Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 3 Jul 2015 10:08:11 +0000 (UTC)
From:      Edward Tomasz Napierala <trasz@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r285086 - in head/usr.sbin: ctld iscsid
Message-ID:  <201507031008.t63A8BPj007621@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: trasz
Date: Fri Jul  3 10:08:10 2015
New Revision: 285086
URL: https://svnweb.freebsd.org/changeset/base/285086

Log:
  Remove OpenSSL dependency from iscsid(8) and ctld(8).
  
  Differential Revision:	https://reviews.freebsd.org/D2866
  Submitted by:	Tony Morlan <tony at scroner.com> (earlier version)
  Reviewed by:	bapt@, delphij@
  MFC after:	1 month
  Sponsored by:	The FreeBSD Foundation

Modified:
  head/usr.sbin/ctld/Makefile
  head/usr.sbin/ctld/chap.c
  head/usr.sbin/ctld/ctld.h
  head/usr.sbin/iscsid/Makefile
  head/usr.sbin/iscsid/chap.c
  head/usr.sbin/iscsid/iscsid.h

Modified: head/usr.sbin/ctld/Makefile
==============================================================================
--- head/usr.sbin/ctld/Makefile	Fri Jul  3 10:04:41 2015	(r285085)
+++ head/usr.sbin/ctld/Makefile	Fri Jul  3 10:08:10 2015	(r285086)
@@ -10,7 +10,7 @@ CFLAGS+=	-I${.CURDIR}/../../sys/dev/iscs
 #CFLAGS+=	-DICL_KERNEL_PROXY
 MAN=		ctld.8 ctl.conf.5
 
-LIBADD=		bsdxml crypto l sbuf util
+LIBADD=		bsdxml l md sbuf util
 
 YFLAGS+=	-v
 CLEANFILES=	y.tab.c y.tab.h y.output

Modified: head/usr.sbin/ctld/chap.c
==============================================================================
--- head/usr.sbin/ctld/chap.c	Fri Jul  3 10:04:41 2015	(r285085)
+++ head/usr.sbin/ctld/chap.c	Fri Jul  3 10:08:10 2015	(r285086)
@@ -32,12 +32,11 @@
 __FBSDID("$FreeBSD$");
 
 #include <assert.h>
+#include <stdlib.h>
 #include <string.h>
 #include <netinet/in.h>
 #include <resolv.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
+#include <md5.h>
 
 #include "ctld.h"
 
@@ -47,17 +46,14 @@ chap_compute_md5(const char id, const ch
     size_t response_len)
 {
 	MD5_CTX ctx;
-	int rv;
 
-	assert(response_len == MD5_DIGEST_LENGTH);
+	assert(response_len == CHAP_DIGEST_LEN);
 
-	MD5_Init(&ctx);
-	MD5_Update(&ctx, &id, sizeof(id));
-	MD5_Update(&ctx, secret, strlen(secret));
-	MD5_Update(&ctx, challenge, challenge_len);
-	rv = MD5_Final(response, &ctx);
-	if (rv != 1)
-		log_errx(1, "MD5_Final");
+	MD5Init(&ctx);
+	MD5Update(&ctx, &id, sizeof(id));
+	MD5Update(&ctx, secret, strlen(secret));
+	MD5Update(&ctx, challenge, challenge_len);
+	MD5Final(response, &ctx);
 }
 
 static int
@@ -235,7 +231,6 @@ struct chap *
 chap_new(void)
 {
 	struct chap *chap;
-	int rv;
 
 	chap = calloc(sizeof(*chap), 1);
 	if (chap == NULL)
@@ -244,16 +239,8 @@ chap_new(void)
 	/*
 	 * Generate the challenge.
 	 */
-	rv = RAND_bytes(chap->chap_challenge, sizeof(chap->chap_challenge));
-	if (rv != 1) {
-		log_errx(1, "RAND_bytes failed: %s",
-		    ERR_error_string(ERR_get_error(), NULL));
-	}
-	rv = RAND_bytes(&chap->chap_id, sizeof(chap->chap_id));
-	if (rv != 1) {
-		log_errx(1, "RAND_bytes failed: %s",
-		    ERR_error_string(ERR_get_error(), NULL));
-	}
+	arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge));
+	arc4random_buf(&chap->chap_id, sizeof(chap->chap_id));
 
 	return (chap);
 }
@@ -320,7 +307,7 @@ chap_receive(struct chap *chap, const ch
 int
 chap_authenticate(struct chap *chap, const char *secret)
 {
-	char expected_response[MD5_DIGEST_LENGTH];
+	char expected_response[CHAP_DIGEST_LEN];
 
 	chap_compute_md5(chap->chap_id, secret,
 	    chap->chap_challenge, sizeof(chap->chap_challenge),
@@ -397,7 +384,7 @@ rchap_get_response_bin(struct rchap *rch
     void **responsep, size_t *response_lenp)
 {
 	void *response_bin;
-	size_t response_bin_len = MD5_DIGEST_LENGTH;
+	size_t response_bin_len = CHAP_DIGEST_LEN;
 
 	response_bin = calloc(response_bin_len, 1);
 	if (response_bin == NULL)

Modified: head/usr.sbin/ctld/ctld.h
==============================================================================
--- head/usr.sbin/ctld/ctld.h	Fri Jul  3 10:04:41 2015	(r285085)
+++ head/usr.sbin/ctld/ctld.h	Fri Jul  3 10:08:10 2015	(r285086)
@@ -39,7 +39,6 @@
 #include <sys/socket.h>
 #include <stdbool.h>
 #include <libutil.h>
-#include <openssl/md5.h>
 
