Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 9 Jun 2014 17:18:04 -0500
From:      Tony Morlan <tony@scroner.com>
To:        freebsd-current@freebsd.org
Subject:   WITHOUT_OPENSSL build failure
Message-ID:  <20140609221804.GL46752@jasper.scroner.com>
next in thread | raw e-mail | index | archive | help 

--GID0FwUMdk1T2AWN
Content-Type: multipart/mixed; boundary="xHFwDpU9dbj6ez1V"
Content-Disposition: inline


--xHFwDpU9dbj6ez1V
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hello!

When trying to buildworld from 267293 with WITHOUT_OPENSSL I run into a
few issues. It seems that the following options currently need to be
implied:

WITHOUT_LDNS
WITHOUT_BSNMP
WITHOUT_DMAGENT
WITHOUT_PKGBOOTSTRAP
WITHOUT_SVNLITE

The WITHOUT_BSNMP option also currently needs to enforce WITHOUT_ATM.

With those all set, WITHOUT_OPENSSL almost works. There remains a
warning in libfetch, and both ctld and iscsid use OpenSSL with the
option set or not.

I've included a patch with a one liner change to avoid the warning in
libfetch, and changes to usr.sbin/ctld and usr.sbin/iscsid to use
arc4random_buf and md5.h instead of similar OpenSSL functions. I don't
use iscsi, so that part of the patch is unfortunately untested. It might
be preferable to add WITHOUT_CTLD and WITHOUT_ISCSID instead.

Tony

--xHFwDpU9dbj6ez1V
Content-Type: text/x-diff; charset=us-ascii
Content-Disposition: attachment; filename="without_openssl.patch"
Content-Transfer-Encoding: quoted-printable

Index: lib/libfetch/common.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- lib/libfetch/common.c	(revision 267293)
+++ lib/libfetch/common.c	(working copy)
@@ -888,6 +888,7 @@
 	return (0);
 #else
 	(void)conn;
+	(void)URL;
 	(void)verbose;
 	fprintf(stderr, "SSL support disabled\n");
 	return (-1);
Index: usr.sbin/ctld/Makefile
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- usr.sbin/ctld/Makefile	(revision 267293)
+++ usr.sbin/ctld/Makefile	(working copy)
@@ -9,8 +9,8 @@
 #CFLAGS+=3D	-DICL_KERNEL_PROXY
 MAN=3D		ctld.8 ctl.conf.5
=20
-DPADD=3D		${LIBCAM} ${LIBSBUF} ${LIBBSDXML} ${LIBUTIL}
-LDADD=3D		-lbsdxml -lcam -lcrypto -lfl -lsbuf -lssl -lutil
+DPADD=3D		${LIBCAM} ${LIBMD} ${LIBSBUF} ${LIBBSDXML} ${LIBUTIL}
+LDADD=3D		-lbsdxml -lcam -lfl -lmd -lsbuf -lutil -lmd
=20
 YFLAGS+=3D	-v
 CLEANFILES=3D	y.tab.c y.tab.h y.output
Index: usr.sbin/ctld/login.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- usr.sbin/ctld/login.c	(revision 267293)
+++ usr.sbin/ctld/login.c	(working copy)
@@ -37,9 +37,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <netinet/in.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
+#include <md5.h>
=20
 #include "ctld.h"
 #include "iscsi_proto.h"
@@ -356,17 +354,14 @@
     size_t response_len)
 {
 	MD5_CTX ctx;
-	int rv;
=20
 	assert(response_len =3D=3D MD5_DIGEST_LENGTH);
=20
-	MD5_Init(&ctx);
-	MD5_Update(&ctx, &id, sizeof(id));
-	MD5_Update(&ctx, secret, strlen(secret));
-	MD5_Update(&ctx, challenge, challenge_len);
-	rv =3D MD5_Final(response, &ctx);
-	if (rv !=3D 1)
-		log_errx(1, "MD5_Final");
+	MD5Init(&ctx);
+	MD5Update(&ctx, &id, sizeof(id));
+	MD5Update(&ctx, secret, strlen(secret));
+	MD5Update(&ctx, challenge, challenge_len);
+	MD5Final(response, &ctx);
 }
=20
 #define	LOGIN_CHALLENGE_LEN	1024
@@ -565,7 +560,6 @@
 	struct pdu *request;
 	char challenge_bin[LOGIN_CHALLENGE_LEN];
 	unsigned char id;
-	int rv;
=20
 	/*
 	 * Receive CHAP_A PDU.
@@ -576,18 +570,8 @@
 	/*
 	 * Generate the challenge.
 	 */
-	rv =3D RAND_bytes(challenge_bin, sizeof(challenge_bin));
-	if (rv !=3D 1) {
-		login_send_error(request, 0x03, 0x02);
-		log_errx(1, "RAND_bytes failed: %s",
-		    ERR_error_string(ERR_get_error(), NULL));
-	}
-	rv =3D RAND_bytes(&id, sizeof(id));
-	if (rv !=3D 1) {
-		login_send_error(request, 0x03, 0x02);
-		log_errx(1, "RAND_bytes failed: %s",
-		    ERR_error_string(ERR_get_error(), NULL));
-	}
+	arc4random_buf(challenge_bin, sizeof(challenge_bin));
+	arc4random_buf(&id, sizeof(id));
=20
 	/*
 	 * Send the challenge.
Index: usr.sbin/iscsid/Makefile
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- usr.sbin/iscsid/Makefile	(revision 267293)
+++ usr.sbin/iscsid/Makefile	(working copy)
@@ -8,8 +8,8 @@
 #CFLAGS+=3D	-DICL_KERNEL_PROXY
 MAN=3D		iscsid.8
=20
-DPADD=3D		${LIBUTIL}
-LDADD=3D		-lcrypto -lssl -lutil
+DPADD=3D		${LIBMD} ${LIBUTIL}
+LDADD=3D		-lmd -lutil
=20
 WARNS=3D		6
=20
Index: usr.sbin/iscsid/login.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- usr.sbin/iscsid/login.c	(revision 267293)
+++ usr.sbin/iscsid/login.c	(working copy)
@@ -36,9 +36,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <netinet/in.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
+#include <md5.h>
=20
 #include "iscsid.h"
 #include "iscsi_proto.h"
@@ -376,17 +374,14 @@
     size_t response_len)
 {
 	MD5_CTX ctx;
-	int rv;
=20
 	assert(response_len =3D=3D MD5_DIGEST_LENGTH);
=20
-	MD5_Init(&ctx);
-	MD5_Update(&ctx, &id, sizeof(id));
-	MD5_Update(&ctx, secret, strlen(secret));
-	MD5_Update(&ctx, challenge, challenge_len);
-	rv =3D MD5_Final(response, &ctx);
-	if (rv !=3D 1)
-		log_errx(1, "MD5_Final");
+	MD5Init(&ctx);
+	MD5Update(&ctx, &id, sizeof(id));
+	MD5Update(&ctx, secret, strlen(secret));
+	MD5Update(&ctx, challenge, challenge_len);
+	MD5Final(response, &ctx);
 }
=20
 static void
@@ -588,7 +583,7 @@
 	const char *chap_a, *chap_c, *chap_i;
 	char *chap_r, *challenge, response_bin[MD5_DIGEST_LENGTH];
 	size_t challenge_len;
-	int error, rv;
+	int error;
 	unsigned char id;
         char *mutual_chap_c, mutual_chap_i[4];
=20
@@ -647,18 +642,10 @@
 		    "binary challenge size is %zd bytes",
 		    sizeof(conn->conn_mutual_challenge));
=20
-		rv =3D RAND_bytes(conn->conn_mutual_challenge,
+		arc4random_buf(conn->conn_mutual_challenge,
 		    sizeof(conn->conn_mutual_challenge));
-		if (rv !=3D 1) {
-			log_errx(1, "RAND_bytes failed: %s",
-			    ERR_error_string(ERR_get_error(), NULL));
-		}
-		rv =3D RAND_bytes(&conn->conn_mutual_id,
+		arc4random_buf(&conn->conn_mutual_id,
 		    sizeof(conn->conn_mutual_id));
-		if (rv !=3D 1) {
-			log_errx(1, "RAND_bytes failed: %s",
-			    ERR_error_string(ERR_get_error(), NULL));
-		}
 		mutual_chap_c =3D login_bin2hex(conn->conn_mutual_challenge,
 		    sizeof(conn->conn_mutual_challenge));
 		snprintf(mutual_chap_i, sizeof(mutual_chap_i),
@@ -752,8 +739,6 @@
 static void
 login_create_isid(struct connection *conn)
 {
-	int rv;
-
 	/*
 	 * RFC 3720, 10.12.5: 10b, "Random" ISID.
 	 *
@@ -760,11 +745,7 @@
 	 */
 	conn->conn_isid[0] =3D 0x80;=20
=20
-	rv =3D RAND_bytes(&conn->conn_isid[1], 3);
-	if (rv !=3D 1) {
-		log_errx(1, "RAND_bytes failed: %s",
-		    ERR_error_string(ERR_get_error(), NULL));
-	}
+	arc4random_buf(&conn->conn_isid[1], 3);
 }
=20
 void

