Author: trasz
Date: Mon Aug 3 07:20:33 2015
New Revision: 286219
URL: https://svnweb.freebsd.org/changeset/base/286219
Log:
MFC r285086:
Remove OpenSSL dependency from iscsid(8) and ctld(8).
Sponsored by: The FreeBSD Foundation
Modified:
stable/10/usr.sbin/ctld/Makefile
stable/10/usr.sbin/ctld/chap.c
stable/10/usr.sbin/ctld/ctld.h
stable/10/usr.sbin/iscsid/Makefile
stable/10/usr.sbin/iscsid/chap.c
stable/10/usr.sbin/iscsid/iscsid.h
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/usr.sbin/ctld/Makefile
==============================================================================
--- stable/10/usr.sbin/ctld/Makefile Mon Aug 3 06:06:56 2015
(r286218)
+++ stable/10/usr.sbin/ctld/Makefile Mon Aug 3 07:20:33 2015
(r286219)
@@ -10,8 +10,8 @@ CFLAGS+= -I${.CURDIR}/../../sys/dev/iscs
#CFLAGS+= -DICL_KERNEL_PROXY
MAN= ctld.8 ctl.conf.5
-DPADD= ${LIBBSDXML} ${LIBCRYPTO} ${LIBL} ${LIBSBUF} ${LIBUTIL}
-LDADD= -lbsdxml -lcrypto -ll -lsbuf -lutil
+DPADD= ${LIBBSDXML} ${LIBL} ${LIBMD} ${LIBSBUF} ${LIBUTIL}
+LDADD= -lbsdxml -ll -lmd -lsbuf -lutil
YFLAGS+= -v
CLEANFILES= y.tab.c y.tab.h y.output
Modified: stable/10/usr.sbin/ctld/chap.c
==============================================================================
--- stable/10/usr.sbin/ctld/chap.c Mon Aug 3 06:06:56 2015
(r286218)
+++ stable/10/usr.sbin/ctld/chap.c Mon Aug 3 07:20:33 2015
(r286219)
@@ -32,12 +32,11 @@
__FBSDID("$FreeBSD$");
#include <assert.h>
+#include <stdlib.h>
#include <string.h>
#include <netinet/in.h>
#include <resolv.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
+#include <md5.h>
#include "ctld.h"
@@ -47,17 +46,14 @@ chap_compute_md5(const char id, const ch
size_t response_len)
{
MD5_CTX ctx;
- int rv;
- assert(response_len == MD5_DIGEST_LENGTH);
+ assert(response_len == CHAP_DIGEST_LEN);
- MD5_Init(&ctx);
- MD5_Update(&ctx, &id, sizeof(id));
- MD5_Update(&ctx, secret, strlen(secret));
- MD5_Update(&ctx, challenge, challenge_len);
- rv = MD5_Final(response, &ctx);
- if (rv != 1)
- log_errx(1, "MD5_Final");
+ MD5Init(&ctx);
+ MD5Update(&ctx, &id, sizeof(id));
+ MD5Update(&ctx, secret, strlen(secret));
+ MD5Update(&ctx, challenge, challenge_len);
+ MD5Final(response, &ctx);
}
static int
@@ -235,7 +231,6 @@ struct chap *
chap_new(void)
{
struct chap *chap;
- int rv;
chap = calloc(sizeof(*chap), 1);
if (chap == NULL)
@@ -244,16 +239,8 @@ chap_new(void)
/*
* Generate the challenge.
*/
- rv = RAND_bytes(chap->chap_challenge, sizeof(chap->chap_challenge));
- if (rv != 1) {
- log_errx(1, "RAND_bytes failed: %s",
- ERR_error_string(ERR_get_error(), NULL));
- }
- rv = RAND_bytes(&chap->chap_id, sizeof(chap->chap_id));
- if (rv != 1) {
- log_errx(1, "RAND_bytes failed: %s",
- ERR_error_string(ERR_get_error(), NULL));
- }
+ arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge));
+ arc4random_buf(&chap->chap_id, sizeof(chap->chap_id));
return (chap);
}
@@ -320,7 +307,7 @@ chap_receive(struct chap *chap, const ch
int
chap_authenticate(struct chap *chap, const char *secret)
{
- char expected_response[MD5_DIGEST_LENGTH];
+ char expected_response[CHAP_DIGEST_LEN];
chap_compute_md5(chap->chap_id, secret,
chap->chap_challenge, sizeof(chap->chap_challenge),
@@ -397,7 +384,7 @@ rchap_get_response_bin(struct rchap *rch
void **responsep, size_t *response_lenp)
{
void *response_bin;
- size_t response_bin_len = MD5_DIGEST_LENGTH;
+ size_t response_bin_len = CHAP_DIGEST_LEN;
response_bin = calloc(response_bin_len, 1);
if (response_bin == NULL)
Modified: stable/10/usr.sbin/ctld/ctld.h
==============================================================================
--- stable/10/usr.sbin/ctld/ctld.h Mon Aug 3 06:06:56 2015
(r286218)
+++ stable/10/usr.sbin/ctld/ctld.h Mon Aug 3 07:20:33 2015
(r286219)
@@ -39,7 +39,6 @@
#include <sys/socket.h>
#include <stdbool.h>
#include <libutil.h>
-#include <openssl/md5.h>
#define DEFAULT_CONFIG_PATH "/etc/ctl.conf"
#define DEFAULT_PIDFILE "/var/run/ctld.pid"
@@ -261,11 +260,12 @@ struct keys {