 #define	DEFAULT_CONFIG_PATH		"/etc/ctl.conf"
 #define	DEFAULT_PIDFILE			"/var/run/ctld.pid"
@@ -263,11 +262,12 @@ struct keys {
 };
 
 #define	CHAP_CHALLENGE_LEN	1024
+#define	CHAP_DIGEST_LEN		16 /* Equal to MD5 digest size. */
 
 struct chap {
 	unsigned char	chap_id;
 	char		chap_challenge[CHAP_CHALLENGE_LEN];
-	char		chap_response[MD5_DIGEST_LENGTH];
+	char		chap_response[CHAP_DIGEST_LEN];
 };
 
 struct rchap {

Modified: head/usr.sbin/iscsid/Makefile
==============================================================================
--- head/usr.sbin/iscsid/Makefile	Fri Jul  3 10:04:41 2015	(r285085)
+++ head/usr.sbin/iscsid/Makefile	Fri Jul  3 10:08:10 2015	(r285086)
@@ -8,7 +8,7 @@ CFLAGS+=	-I${.CURDIR}/../../sys/dev/iscs
 #CFLAGS+=	-DICL_KERNEL_PROXY
 MAN=		iscsid.8
 
-LIBADD=		crypto util
+LIBADD=		md util
 
 WARNS=		6
 

Modified: head/usr.sbin/iscsid/chap.c
==============================================================================
--- head/usr.sbin/iscsid/chap.c	Fri Jul  3 10:04:41 2015	(r285085)
+++ head/usr.sbin/iscsid/chap.c	Fri Jul  3 10:08:10 2015	(r285086)
@@ -32,12 +32,11 @@
 __FBSDID("$FreeBSD$");
 
 #include <assert.h>
+#include <stdlib.h>
 #include <string.h>
 #include <netinet/in.h>
 #include <resolv.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
+#include <md5.h>
 
 #include "iscsid.h"
 
@@ -47,17 +46,14 @@ chap_compute_md5(const char id, const ch
     size_t response_len)
 {
 	MD5_CTX ctx;
-	int rv;
 
-	assert(response_len == MD5_DIGEST_LENGTH);
+	assert(response_len == CHAP_DIGEST_LEN);
 
-	MD5_Init(&ctx);
-	MD5_Update(&ctx, &id, sizeof(id));
-	MD5_Update(&ctx, secret, strlen(secret));
-	MD5_Update(&ctx, challenge, challenge_len);
-	rv = MD5_Final(response, &ctx);
-	if (rv != 1)
-		log_errx(1, "MD5_Final");
+	MD5Init(&ctx);
+	MD5Update(&ctx, &id, sizeof(id));
+	MD5Update(&ctx, secret, strlen(secret));
+	MD5Update(&ctx, challenge, challenge_len);
+	MD5Final(response, &ctx);
 }
 
 static int
@@ -235,7 +231,6 @@ struct chap *
 chap_new(void)
 {
 	struct chap *chap;
-	int rv;
 
 	chap = calloc(sizeof(*chap), 1);
 	if (chap == NULL)
@@ -244,16 +239,8 @@ chap_new(void)
 	/*
 	 * Generate the challenge.
 	 */
-	rv = RAND_bytes(chap->chap_challenge, sizeof(chap->chap_challenge));
-	if (rv != 1) {
-		log_errx(1, "RAND_bytes failed: %s",
-		    ERR_error_string(ERR_get_error(), NULL));
-	}
-	rv = RAND_bytes(&chap->chap_id, sizeof(chap->chap_id));
-	if (rv != 1) {
-		log_errx(1, "RAND_bytes failed: %s",
-		    ERR_error_string(ERR_get_error(), NULL));
-	}
+	arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge));
+	arc4random_buf(&chap->chap_id, sizeof(chap->chap_id));
 
 	return (chap);
 }
@@ -320,7 +307,7 @@ chap_receive(struct chap *chap, const ch
 int
 chap_authenticate(struct chap *chap, const char *secret)
 {
-	char expected_response[MD5_DIGEST_LENGTH];
+	char expected_response[CHAP_DIGEST_LEN];
 
 	chap_compute_md5(chap->chap_id, secret,
 	    chap->chap_challenge, sizeof(chap->chap_challenge),
@@ -397,7 +384,7 @@ rchap_get_response_bin(struct rchap *rch
     void **responsep, size_t *response_lenp)
 {
 	void *response_bin;
-	size_t response_bin_len = MD5_DIGEST_LENGTH;
+	size_t response_bin_len = CHAP_DIGEST_LEN;
 
 	response_bin = calloc(response_bin_len, 1);
 	if (response_bin == NULL)

Modified: head/usr.sbin/iscsid/iscsid.h
==============================================================================
--- head/usr.sbin/iscsid/iscsid.h	Fri Jul  3 10:04:41 2015	(r285085)
+++ head/usr.sbin/iscsid/iscsid.h	Fri Jul  3 10:08:10 2015	(r285086)
@@ -34,7 +34,6 @@
 
 #include <stdbool.h>
 #include <stdint.h>
-#include <openssl/md5.h>
 
 #include <iscsi_ioctl.h>
 
@@ -83,11 +82,12 @@ struct keys {
 };
 
 #define	CHAP_CHALLENGE_LEN	1024
+#define	CHAP_DIGEST_LEN		16 /* Equal to MD5 digest size. */
 
 struct chap {
 	unsigned char	chap_id;
 	char		chap_challenge[CHAP_CHALLENGE_LEN];
-	char		chap_response[MD5_DIGEST_LENGTH];
+	char		chap_response[CHAP_DIGEST_LEN];
 };
 
 struct rchap {



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507031008.t63A8BPj007621>