Remove OpenSSL dependency from iscsid(8) and ctld(8).
Differential Revision: https://reviews.freebsd.org/D2866 Submitted by: Tony Morlan <tony at scroner.com> (earlier version) Reviewed by: bapt@, delphij@ MFC after: 1 month Sponsored by: The FreeBSD Foundation
This commit is contained in:
Edward Tomasz Napierala
parent
23902fd260
commit
424a3f57a2
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=285086
@ -10,7 +10,7 @@ CFLAGS+= -I${.CURDIR}/../../sys/dev/iscsi
|
||||
#CFLAGS+= -DICL_KERNEL_PROXY
|
||||
MAN= ctld.8 ctl.conf.5
|
||||
|
||||
LIBADD= bsdxml crypto l sbuf util
|
||||
LIBADD= bsdxml l md sbuf util
|
||||
|
||||
YFLAGS+= -v
|
||||
CLEANFILES= y.tab.c y.tab.h y.output
|
||||
|
||||
@ -32,12 +32,11 @@
|
||||
__FBSDID("$FreeBSD$");
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <netinet/in.h>
|
||||
#include <resolv.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <md5.h>
|
||||
|
||||
#include "ctld.h"
|
||||
|
||||
@ -47,17 +46,14 @@ chap_compute_md5(const char id, const char *secret,
|
||||
size_t response_len)
|
||||
{
|
||||
MD5_CTX ctx;
|
||||
int rv;
|
||||
|
||||
assert(response_len == MD5_DIGEST_LENGTH);
|
||||
assert(response_len == CHAP_DIGEST_LEN);
|
||||
|
||||
MD5_Init(&ctx);
|
||||
MD5_Update(&ctx, &id, sizeof(id));
|
||||
MD5_Update(&ctx, secret, strlen(secret));
|
||||
MD5_Update(&ctx, challenge, challenge_len);
|
||||
rv = MD5_Final(response, &ctx);
|
||||
if (rv != 1)
|
||||
log_errx(1, "MD5_Final");
|
||||
MD5Init(&ctx);
|
||||
MD5Update(&ctx, &id, sizeof(id));
|
||||
MD5Update(&ctx, secret, strlen(secret));
|
||||
MD5Update(&ctx, challenge, challenge_len);
|
||||
MD5Final(response, &ctx);
|
||||
}
|
||||
|
||||
static int
|
||||
@ -235,7 +231,6 @@ struct chap *
|
||||
chap_new(void)
|
||||
{
|
||||
struct chap *chap;
|
||||
int rv;
|
||||
|
||||
chap = calloc(sizeof(*chap), 1);
|
||||
if (chap == NULL)
|
||||
@ -244,16 +239,8 @@ chap_new(void)
|
||||
/*
|
||||
* Generate the challenge.
|
||||
*/
|
||||
rv = RAND_bytes(chap->chap_challenge, sizeof(chap->chap_challenge));
|
||||
if (rv != 1) {
|
||||
log_errx(1, "RAND_bytes failed: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
}
|
||||
rv = RAND_bytes(&chap->chap_id, sizeof(chap->chap_id));
|
||||
if (rv != 1) {
|
||||
log_errx(1, "RAND_bytes failed: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
}
|
||||
arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge));
|
||||
arc4random_buf(&chap->chap_id, sizeof(chap->chap_id));
|
||||
|
||||
return (chap);
|
||||
}
|
||||
@ -320,7 +307,7 @@ chap_receive(struct chap *chap, const char *response)
|
||||
int
|
||||
chap_authenticate(struct chap *chap, const char *secret)
|
||||
{
|
||||
char expected_response[MD5_DIGEST_LENGTH];
|
||||
char expected_response[CHAP_DIGEST_LEN];
|
||||
|
||||
chap_compute_md5(chap->chap_id, secret,
|
||||
chap->chap_challenge, sizeof(chap->chap_challenge),
|
||||
@ -397,7 +384,7 @@ rchap_get_response_bin(struct rchap *rchap,
|
||||
void **responsep, size_t *response_lenp)
|
||||
{
|
||||
void *response_bin;
|
||||
size_t response_bin_len = MD5_DIGEST_LENGTH;
|
||||
size_t response_bin_len = CHAP_DIGEST_LEN;
|
||||
|
||||
response_bin = calloc(response_bin_len, 1);
|
||||
if (response_bin == NULL)
|
||||
|
||||
@ -39,7 +39,6 @@
|
||||
#include <sys/socket.h>
|
||||
#include <stdbool.h>
|
||||
#include <libutil.h>
|
||||
#include <openssl/md5.h>
|
||||
|
||||
#define DEFAULT_CONFIG_PATH "/etc/ctl.conf"
|
||||
#define DEFAULT_PIDFILE "/var/run/ctld.pid"
|
||||
@ -263,11 +262,12 @@ struct keys {
|
||||
};
|
||||
|
||||
#define CHAP_CHALLENGE_LEN 1024
|
||||
#define CHAP_DIGEST_LEN 16 /* Equal to MD5 digest size. */