};
#define CHAP_CHALLENGE_LEN 1024
+#define CHAP_DIGEST_LEN 16 /* Equal to MD5 digest size. */
struct chap {
unsigned char chap_id;
char chap_challenge[CHAP_CHALLENGE_LEN];
- char chap_response[MD5_DIGEST_LENGTH];
+ char chap_response[CHAP_DIGEST_LEN];
};
struct rchap {
Modified: stable/10/usr.sbin/iscsid/Makefile
==============================================================================
--- stable/10/usr.sbin/iscsid/Makefile Mon Aug 3 06:06:56 2015
(r286218)
+++ stable/10/usr.sbin/iscsid/Makefile Mon Aug 3 07:20:33 2015
(r286219)
@@ -8,8 +8,8 @@ CFLAGS+= -I${.CURDIR}/../../sys/dev/iscs
#CFLAGS+= -DICL_KERNEL_PROXY
MAN= iscsid.8
-DPADD= ${LIBCRYPTO} ${LIBSSL} ${LIBUTIL}
-LDADD= -lcrypto -lssl -lutil
+DPADD= ${LIBMD} ${LIBUTIL}
+LDADD= -lmd -lutil
WARNS= 6
Modified: stable/10/usr.sbin/iscsid/chap.c
==============================================================================
--- stable/10/usr.sbin/iscsid/chap.c Mon Aug 3 06:06:56 2015
(r286218)
+++ stable/10/usr.sbin/iscsid/chap.c Mon Aug 3 07:20:33 2015
(r286219)
@@ -32,12 +32,11 @@
__FBSDID("$FreeBSD$");
#include <assert.h>
+#include <stdlib.h>
#include <string.h>
#include <netinet/in.h>
#include <resolv.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
+#include <md5.h>
#include "iscsid.h"
@@ -47,17 +46,14 @@ chap_compute_md5(const char id, const ch
size_t response_len)
{
MD5_CTX ctx;
- int rv;
- assert(response_len == MD5_DIGEST_LENGTH);
+ assert(response_len == CHAP_DIGEST_LEN);
- MD5_Init(&ctx);
- MD5_Update(&ctx, &id, sizeof(id));
- MD5_Update(&ctx, secret, strlen(secret));
- MD5_Update(&ctx, challenge, challenge_len);
- rv = MD5_Final(response, &ctx);
- if (rv != 1)
- log_errx(1, "MD5_Final");
+ MD5Init(&ctx);
+ MD5Update(&ctx, &id, sizeof(id));
+ MD5Update(&ctx, secret, strlen(secret));
+ MD5Update(&ctx, challenge, challenge_len);
+ MD5Final(response, &ctx);
}
static int
@@ -235,7 +231,6 @@ struct chap *
chap_new(void)
{
struct chap *chap;
- int rv;
chap = calloc(sizeof(*chap), 1);
if (chap == NULL)
@@ -244,16 +239,8 @@ chap_new(void)
/*
* Generate the challenge.
*/
- rv = RAND_bytes(chap->chap_challenge, sizeof(chap->chap_challenge));
- if (rv != 1) {
- log_errx(1, "RAND_bytes failed: %s",
- ERR_error_string(ERR_get_error(), NULL));
- }
- rv = RAND_bytes(&chap->chap_id, sizeof(chap->chap_id));
- if (rv != 1) {
- log_errx(1, "RAND_bytes failed: %s",
- ERR_error_string(ERR_get_error(), NULL));
- }
+ arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge));
+ arc4random_buf(&chap->chap_id, sizeof(chap->chap_id));
return (chap);
}
@@ -320,7 +307,7 @@ chap_receive(struct chap *chap, const ch
int
chap_authenticate(struct chap *chap, const char *secret)
{
- char expected_response[MD5_DIGEST_LENGTH];
+ char expected_response[CHAP_DIGEST_LEN];
chap_compute_md5(chap->chap_id, secret,
chap->chap_challenge, sizeof(chap->chap_challenge),
@@ -397,7 +384,7 @@ rchap_get_response_bin(struct rchap *rch
void **responsep, size_t *response_lenp)
{
void *response_bin;
- size_t response_bin_len = MD5_DIGEST_LENGTH;
+ size_t response_bin_len = CHAP_DIGEST_LEN;
response_bin = calloc(response_bin_len, 1);
if (response_bin == NULL)
Modified: stable/10/usr.sbin/iscsid/iscsid.h
==============================================================================
--- stable/10/usr.sbin/iscsid/iscsid.h Mon Aug 3 06:06:56 2015
(r286218)
+++ stable/10/usr.sbin/iscsid/iscsid.h Mon Aug 3 07:20:33 2015
(r286219)
@@ -34,7 +34,6 @@
#include <stdbool.h>
#include <stdint.h>
-#include <openssl/md5.h>
#include <iscsi_ioctl.h>
@@ -82,11 +81,12 @@ struct keys {
};
#define CHAP_CHALLENGE_LEN 1024
+#define CHAP_DIGEST_LEN 16 /* Equal to MD5 digest size. */
struct chap {
unsigned char chap_id;
char chap_challenge[CHAP_CHALLENGE_LEN];
- char chap_response[MD5_DIGEST_LENGTH];
+ char chap_response[CHAP_DIGEST_LEN];
};
struct rchap {
_______________________________________________
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"
