diff options
| author | trasz <trasz@FreeBSD.org> | 2015-08-03 07:20:33 +0000 |
|---|---|---|
| committer | trasz <trasz@FreeBSD.org> | 2015-08-03 07:20:33 +0000 |
| commit | 5e028ab6e60d7a78f4fb2f1e0e075837aefaa1c6 (patch) | |
| tree | 8e0fb1ace990b3ed351f18401cf7a154f3bcc849 /usr.sbin | |
| parent | fb8c9f39f40cc1e9b1d05118c7ab9b98ca6fe05c (diff) | |
| download | FreeBSD-src-5e028ab6e60d7a78f4fb2f1e0e075837aefaa1c6.zip FreeBSD-src-5e028ab6e60d7a78f4fb2f1e0e075837aefaa1c6.tar.gz | |
MFC r285086:
Remove OpenSSL dependency from iscsid(8) and ctld(8).
Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/ctld/Makefile | 4 | ||||
| -rw-r--r-- | usr.sbin/ctld/chap.c | 37 | ||||
| -rw-r--r-- | usr.sbin/ctld/ctld.h | 4 | ||||
| -rw-r--r-- | usr.sbin/iscsid/Makefile | 4 | ||||
| -rw-r--r-- | usr.sbin/iscsid/chap.c | 37 | ||||
| -rw-r--r-- | usr.sbin/iscsid/iscsid.h | 4 |
6 files changed, 32 insertions, 58 deletions
diff --git a/usr.sbin/ctld/Makefile b/usr.sbin/ctld/Makefile index 149ae39..20ed594 100644 --- a/usr.sbin/ctld/Makefile +++ b/usr.sbin/ctld/Makefile @@ -10,8 +10,8 @@ CFLAGS+= -I${.CURDIR}/../../sys/dev/iscsi #CFLAGS+= -DICL_KERNEL_PROXY MAN= ctld.8 ctl.conf.5 -DPADD= ${LIBBSDXML} ${LIBCRYPTO} ${LIBL} ${LIBSBUF} ${LIBUTIL} -LDADD= -lbsdxml -lcrypto -ll -lsbuf -lutil +DPADD= ${LIBBSDXML} ${LIBL} ${LIBMD} ${LIBSBUF} ${LIBUTIL} +LDADD= -lbsdxml -ll -lmd -lsbuf -lutil YFLAGS+= -v CLEANFILES= y.tab.c y.tab.h y.output diff --git a/usr.sbin/ctld/chap.c b/usr.sbin/ctld/chap.c index 0678a77..2120350 100644 --- a/usr.sbin/ctld/chap.c +++ b/usr.sbin/ctld/chap.c @@ -32,12 +32,11 @@ __FBSDID("$FreeBSD$"); #include <assert.h> +#include <stdlib.h> #include <string.h> #include <netinet/in.h> #include <resolv.h> -#include <openssl/err.h> -#include <openssl/md5.h> -#include <openssl/rand.h> +#include <md5.h> #include "ctld.h" @@ -47,17 +46,14 @@ chap_compute_md5(const char id, const char *secret, size_t response_len) { MD5_CTX ctx; - int rv; - assert(response_len == MD5_DIGEST_LENGTH); + assert(response_len == CHAP_DIGEST_LEN); - MD5_Init(&ctx); - MD5_Update(&ctx, &id, sizeof(id)); - MD5_Update(&ctx, secret, strlen(secret)); - MD5_Update(&ctx, challenge, challenge_len); - rv = MD5_Final(response, &ctx); - if (rv != 1) - log_errx(1, "MD5_Final"); + MD5Init(&ctx); + MD5Update(&ctx, &id, sizeof(id)); + MD5Update(&ctx, secret, strlen(secret)); + MD5Update(&ctx, challenge, challenge_len); + MD5Final(response, &ctx); } static int @@ -235,7 +231,6 @@ struct chap * chap_new(void) { struct chap *chap; - int rv; chap = calloc(sizeof(*chap), 1); if (chap == NULL) @@ -244,16 +239,8 @@ chap_new(void) /* * Generate the challenge. */ - rv = RAND_bytes(chap->chap_challenge, sizeof(chap->chap_challenge)); - if (rv != 1) { - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } - rv = RAND_bytes(&chap->chap_id, sizeof(chap->chap_id)); - if (rv != 1) { - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } + arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge)); + arc4random_buf(&chap->chap_id, sizeof(chap->chap_id)); return (chap); } @@ -320,7 +307,7 @@ chap_receive(struct chap *chap, const char *response) int chap_authenticate(struct chap *chap, const char *secret) { - char expected_response[MD5_DIGEST_LENGTH]; + char expected_response[CHAP_DIGEST_LEN]; chap_compute_md5(chap->chap_id, secret, chap->chap_challenge, sizeof(chap->chap_challenge), @@ -397,7 +384,7 @@ rchap_get_response_bin(struct rchap *rchap, void **responsep, size_t *response_lenp) { void *response_bin; - size_t response_bin_len = MD5_DIGEST_LENGTH; + size_t response_bin_len = CHAP_DIGEST_LEN; response_bin = calloc(response_bin_len, 1); if (response_bin == NULL) diff --git a/usr.sbin/ctld/ctld.h b/usr.sbin/ctld/ctld.h index b98d56a..f6db0cc 100644 --- a/usr.sbin/ctld/ctld.h +++ b/usr.sbin/ctld/ctld.h @@ -39,7 +39,6 @@ #include <sys/socket.h> #include <stdbool.h> #include <libutil.h> -#include <openssl/md5.h> #define DEFAULT_CONFIG_PATH "/etc/ctl.conf" #define DEFAULT_PIDFILE "/var/run/ctld.pid" @@ -261,11 +260,12 @@ struct keys { }; #define CHAP_CHALLENGE_LEN 1024 +#define CHAP_DIGEST_LEN 16 /* Equal to MD5 digest size. */ struct chap { unsigned char chap_id; char chap_challenge[CHAP_CHALLENGE_LEN]; - char chap_response[MD5_DIGEST_LENGTH]; + char chap_response[CHAP_DIGEST_LEN]; }; struct rchap { diff --git a/usr.sbin/iscsid/Makefile b/usr.sbin/iscsid/Makefile index 5b79e30..bb573b3 100644 --- a/usr.sbin/iscsid/Makefile +++ b/usr.sbin/iscsid/Makefile @@ -8,8 +8,8 @@ CFLAGS+= -I${.CURDIR}/../../sys/dev/iscsi #CFLAGS+= -DICL_KERNEL_PROXY MAN= iscsid.8 -DPADD= ${LIBCRYPTO} ${LIBSSL} ${LIBUTIL} -LDADD= -lcrypto -lssl -lutil +DPADD= ${LIBMD} ${LIBUTIL} +LDADD= -lmd -lutil WARNS= 6 diff --git a/usr.sbin/iscsid/chap.c b/usr.sbin/iscsid/chap.c index 62e39f5..30c1cd4 100644 --- a/usr.sbin/iscsid/chap.c +++ b/usr.sbin/iscsid/chap.c @@ -32,12 +32,11 @@ __FBSDID("$FreeBSD$"); #include <assert.h> +#include <stdlib.h> #include <string.h> #include <netinet/in.h> #include <resolv.h> -#include <openssl/err.h> -#include <openssl/md5.h> -#include <openssl/rand.h> +#include <md5.h> #include "iscsid.h" @@ -47,17 +46,14 @@ chap_compute_md5(const char id, const char *secret, size_t response_len) { MD5_CTX ctx; - int rv; - assert(response_len == MD5_DIGEST_LENGTH); + assert(response_len == CHAP_DIGEST_LEN); - MD5_Init(&ctx); - MD5_Update(&ctx, &id, sizeof(id)); - MD5_Update(&ctx, secret, strlen(secret)); - MD5_Update(&ctx, challenge, challenge_len); - rv = MD5_Final(response, &ctx); - if (rv != 1) - log_errx(1, "MD5_Final"); + MD5Init(&ctx); + MD5Update(&ctx, &id, sizeof(id)); + MD5Update(&ctx, secret, strlen(secret)); + MD5Update(&ctx, challenge, challenge_len); + MD5Final(response, &ctx); } static int @@ -235,7 +231,6 @@ struct chap * chap_new(void) { struct chap *chap; - int rv; chap = calloc(sizeof(*chap), 1); if (chap == NULL) @@ -244,16 +239,8 @@ chap_new(void) /* * Generate the challenge. */ - rv = RAND_bytes(chap->chap_challenge, sizeof(chap->chap_challenge)); - if (rv != 1) { - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } - rv = RAND_bytes(&chap->chap_id, sizeof(chap->chap_id)); - if (rv != 1) { - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } + arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge)); + arc4random_buf(&chap->chap_id, sizeof(chap->chap_id)); return (chap); } @@ -320,7 +307,7 @@ chap_receive(struct chap *chap, const char *response) int chap_authenticate(struct chap *chap, const char *secret) { - char expected_response[MD5_DIGEST_LENGTH]; + char expected_response[CHAP_DIGEST_LEN]; chap_compute_md5(chap->chap_id, secret, chap->chap_challenge, sizeof(chap->chap_challenge), @@ -397,7 +384,7 @@ rchap_get_response_bin(struct rchap *rchap, void **responsep, size_t *response_lenp) { void *response_bin; - size_t response_bin_len = MD5_DIGEST_LENGTH; + size_t response_bin_len = CHAP_DIGEST_LEN; response_bin = calloc(response_bin_len, 1); if (response_bin == NULL) diff --git a/usr.sbin/iscsid/iscsid.h b/usr.sbin/iscsid/iscsid.h index 9ad3325..0ce1075 100644 --- a/usr.sbin/iscsid/iscsid.h +++ b/usr.sbin/iscsid/iscsid.h @@ -34,7 +34,6 @@ #include <stdbool.h> #include <stdint.h> -#include <openssl/md5.h> #include <iscsi_ioctl.h> @@ -82,11 +81,12 @@ struct keys { }; #define CHAP_CHALLENGE_LEN 1024 +#define CHAP_DIGEST_LEN 16 /* Equal to MD5 digest size. */ struct chap { unsigned char chap_id; char chap_challenge[CHAP_CHALLENGE_LEN]; - char chap_response[MD5_DIGEST_LENGTH]; + char chap_response[CHAP_DIGEST_LEN]; }; struct rchap { |
