rpms / iscsi-initiator-utils

Clone
Source Code
GIT

Blame SOURCES/0502-CHAP-FIPS-backport-fixups.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   6b208b82ec5b4ac7d0794c7f70198650c0eccc2a
  2.   SOURCES
  3.   0502-CHAP-FIPS-backport-fixups.patch
Blob History Raw
6b208b 
From 62a9ff5e206e33addbe3b206c398fe33d0666117 Mon Sep 17 00:00:00 2001
6b208b 
From: rpm-build <rpm-build>
6b208b 
Date: Fri, 22 May 2020 10:10:17 -0700
6b208b 
Subject: [PATCH 502/502] CHAP enhancement backport fixes for RHEL 7
6b208b
6b208b 
Minor build fixes
6b208b 
OpenSSL 1.0.1 API differences
6b208b 
disable SHA3 (OpenSSL version isssue)
6b208b 
---
6b208b 
 Makefile          |  2 +-
6b208b 
 etc/iscsid.conf   |  4 ++--
6b208b 
 libiscsi/Makefile |  5 +++--
6b208b 
 usr/Makefile      |  4 ++--
6b208b 
 usr/auth.c        | 18 ++++++++++++------
6b208b 
 usr/idbm.c        |  2 +-
6b208b 
 6 files changed, 21 insertions(+), 14 deletions(-)
6b208b
6b208b 
diff --git a/Makefile b/Makefile
6b208b 
index 340c457..d4f705c 100644
6b208b 
--- a/Makefile
6b208b 
+++ b/Makefile
6b208b 
@@ -22,7 +22,7 @@ IFACEFILES = etc/iface.example
6b208b
6b208b 
 # Compatibility: parse old OPTFLAGS argument
6b208b 
 ifdef OPTFLAGS
6b208b 
-CFLAGS = $(OPTFLAGS)
6b208b 
+CFLAGS = $(OPTFLAGS) --std=gnu99
6b208b 
 endif
6b208b
6b208b 
 # Export it so configure of iscsiuio & open-isns will
6b208b 
diff --git a/etc/iscsid.conf b/etc/iscsid.conf
6b208b 
index 82cc7d0..0bb7675 100644
6b208b 
--- a/etc/iscsid.conf
6b208b 
+++ b/etc/iscsid.conf
6b208b 
@@ -59,9 +59,9 @@ node.leading_login = No
6b208b 
 # To configure which CHAP algorithms to enable set
6b208b 
 # node.session.auth.chap_algs to a comma seperated list.
6b208b 
 # The algorithms should be listen with most prefered first.
6b208b 
-# Valid values are MD5, SHA1, SHA256, and SHA3-256.
6b208b 
+# Valid values are MD5, SHA1, SHA256
6b208b 
 # The default is MD5.
6b208b 
-#node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5
6b208b 
+#node.session.auth.chap_algs = SHA256,SHA1,MD5
6b208b
6b208b 
 # To set a CHAP username and password for initiator
6b208b 
 # authentication by the target(s), uncomment the following lines:
6b208b 
diff --git a/libiscsi/Makefile b/libiscsi/Makefile
6b208b 
index 317a7ec..5a920ff 100644
6b208b 
--- a/libiscsi/Makefile
6b208b 
+++ b/libiscsi/Makefile
6b208b 
@@ -4,7 +4,8 @@ OSNAME=$(shell uname -s)
6b208b 
 OPTFLAGS ?= -O2 -g
6b208b 
 WARNFLAGS ?= -Wall -Wstrict-prototypes
6b208b 
 CFLAGS = $(OPTFLAGS) $(WARNFLAGS) -I../include -I../usr \
6b208b 
-		-D$(OSNAME) -fPIC -D_GNU_SOURCE -fvisibility=hidden
6b208b 
+		-D$(OSNAME) -fPIC -D_GNU_SOURCE -fvisibility=hidden --std=gnu99
6b208b 
+CFLAGS += -lcrypto
6b208b 
 LIB = libiscsi.so.0
6b208b 
 TESTS = tests/test_discovery_sendtargets tests/test_discovery_firmware
6b208b 
 TESTS += tests/test_login tests/test_logout tests/test_params
6b208b 
@@ -13,7 +14,7 @@ TESTS += tests/test_set_auth tests/test_get_auth
6b208b
6b208b 
 COMMON_SRCS = sysdeps.o
6b208b 
 # sources shared between iscsid, iscsiadm and iscsistart
6b208b 
