svn commit: r285086 - in head/usr.sbin: ctld iscsid
Edward Tomasz Napierala
trasz at FreeBSD.org
Fri Jul 3 10:08:12 UTC 2015
Author: trasz
Date: Fri Jul 3 10:08:10 2015
New Revision: 285086
URL: https://svnweb.freebsd.org/changeset/base/285086
Log:
Remove OpenSSL dependency from iscsid(8) and ctld(8).
Differential Revision: https://reviews.freebsd.org/D2866
Submitted by: Tony Morlan <tony at scroner.com> (earlier version)
Reviewed by: bapt@, delphij@
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Modified:
head/usr.sbin/ctld/Makefile
head/usr.sbin/ctld/chap.c
head/usr.sbin/ctld/ctld.h
head/usr.sbin/iscsid/Makefile
head/usr.sbin/iscsid/chap.c
head/usr.sbin/iscsid/iscsid.h
Modified: head/usr.sbin/ctld/Makefile
==============================================================================
--- head/usr.sbin/ctld/Makefile Fri Jul 3 10:04:41 2015 (r285085)
+++ head/usr.sbin/ctld/Makefile Fri Jul 3 10:08:10 2015 (r285086)
@@ -10,7 +10,7 @@ CFLAGS+= -I${.CURDIR}/../../sys/dev/iscs
#CFLAGS+= -DICL_KERNEL_PROXY
MAN= ctld.8 ctl.conf.5
-LIBADD= bsdxml crypto l sbuf util
+LIBADD= bsdxml l md sbuf util
YFLAGS+= -v
CLEANFILES= y.tab.c y.tab.h y.output
Modified: head/usr.sbin/ctld/chap.c
==============================================================================
--- head/usr.sbin/ctld/chap.c Fri Jul 3 10:04:41 2015 (r285085)
+++ head/usr.sbin/ctld/chap.c Fri Jul 3 10:08:10 2015 (r285086)
@@ -32,12 +32,11 @@
__FBSDID("$FreeBSD$");
#include <assert.h>
+#include <stdlib.h>
#include <string.h>
#include <netinet/in.h>
#include <resolv.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
+#include <md5.h>
#include "ctld.h"
@@ -47,17 +46,14 @@ chap_compute_md5(const char id, const ch
size_t response_len)
{
MD5_CTX ctx;
- int rv;
- assert(response_len == MD5_DIGEST_LENGTH);
+ assert(response_len == CHAP_DIGEST_LEN);
- MD5_Init(&ctx);
- MD5_Update(&ctx, &id, sizeof(id));
- MD5_Update(&ctx, secret, strlen(secret));
- MD5_Update(&ctx, challenge, challenge_len);
- rv = MD5_Final(response, &ctx);
- if (rv != 1)
- log_errx(1, "MD5_Final");
+ MD5Init(&ctx);
+ MD5Update(&ctx, &id, sizeof(id));
+ MD5Update(&ctx, secret, strlen(secret));
+ MD5Update(&ctx, challenge, challenge_len);
+ MD5Final(response, &ctx);
}
static int
@@ -235,7 +231,6 @@ struct chap *
chap_new(void)
{
struct chap *chap;
- int rv;
chap = calloc(sizeof(*chap), 1);
if (chap == NULL)
@@ -244,16 +239,8 @@ chap_new(void)
/*
* Generate the challenge.
*/
- rv = RAND_bytes(chap->chap_challenge, sizeof(chap->chap_challenge));
- if (rv != 1) {
- log_errx(1, "RAND_bytes failed: %s",
- ERR_error_string(ERR_get_error(), NULL));
- }
- rv = RAND_bytes(&chap->chap_id, sizeof(chap->chap_id));
- if (rv != 1) {
- log_errx(1, "RAND_bytes failed: %s",
- ERR_error_string(ERR_get_error(), NULL));
- }
+ arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge));
+ arc4random_buf(&chap->chap_id, sizeof(chap->chap_id));
return (chap);
}
@@ -320,7 +307,7 @@ chap_receive(struct chap *chap, const ch
int
chap_authenticate(struct chap *chap, const char *secret)
{
- char expected_response[MD5_DIGEST_LENGTH];
+ char expected_response[CHAP_DIGEST_LEN];
chap_compute_md5(chap->chap_id, secret,
chap->chap_challenge, sizeof(chap->chap_challenge),
@@ -397,7 +384,7 @@ rchap_get_response_bin(struct rchap *rch
void **responsep, size_t *response_lenp)
{
void *response_bin;
- size_t response_bin_len = MD5_DIGEST_LENGTH;
+ size_t response_bin_len = CHAP_DIGEST_LEN;
response_bin = calloc(response_bin_len, 1);
if (response_bin == NULL)
Modified: head/usr.sbin/ctld/ctld.h
==============================================================================
--- head/usr.sbin/ctld/ctld.h Fri Jul 3 10:04:41 2015 (r285085)
+++ head/usr.sbin/ctld/ctld.h Fri Jul 3 10:08:10 2015 (r285086)
@@ -39,7 +39,6 @@
#include <sys/socket.h>
#include <stdbool.h>
#include <libutil.h>
-#include <openssl/md5.h>
