From owner-svn-src-all@freebsd.org Fri Jul 3 10:08:12 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D5AD6990F57; Fri, 3 Jul 2015 10:08:12 +0000 (UTC) (envelope-from trasz@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B5CD712D0; Fri, 3 Jul 2015 10:08:12 +0000 (UTC) (envelope-from trasz@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t63A8Cw7007630; Fri, 3 Jul 2015 10:08:12 GMT (envelope-from trasz@FreeBSD.org) Received: (from trasz@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t63A8BPj007621; Fri, 3 Jul 2015 10:08:11 GMT (envelope-from trasz@FreeBSD.org) Message-Id: <201507031008.t63A8BPj007621@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: trasz set sender to trasz@FreeBSD.org using -f From: Edward Tomasz Napierala Date: Fri, 3 Jul 2015 10:08:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r285086 - in head/usr.sbin: ctld iscsid X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jul 2015 10:08:12 -0000 Author: trasz Date: Fri Jul 3 10:08:10 2015 New Revision: 285086 URL: https://svnweb.freebsd.org/changeset/base/285086 Log: Remove OpenSSL dependency from iscsid(8) and ctld(8). Differential Revision: https://reviews.freebsd.org/D2866 Submitted by: Tony Morlan (earlier version) Reviewed by: bapt@, delphij@ MFC after: 1 month Sponsored by: The FreeBSD Foundation Modified: head/usr.sbin/ctld/Makefile head/usr.sbin/ctld/chap.c head/usr.sbin/ctld/ctld.h head/usr.sbin/iscsid/Makefile head/usr.sbin/iscsid/chap.c head/usr.sbin/iscsid/iscsid.h Modified: head/usr.sbin/ctld/Makefile ============================================================================== --- head/usr.sbin/ctld/Makefile Fri Jul 3 10:04:41 2015 (r285085) +++ head/usr.sbin/ctld/Makefile Fri Jul 3 10:08:10 2015 (r285086) @@ -10,7 +10,7 @@ CFLAGS+= -I${.CURDIR}/../../sys/dev/iscs #CFLAGS+= -DICL_KERNEL_PROXY MAN= ctld.8 ctl.conf.5 -LIBADD= bsdxml crypto l sbuf util +LIBADD= bsdxml l md sbuf util YFLAGS+= -v CLEANFILES= y.tab.c y.tab.h y.output Modified: head/usr.sbin/ctld/chap.c ============================================================================== --- head/usr.sbin/ctld/chap.c Fri Jul 3 10:04:41 2015 (r285085) +++ head/usr.sbin/ctld/chap.c Fri Jul 3 10:08:10 2015 (r285086) @@ -32,12 +32,11 @@ __FBSDID("$FreeBSD$"); #include +#include #include #include #include -#include -#include -#include +#include #include "ctld.h" @@ -47,17 +46,14 @@ chap_compute_md5(const char id, const ch size_t response_len) { MD5_CTX ctx; - int rv; - assert(response_len == MD5_DIGEST_LENGTH); + assert(response_len == CHAP_DIGEST_LEN); - MD5_Init(&ctx); - MD5_Update(&ctx, &id, sizeof(id)); - MD5_Update(&ctx, secret, strlen(secret)); - MD5_Update(&ctx, challenge, challenge_len); - rv = MD5_Final(response, &ctx); - if (rv != 1) - log_errx(1, "MD5_Final"); + MD5Init(&ctx); + MD5Update(&ctx, &id, sizeof(id)); + MD5Update(&ctx, secret, strlen(secret)); + MD5Update(&ctx, challenge, challenge_len); + MD5Final(response, &ctx); } static int @@ -235,7 +231,6 @@ struct chap * chap_new(void) { struct chap *chap; - int rv; chap = calloc(sizeof(*chap), 1); if (chap == NULL) @@ -244,16 +239,8 @@ chap_new(void) /* * Generate the challenge. */ - rv = RAND_bytes(chap->chap_challenge, sizeof(chap->chap_challenge)); - if (rv != 1) { - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } - rv = RAND_bytes(&chap->chap_id, sizeof(chap->chap_id)); - if (rv != 1) { - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } + arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge)); + arc4random_buf(&chap->chap_id, sizeof(chap->chap_id)); return (chap); } @@ -320,7 +307,7 @@ chap_receive(struct chap *chap, const ch int chap_authenticate(struct chap *chap, const char *secret) { - char expected_response[MD5_DIGEST_LENGTH]; + char expected_response[CHAP_DIGEST_LEN]; chap_compute_md5(chap->chap_id, secret, chap->chap_challenge, sizeof(chap->chap_challenge), @@ -397,7 +384,7 @@ rchap_get_response_bin(struct rchap *rch void **responsep, size_t *response_lenp) { void *response_bin; - size_t response_bin_len = MD5_DIGEST_LENGTH; + size_t response_bin_len = CHAP_DIGEST_LEN; response_bin = calloc(response_bin_len, 1); if (response_bin == NULL) Modified: head/usr.sbin/ctld/ctld.h ============================================================================== --- head/usr.sbin/ctld/ctld.h Fri Jul 3 10:04:41 2015 (r285085) +++ head/usr.sbin/ctld/ctld.h Fri Jul 3 10:08:10 2015 (r285086) @@ -39,7 +39,6 @@ #include #include #include -#include #define DEFAULT_CONFIG_PATH "/etc/ctl.conf" #define DEFAULT_PIDFILE "/var/run/ctld.pid" @@ -263,11 +262,12 @@ struct keys { }; #define CHAP_CHALLENGE_LEN 1024 +#define CHAP_DIGEST_LEN 16 /* Equal to MD5 digest size. */ struct chap { unsigned char chap_id; char chap_challenge[CHAP_CHALLENGE_LEN]; - char chap_response[MD5_DIGEST_LENGTH]; + char chap_response[CHAP_DIGEST_LEN]; }; struct rchap { Modified: head/usr.sbin/iscsid/Makefile ============================================================================== --- head/usr.sbin/iscsid/Makefile Fri Jul 3 10:04:41 2015 (r285085) +++ head/usr.sbin/iscsid/Makefile Fri Jul 3 10:08:10 2015 (r285086) @@ -8,7 +8,7 @@ CFLAGS+= -I${.CURDIR}/../../sys/dev/iscs #CFLAGS+= -DICL_KERNEL_PROXY MAN= iscsid.8 -LIBADD= crypto util +LIBADD= md util WARNS= 6 Modified: head/usr.sbin/iscsid/chap.c ============================================================================== --- head/usr.sbin/iscsid/chap.c Fri Jul 3 10:04:41 2015 (r285085) +++ head/usr.sbin/iscsid/chap.c Fri Jul 3 10:08:10 2015 (r285086) @@ -32,12 +32,11 @@ __FBSDID("$FreeBSD$"); #include +#include #include #include #include -#include -#include -#include +#include #include "iscsid.h" @@ -47,17 +46,14 @@ chap_compute_md5(const char id, const ch size_t response_len) { MD5_CTX ctx; - int rv; - assert(response_len == MD5_DIGEST_LENGTH); + assert(response_len == CHAP_DIGEST_LEN); - MD5_Init(&ctx); - MD5_Update(&ctx, &id, sizeof(id)); - MD5_Update(&ctx, secret, strlen(secret)); - MD5_Update(&ctx, challenge, challenge_len); - rv = MD5_Final(response, &ctx); - if (rv != 1) - log_errx(1, "MD5_Final"); + MD5Init(&ctx); + MD5Update(&ctx, &id, sizeof(id)); + MD5Update(&ctx, secret, strlen(secret)); + MD5Update(&ctx, challenge, challenge_len); + MD5Final(response, &ctx); } static int @@ -235,7 +231,6 @@ struct chap * chap_new(void) { struct chap *chap; - int rv; chap = calloc(sizeof(*chap), 1); if (chap == NULL) @@ -244,16 +239,8 @@ chap_new(void) /* * Generate the challenge. */ - rv = RAND_bytes(chap->chap_challenge, sizeof(chap->chap_challenge)); - if (rv != 1) { - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } - rv = RAND_bytes(&chap->chap_id, sizeof(chap->chap_id)); - if (rv != 1) { - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } + arc4random_buf(chap->chap_challenge, sizeof(chap->chap_challenge)); + arc4random_buf(&chap->chap_id, sizeof(chap->chap_id)); return (chap); } @@ -320,7 +307,7 @@ chap_receive(struct chap *chap, const ch int chap_authenticate(struct chap *chap, const char *secret) { - char expected_response[MD5_DIGEST_LENGTH]; + char expected_response[CHAP_DIGEST_LEN]; chap_compute_md5(chap->chap_id, secret, chap->chap_challenge, sizeof(chap->chap_challenge), @@ -397,7 +384,7 @@ rchap_get_response_bin(struct rchap *rch void **responsep, size_t *response_lenp) { void *response_bin; - size_t response_bin_len = MD5_DIGEST_LENGTH; + size_t response_bin_len = CHAP_DIGEST_LEN; response_bin = calloc(response_bin_len, 1); if (response_bin == NULL) Modified: head/usr.sbin/iscsid/iscsid.h ============================================================================== --- head/usr.sbin/iscsid/iscsid.h Fri Jul 3 10:04:41 2015 (r285085) +++ head/usr.sbin/iscsid/iscsid.h Fri Jul 3 10:08:10 2015 (r285086) @@ -34,7 +34,6 @@ #include #include -#include #include @@ -83,11 +82,12 @@ struct keys { }; #define CHAP_CHALLENGE_LEN 1024 +#define CHAP_DIGEST_LEN 16 /* Equal to MD5 digest size. */ struct chap { unsigned char chap_id; char chap_challenge[CHAP_CHALLENGE_LEN]; - char chap_response[MD5_DIGEST_LENGTH]; + char chap_response[CHAP_DIGEST_LEN]; }; struct rchap {