-ISCSI_LIB_SRCS = netlink.o transport.o cxgbi.o be2iscsi.o iscsi_timer.o initiator_common.o iscsi_err.o session_info.o iscsi_util.o io.o auth.o discovery.o login.o log.o md5.o sha1.o iface.o idbm.o sysfs.o iscsi_sysfs.o iscsi_net_util.o iscsid_req.o iser.o uip_mgmt_ipc.o
6b208b 
+ISCSI_LIB_SRCS = netlink.o transport.o cxgbi.o be2iscsi.o iscsi_timer.o initiator_common.o iscsi_err.o session_info.o iscsi_util.o io.o auth.o discovery.o login.o log.o iface.o idbm.o sysfs.o iscsi_sysfs.o iscsi_net_util.o iscsid_req.o iser.o uip_mgmt_ipc.o
6b208b 
 FW_PARAM_SRCS = fw_entry.o prom_lex.o prom_parse.tab.o fwparam_ppc.o fwparam_sysfs.o
6b208b
6b208b 
 # sources shared with the userspace utils, note we build these separately
6b208b 
diff --git a/usr/Makefile b/usr/Makefile
6b208b 
index db40c3a..8d3b9ae 100644
6b208b 
--- a/usr/Makefile
6b208b 
+++ b/usr/Makefile
6b208b 
@@ -63,10 +63,10 @@ all: $(PROGRAMS)
6b208b
6b208b 
 iscsid: $(ISCSI_LIB_SRCS) $(INITIATOR_SRCS) $(DISCOVERY_SRCS) \
6b208b 
 	iscsid.o session_mgmt.o discoveryd.o mntcheck.o
6b208b 
-	$(CC) $(CFLAGS) $^ -o $@ -L../utils/open-isns -lisns -lrt -lmount $(LDFLAGS)
6b208b 
+	$(CC) $(CFLAGS) $^ -o $@ -L../utils/open-isns -lisns -lrt -lcrypto -lmount $(LDFLAGS)
6b208b
6b208b 
 iscsiadm: $(ISCSI_LIB_SRCS) $(DISCOVERY_SRCS) iscsiadm.o session_mgmt.o mntcheck.o
6b208b 
-	$(CC) $(CFLAGS) $^ -o $@ -L../utils/open-isns -lisns -lmount $(LDFLAGS)
6b208b 
+	$(CC) $(CFLAGS) $^ -o $@ -L../utils/open-isns -lcrypto -lisns -lmount $(LDFLAGS)
6b208b
6b208b 
 iscsistart: $(ISCSI_LIB_SRCS) $(INITIATOR_SRCS) $(FW_BOOT_SRCS) \
6b208b 
 		iscsistart.o statics.o
6b208b 
diff --git a/usr/auth.c b/usr/auth.c
6b208b 
index ec934e6..5a02434 100644
6b208b 
--- a/usr/auth.c
6b208b 
+++ b/usr/auth.c
6b208b 
@@ -169,7 +169,7 @@ acl_chap_auth_request(struct iscsi_acl *client, char *username, unsigned int id,
6b208b
6b208b 
 static int auth_hash_init(EVP_MD_CTX **context, int chap_alg) {
6b208b 
 	const EVP_MD *digest = NULL;
6b208b 
-	*context = EVP_MD_CTX_new();
6b208b 
+	*context = EVP_MD_CTX_create();
6b208b 
 	int rc;
6b208b
6b208b 
 	switch (chap_alg) {
6b208b 
@@ -182,9 +182,11 @@ static int auth_hash_init(EVP_MD_CTX **context, int chap_alg) {
6b208b 
 	case AUTH_CHAP_ALG_SHA256:
6b208b 
 		digest = EVP_sha256();
6b208b 
 		break;
6b208b 
+	/*
6b208b 
 	case AUTH_CHAP_ALG_SHA3_256:
6b208b 
 		digest = EVP_sha3_256();
6b208b 
 		break;
6b208b 
+	*/
6b208b 
 	}
6b208b
6b208b 
 	if (*context == NULL)
6b208b 
@@ -199,7 +201,7 @@ static int auth_hash_init(EVP_MD_CTX **context, int chap_alg) {
6b208b
6b208b 
 fail_init:
6b208b 
 fail_digest:
6b208b 
-	EVP_MD_CTX_free(*context);
6b208b 
+	EVP_MD_CTX_destroy(*context);
6b208b 
 	*context = NULL;
6b208b 
 fail_context:
6b208b 
 	return -1;
6b208b 
@@ -212,7 +214,7 @@ static void auth_hash_update(EVP_MD_CTX *context, unsigned char *data, unsigned
6b208b 
 static unsigned int auth_hash_final(unsigned char *hash, EVP_MD_CTX *context) {
6b208b 
 	unsigned int md_len;
6b208b 
 	EVP_DigestFinal_ex(context, hash, &md_len);
6b208b 
-	EVP_MD_CTX_free(context);
6b208b 
+	EVP_MD_CTX_destroy(context);
6b208b 
 	context = NULL;
6b208b 
 	return md_len;
6b208b 
 }
6b208b 
@@ -335,7 +337,7 @@ static int
6b208b 