--xHFwDpU9dbj6ez1V--

--GID0FwUMdk1T2AWN
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJTljKFAAoJENozVLx0EqfWSg0P/0i5kv11hEe+f2tnnX8mye7J
DxFH0NNqgJrIsJFi7FbMmu7R+Ogy45sTqgjHCuhC1pWQkc1aL7FkqCUKJJAtFtdc
8uQF0ShBKG42OpauL0SYuAEWPs06m8+4Ez8KLtHX64OguoDV/Z+ggzIFTg3n8oWg
t6bh3o7+1Vm2KcdfMUXsntbxDLyeHwDzCRTUMHnS56GFdkL5T0KdWKd6oyriG02S
qkonvG7oGyyEpVK9GzDrvqskX1wqcl3m30lOWDtuhEmcyY02AydOZfylkdsST1C6
/iB5nMTWMg81ZT/S/4mKxYe6GbfRnhIBma2FUAWJUg5R+fWcRKDucr8uvvlwlRAa
j+VC+UrKQAxBqhW0zg7sjNaas2zhmTx4Lblc/mW8JXiTGD7dnP/0HMkg1F7X1hgD
WdtUA6ASc33baqC9wreGNkmJsIqK1RBgo0IcY8MwIV2TxjbngHhU6pr0eIGyHxLN
yWUc/nHkHd/6HNbVMaFWo6xlhAs9ro1qVvYJV0q9raNlBEkYpY0vaZSXJ1oZRHRg
Y9ekIpkOt2TZlomygC7IQ2xb12GSzg0oUTrYUY/JcIR4Yr7HQgevJq1S3k42/ZH6
u710fExoZEyZRBd8dW8SUsn1nW9BwvDv5t0x1D8gdMLL/W243OsBuV6WFbeVkSgF
u5+A5f6LQqGfeNel1Hca
=sYyI
-----END PGP SIGNATURE-----

--GID0FwUMdk1T2AWN--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140609221804.GL46752>