

 #define MAX_TLS_RECORD_SIZE 16384

-typedef struct _SSL_RECORD
-    {
-    uint8_t data[MAX_TLS_RECORD_SIZE];
-    ssize_t  used;
-    } SSL_RECORD;
-
 typedef struct _TLS_INFO
    {
-    int     origin;
+    int     write_p;
+    int     version;
    int     content_type;
-    uint8_t handshake_type;
+    size_t  record_len;
+
    uint8_t alert_level;
    uint8_t alert_description;
-    int     initialized;
+    uint8_t handshake_type;
    char    info_description[256];
-    size_t  record_len;
-    int     version;
    } TLS_INFO;

 typedef struct _SSL_CONFIGURATION
@@ -68,7 +62,7 @@ typedef struct _SSL_CONFIGURATION

    int tls_min_version;            // As of 2021-09-17, probably TLS1_2_VERSION
    int tls_max_version;            // As of 2021-09-17, probably TLS1_3_VERSION
-    //                              // or TLS_MAX_VERSION, or zero for 
+    //                              // or TLS_MAX_VERSION, or zero for
    //                              // "max supported by the library"
    int include_length;             // Always include the 4-byte length in the
    //                              // TLS header