#define DEFAULT_CONFIG_PATH "/etc/ctl.conf"
#define DEFAULT_PIDFILE "/var/run/ctld.pid"
@@ -263,11 +262,12 @@ struct keys {
};
#define CHAP_CHALLENGE_LEN 1024
+#define CHAP_DIGEST_LEN 16 /* Equal to MD5 digest size. */
struct chap {
unsigned char chap_id;
char chap_challenge[CHAP_CHALLENGE_LEN];
- char chap_response[MD5_DIGEST_LENGTH];
+ char chap_response[CHAP_DIGEST_LEN];
};
struct rchap {
Modified: head/usr.sbin/iscsid/Makefile
==============================================================================
--- head/usr.sbin/iscsid/Makefile Fri Jul 3 10:04:41 2015 (r285085)
+++ head/usr.sbin/iscsid/Makefile Fri Jul 3 10:08:10 2015 (r285086)
@@ -8,7 +8,7 @@ CFLAGS+= -I${.CURDIR}/../../sys/dev/iscs
#CFLAGS+= -DICL_KERNEL_PROXY
MAN= iscsid.8
-LIBADD= crypto util
+LIBADD= md util
WARNS= 6
Modified: head/usr.sbin/iscsid/chap.c
==============================================================================
--- head/usr.sbin/iscsid/chap.c Fri Jul 3 10:04:41 2015 (r285085)
+++ head/usr.sbin/iscsid/chap.c Fri Jul 3 10:08:10 2015 (r285086)
@@ -32,12 +32,11 @@
__FBSDID("$FreeBSD$");
#include <assert.h>
+#include <stdlib.h>
#include <string.h>
#include <netinet/in.h>
#include <resolv.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
+#include <md5.h>
#include "iscsid.h"
@@ -47,17 +46,14 @@ chap_compute_md5(const char id, const ch
size_t response_len)
{
MD5_CTX ctx;
- int rv;
- assert(response_len == MD5_DIGEST_LENGTH);
+ assert(response_len == CHAP_DIGEST_LEN);
- MD5_Init(&ctx);
- MD5_Update(&ctx, &id, sizeof(id));
- MD5_Update(&ctx, secret, strlen(secret));
- MD5_Update(&ctx, challenge, challenge_len);
- rv = MD5_Final(response, &ctx);
- if (rv != 1)
- log_errx(1, "MD5_Final");
+ MD5Init(&ctx);
+ MD5Update(&ctx, &id, sizeof(id));
+ MD5Update(&ctx, secret, strlen(secret));
+ MD5Update(&ctx, challenge, challenge_len);
+ MD5Final(response, &ctx);
}
static int
@@ -235,7 +231,6 @@ struct chap *
chap_new(void)
{
struct chap *chap;
- int rv;
chap = calloc(sizeof(*chap), 1);
if (chap == NULL)
@@ -244,16 +239,8 @@ chap_new(void)
/*
* Generate the challenge.
*/
- rv = RAND_bytes(chap->chap_challenge, sizeof(chap->chap_challenge));
- if (rv != 1) {
- log_errx(1, "RAND_bytes failed: %s",
- ERR_error_string(ERR_get_error(), NULL));
- }
- rv = RAND_bytes(&chap->chap_id, sizeof(chap->chap_id));
- if (rv != 1) {
- log_errx(1, "RAND_bytes failed: %s",
- ERR_error_string(ERR_get_error(), NULL));
- }
+ arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge));
+ arc4random_buf(&chap->chap_id, sizeof(chap->chap_id));
return (chap);
}
@@ -320,7 +307,7 @@ chap_receive(struct chap *chap, const ch
int
chap_authenticate(struct chap *chap, const char *secret)
{
- char expected_response[MD5_DIGEST_LENGTH];
+ char expected_response[CHAP_DIGEST_LEN];
chap_compute_md5(chap->chap_id, secret,
chap->chap_challenge, sizeof(chap->chap_challenge),
@@ -397,7 +384,7 @@ rchap_get_response_bin(struct rchap *rch
void **responsep, size_t *response_lenp)
{
void *response_bin;
- size_t response_bin_len = MD5_DIGEST_LENGTH;
+ size_t response_bin_len = CHAP_DIGEST_LEN;
response_bin = calloc(response_bin_len, 1);
if (response_bin == NULL)
Modified: head/usr.sbin/iscsid/iscsid.h
==============================================================================
--- head/usr.sbin/iscsid/iscsid.h Fri Jul 3 10:04:41 2015 (r285085)
+++ head/usr.sbin/iscsid/iscsid.h Fri Jul 3 10:08:10 2015 (r285086)
@@ -34,7 +34,6 @@
#include <stdbool.h>
#include <stdint.h>
-#include <openssl/md5.h>
#include <iscsi_ioctl.h>
@@ -83,11 +82,12 @@ struct keys {
};
#define CHAP_CHALLENGE_LEN 1024
+#define CHAP_DIGEST_LEN 16 /* Equal to MD5 digest size. */
struct chap {
unsigned char chap_id;
char chap_challenge[CHAP_CHALLENGE_LEN];
- char chap_response[MD5_DIGEST_LENGTH];
+ char chap_response[CHAP_DIGEST_LEN];
};
struct rchap {
More information about the svn-src-head
mailing list