|
||||
|
||||
struct chap {
|
||||
unsigned char chap_id;
|
||||
char chap_challenge[CHAP_CHALLENGE_LEN];
|
||||
char chap_response[MD5_DIGEST_LENGTH];
|
||||
char chap_response[CHAP_DIGEST_LEN];
|
||||
};
|
||||
|
||||
struct rchap {
|
||||
|
||||
@ -8,7 +8,7 @@ CFLAGS+= -I${.CURDIR}/../../sys/dev/iscsi
|
||||
#CFLAGS+= -DICL_KERNEL_PROXY
|
||||
MAN= iscsid.8
|
||||
|
||||
LIBADD= crypto util
|
||||
LIBADD= md util
|
||||
|
||||
WARNS= 6
|
||||
|
||||
|
||||
@ -32,12 +32,11 @@
|
||||
__FBSDID("$FreeBSD$");
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <netinet/in.h>
|
||||
#include <resolv.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <md5.h>
|
||||
|
||||
#include "iscsid.h"
|
||||
|
||||
@ -47,17 +46,14 @@ chap_compute_md5(const char id, const char *secret,
|
||||
size_t response_len)
|
||||
{
|
||||
MD5_CTX ctx;
|
||||
int rv;
|
||||
|
||||
assert(response_len == MD5_DIGEST_LENGTH);
|
||||
assert(response_len == CHAP_DIGEST_LEN);
|
||||
|
||||
MD5_Init(&ctx);
|
||||
MD5_Update(&ctx, &id, sizeof(id));
|
||||
MD5_Update(&ctx, secret, strlen(secret));
|
||||
MD5_Update(&ctx, challenge, challenge_len);
|
||||
rv = MD5_Final(response, &ctx);
|
||||
if (rv != 1)
|
||||
log_errx(1, "MD5_Final");
|
||||
MD5Init(&ctx);
|
||||
MD5Update(&ctx, &id, sizeof(id));
|
||||
MD5Update(&ctx, secret, strlen(secret));
|
||||
MD5Update(&ctx, challenge, challenge_len);
|
||||
MD5Final(response, &ctx);
|
||||
}
|
||||
|
||||
static int
|
||||
@ -235,7 +231,6 @@ struct chap *
|
||||
chap_new(void)
|
||||
{
|
||||
struct chap *chap;
|
||||
int rv;
|
||||
|
||||
chap = calloc(sizeof(*chap), 1);
|
||||
if (chap == NULL)
|
||||
@ -244,16 +239,8 @@ chap_new(void)
|
||||
/*
|
||||
* Generate the challenge.
|
||||
*/
|
||||
rv = RAND_bytes(chap->chap_challenge, sizeof(chap->chap_challenge));
|
||||
if (rv != 1) {
|
||||
log_errx(1, "RAND_bytes failed: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
}
|
||||
rv = RAND_bytes(&chap->chap_id, sizeof(chap->chap_id));
|
||||
if (rv != 1) {
|
||||
log_errx(1, "RAND_bytes failed: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
}
|
||||
arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge));
|
||||
arc4random_buf(&chap->chap_id, sizeof(chap->chap_id));
|
||||
|
||||
return (chap);
|
||||
}
|
||||
@ -320,7 +307,7 @@ chap_receive(struct chap *chap, const char *response)
|
||||
int
|
||||
chap_authenticate(struct chap *chap, const char *secret)
|
||||
{
|
||||
char expected_response[MD5_DIGEST_LENGTH];
|
||||
char expected_response[CHAP_DIGEST_LEN];
|
||||
|
||||
chap_compute_md5(chap->chap_id, secret,
|
||||
chap->chap_challenge, sizeof(chap->chap_challenge),
|
||||
@ -397,7 +384,7 @@ rchap_get_response_bin(struct rchap *rchap,
|
||||
void **responsep, size_t *response_lenp)
|
||||
{
|
||||
void *response_bin;
|
||||
size_t response_bin_len = MD5_DIGEST_LENGTH;
|
||||
size_t response_bin_len = CHAP_DIGEST_LEN;
|
||||
|
||||
response_bin = calloc(response_bin_len, 1);
|
||||
if (response_bin == NULL)
|
||||
|
||||
@ -34,7 +34,6 @@
|
||||
|
||||
#include <stdbool.h>
|
||||
#include <stdint.h>
|
||||
#include <openssl/md5.h>
|
||||
|
||||
#include <iscsi_ioctl.h>
|
||||
|
||||
@ -83,11 +82,12 @@ struct keys {
|
||||
};
|
||||
|
||||
#define CHAP_CHALLENGE_LEN 1024
|
||||
#define CHAP_DIGEST_LEN 16 /* Equal to MD5 digest size. */
|
||||
|
||||
struct chap {
|
||||
unsigned char chap_id;
|
||||
char chap_challenge[CHAP_CHALLENGE_LEN];
|
||||
char chap_response[MD5_DIGEST_LENGTH];
|
||||
char chap_response[CHAP_DIGEST_LEN];
|
||||
};
|
||||
|
||||
struct rchap {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user