 acl_chk_chap_alg_optn(int chap_algorithm)
6b208b 
 {
6b208b 
 	if (chap_algorithm == AUTH_OPTION_NONE ||
6b208b 
-	    chap_algorithm == AUTH_CHAP_ALG_SHA3_256 ||
6b208b 
+	    // chap_algorithm == AUTH_CHAP_ALG_SHA3_256 ||
6b208b 
 	    chap_algorithm == AUTH_CHAP_ALG_SHA256 ||
6b208b 
 	    chap_algorithm == AUTH_CHAP_ALG_SHA1 ||
6b208b 
 	    chap_algorithm == AUTH_CHAP_ALG_MD5)
6b208b 
@@ -748,9 +750,11 @@ acl_chk_chap_alg_key(struct iscsi_acl *client)
6b208b 
 				case AUTH_CHAP_ALG_SHA256:
6b208b 
 					client->chap_challenge_len = AUTH_CHAP_SHA256_RSP_LEN;
6b208b 
 					break;
6b208b 
+				/*
6b208b 
 				case AUTH_CHAP_ALG_SHA3_256:
6b208b 
 					client->chap_challenge_len = AUTH_CHAP_SHA3_256_RSP_LEN;
6b208b 
 					break;
6b208b 
+				*/
6b208b 
 				}
6b208b 
 				return;
6b208b 
 			}
6b208b 
@@ -899,7 +903,7 @@ acl_local_auth(struct iscsi_acl *client)
6b208b 
 			client->local_state = AUTH_LOCAL_STATE_ERROR;
6b208b 
 			client->dbg_status = AUTH_DBG_STATUS_CHAP_ALG_REJECT;
6b208b 
 			break;
6b208b 
-		} else if ((client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA3_256) &&
6b208b 
+		} else if ( // (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA3_256) &&
6b208b 
 			   (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA256) &&
6b208b 
 			   (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA1) &&
6b208b 
 			   (client->negotiated_chap_alg != AUTH_CHAP_ALG_MD5)) {
6b208b 
@@ -1820,7 +1824,7 @@ acl_set_chap_alg_list(struct iscsi_acl *client, unsigned int option_count,
6b208b
6b208b 
 int
6b208b 
 acl_init_chap_digests(int *value_list, unsigned *chap_algs, int conf_count) {
6b208b 
-	EVP_MD_CTX *context = EVP_MD_CTX_new();
6b208b 
+	EVP_MD_CTX *context = EVP_MD_CTX_create();
6b208b 
 	int i = 0;
6b208b
6b208b 
 	for (int j = 0; j < conf_count; j++) {
6b208b 
@@ -1849,6 +1853,7 @@ acl_init_chap_digests(int *value_list, unsigned *chap_algs, int conf_count) {
6b208b 
 				            "SHA256 due to crypto lib configuration");
6b208b 
 			}
6b208b 
 			break;
6b208b 
+		/*
6b208b 
 		case AUTH_CHAP_ALG_SHA3_256:
6b208b 
 			if (EVP_DigestInit_ex(context, EVP_sha3_256(), NULL)) {
6b208b 
 				value_list[i++] = AUTH_CHAP_ALG_SHA3_256;
6b208b 
@@ -1857,6 +1862,7 @@ acl_init_chap_digests(int *value_list, unsigned *chap_algs, int conf_count) {
6b208b 
 				            "SHA3-256 due to crypto lib configuration");
6b208b 
 			}
6b208b 
 			break;
6b208b 
+		*/
6b208b 
 		case ~0:
6b208b 
 			/* unset value in array, just ignore */
6b208b 
 			break;
6b208b 
diff --git a/usr/idbm.c b/usr/idbm.c
6b208b 
index a9c7b40..8d80b33 100644
6b208b 
--- a/usr/idbm.c
6b208b 
+++ b/usr/idbm.c
6b208b 
@@ -198,7 +198,7 @@ static struct int_list_tbl {
6b208b 
 	{ "MD5", AUTH_CHAP_ALG_MD5 },
6b208b 
 	{ "SHA1", AUTH_CHAP_ALG_SHA1 },
6b208b 
 	{ "SHA256", AUTH_CHAP_ALG_SHA256 },
6b208b 
-	{ "SHA3-256", AUTH_CHAP_ALG_SHA3_256 },
6b208b 
+	// { "SHA3-256", AUTH_CHAP_ALG_SHA3_256 },
6b208b 
 };
6b208b
6b208b 
 static int idbm_remove_disc_to_node_link(node_rec_t *rec, char *portal);
6b208b 
--
6b208b 
2.21.3
6b208b

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation