rpms / iscsi-initiator-utils

Clone
Source Code
GIT

Files

  1.   6b208b82ec5b4ac7d0794c7f70198650c0eccc2a
  2.   SOURCES
  3.   0502-CHAP-FIPS-backport-fixups.patch
Blob Blame History Raw 
From 62a9ff5e206e33addbe3b206c398fe33d0666117 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Fri, 22 May 2020 10:10:17 -0700
Subject: [PATCH 502/502] CHAP enhancement backport fixes for RHEL 7

Minor build fixes
OpenSSL 1.0.1 API differences
disable SHA3 (OpenSSL version isssue)
---
 Makefile          |  2 +-
 etc/iscsid.conf   |  4 ++--
 libiscsi/Makefile |  5 +++--
 usr/Makefile      |  4 ++--
 usr/auth.c        | 18 ++++++++++++------
 usr/idbm.c        |  2 +-
 6 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/Makefile b/Makefile
index 340c457..d4f705c 100644
--- a/Makefile
+++ b/Makefile
@@ -22,7 +22,7 @@ IFACEFILES = etc/iface.example
 
 # Compatibility: parse old OPTFLAGS argument
 ifdef OPTFLAGS
-CFLAGS = $(OPTFLAGS)
+CFLAGS = $(OPTFLAGS) --std=gnu99
 endif
 
 # Export it so configure of iscsiuio & open-isns will
diff --git a/etc/iscsid.conf b/etc/iscsid.conf
index 82cc7d0..0bb7675 100644
--- a/etc/iscsid.conf
+++ b/etc/iscsid.conf
@@ -59,9 +59,9 @@ node.leading_login = No
 # To configure which CHAP algorithms to enable set
 # node.session.auth.chap_algs to a comma seperated list.
 # The algorithms should be listen with most prefered first.
-# Valid values are MD5, SHA1, SHA256, and SHA3-256.
+# Valid values are MD5, SHA1, SHA256
 # The default is MD5.
-#node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5
+#node.session.auth.chap_algs = SHA256,SHA1,MD5
 
 # To set a CHAP username and password for initiator
 # authentication by the target(s), uncomment the following lines:
diff --git a/libiscsi/Makefile b/libiscsi/Makefile
index 317a7ec..5a920ff 100644
--- a/libiscsi/Makefile
+++ b/libiscsi/Makefile
@@ -4,7 +4,8 @@ OSNAME=$(shell uname -s)
 OPTFLAGS ?= -O2 -g
 WARNFLAGS ?= -Wall -Wstrict-prototypes
 CFLAGS = $(OPTFLAGS) $(WARNFLAGS) -I../include -I../usr \
-		-D$(OSNAME) -fPIC -D_GNU_SOURCE -fvisibility=hidden
+		-D$(OSNAME) -fPIC -D_GNU_SOURCE -fvisibility=hidden --std=gnu99
+CFLAGS += -lcrypto
 LIB = libiscsi.so.0
 TESTS = tests/test_discovery_sendtargets tests/test_discovery_firmware
 TESTS += tests/test_login tests/test_logout tests/test_params
@@ -13,7 +14,7 @@ TESTS += tests/test_set_auth tests/test_get_auth
 
 COMMON_SRCS = sysdeps.o
 # sources shared between iscsid, iscsiadm and iscsistart
-ISCSI_LIB_SRCS = netlink.o transport.o cxgbi.o be2iscsi.o iscsi_timer.o initiator_common.o iscsi_err.o session_info.o iscsi_util.o io.o auth.o discovery.o login.o log.o md5.o sha1.o iface.o idbm.o sysfs.o iscsi_sysfs.o iscsi_net_util.o iscsid_req.o iser.o uip_mgmt_ipc.o
+ISCSI_LIB_SRCS = netlink.o transport.o cxgbi.o be2iscsi.o iscsi_timer.o initiator_common.o iscsi_err.o session_info.o iscsi_util.o io.o auth.o discovery.o login.o log.o iface.o idbm.o sysfs.o iscsi_sysfs.o iscsi_net_util.o iscsid_req.o iser.o uip_mgmt_ipc.o
 FW_PARAM_SRCS = fw_entry.o prom_lex.o prom_parse.tab.o fwparam_ppc.o fwparam_sysfs.o
 
 # sources shared with the userspace utils, note we build these separately
diff --git a/usr/Makefile b/usr/Makefile
index db40c3a..8d3b9ae 100644
--- a/usr/Makefile
+++ b/usr/Makefile
@@ -63,10 +63,10 @@ all: $(PROGRAMS)
 
 iscsid: $(ISCSI_LIB_SRCS) $(INITIATOR_SRCS) $(DISCOVERY_SRCS) \
 	iscsid.o session_mgmt.o discoveryd.o mntcheck.o
-	$(CC) $(CFLAGS) $^ -o $@ -L../utils/open-isns -lisns -lrt -lmount $(LDFLAGS)
+	$(CC) $(CFLAGS) $^ -o $@ -L../utils/open-isns -lisns -lrt -lcrypto -lmount $(LDFLAGS)
 
 iscsiadm: $(ISCSI_LIB_SRCS) $(DISCOVERY_SRCS) iscsiadm.o session_mgmt.o mntcheck.o
-	$(CC) $(CFLAGS) $^ -o $@ -L../utils/open-isns -lisns -lmount $(LDFLAGS)
+	$(CC) $(CFLAGS) $^ -o $@ -L../utils/open-isns -lcrypto -lisns -lmount $(LDFLAGS)
 
 iscsistart: $(ISCSI_LIB_SRCS) $(INITIATOR_SRCS) $(FW_BOOT_SRCS) \
 		iscsistart.o statics.o
diff --git a/usr/auth.c b/usr/auth.c
index ec934e6..5a02434 100644
--- a/usr/auth.c
+++ b/usr/auth.c
@@ -169,7 +169,7 @@ acl_chap_auth_request(struct iscsi_acl *client, char *username, unsigned int id,
 
 static int auth_hash_init(EVP_MD_CTX **context, int chap_alg) {
 	const EVP_MD *digest = NULL;
-	*context = EVP_MD_CTX_new();
+	*context = EVP_MD_CTX_create();
 	int rc;
 
 	switch (chap_alg) {
@@ -182,9 +182,11 @@ static int auth_hash_init(EVP_MD_CTX **context, int chap_alg) {
 	case AUTH_CHAP_ALG_SHA256:
 		digest = EVP_sha256();
 		break;
+	/*
 	case AUTH_CHAP_ALG_SHA3_256:
 		digest = EVP_sha3_256();
 		break;
+	*/
 	}
 
 	if (*context == NULL)
@@ -199,7 +201,7 @@ static int auth_hash_init(EVP_MD_CTX **context, int chap_alg) {
 
 fail_init:
 fail_digest:
-	EVP_MD_CTX_free(*context);
+	EVP_MD_CTX_destroy(*context);
 	*context = NULL;
 fail_context:
 	return -1;
@@ -212,7 +214,7 @@ static void auth_hash_update(EVP_MD_CTX *context, unsigned char *data, unsigned
 static unsigned int auth_hash_final(unsigned char *hash, EVP_MD_CTX *context) {
 	unsigned int md_len;
 	EVP_DigestFinal_ex(context, hash, &md_len);
-	EVP_MD_CTX_free(context);
+	EVP_MD_CTX_destroy(context);
 	context = NULL;
 	return md_len;
 }
@@ -335,7 +337,7 @@ static int
 acl_chk_chap_alg_optn(int chap_algorithm)
 {
 	if (chap_algorithm == AUTH_OPTION_NONE ||
-	    chap_algorithm == AUTH_CHAP_ALG_SHA3_256 ||
+	    // chap_algorithm == AUTH_CHAP_ALG_SHA3_256 ||
 	    chap_algorithm == AUTH_CHAP_ALG_SHA256 ||
 	    chap_algorithm == AUTH_CHAP_ALG_SHA1 ||
 	    chap_algorithm == AUTH_CHAP_ALG_MD5)
@@ -748,9 +750,11 @@ acl_chk_chap_alg_key(struct iscsi_acl *client)
 				case AUTH_CHAP_ALG_SHA256:
 					client->chap_challenge_len = AUTH_CHAP_SHA256_RSP_LEN;
 					break;
+				/*
 				case AUTH_CHAP_ALG_SHA3_256:
 					client->chap_challenge_len = AUTH_CHAP_SHA3_256_RSP_LEN;
 					break;
+				*/
 				}
 				return;
 			}
@@ -899,7 +903,7 @@ acl_local_auth(struct iscsi_acl *client)
 			client->local_state = AUTH_LOCAL_STATE_ERROR;
 			client->dbg_status = AUTH_DBG_STATUS_CHAP_ALG_REJECT;
 			break;
-		} else if ((client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA3_256) &&
+		} else if ( // (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA3_256) &&
 			   (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA256) &&
 			   (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA1) &&
 			   (client->negotiated_chap_alg != AUTH_CHAP_ALG_MD5)) {
@@ -1820,7 +1824,7 @@ acl_set_chap_alg_list(struct iscsi_acl *client, unsigned int option_count,
 
 int
 acl_init_chap_digests(int *value_list, unsigned *chap_algs, int conf_count) {
-	EVP_MD_CTX *context = EVP_MD_CTX_new();
+	EVP_MD_CTX *context = EVP_MD_CTX_create();
 	int i = 0;
 
 	for (int j = 0; j < conf_count; j++) {
@@ -1849,6 +1853,7 @@ acl_init_chap_digests(int *value_list, unsigned *chap_algs, int conf_count) {
 				            "SHA256 due to crypto lib configuration");
 			}
 			break;
+		/*
 		case AUTH_CHAP_ALG_SHA3_256:
 			if (EVP_DigestInit_ex(context, EVP_sha3_256(), NULL)) {
 				value_list[i++] = AUTH_CHAP_ALG_SHA3_256;
@@ -1857,6 +1862,7 @@ acl_init_chap_digests(int *value_list, unsigned *chap_algs, int conf_count) {
 				            "SHA3-256 due to crypto lib configuration");
 			}
 			break;
+		*/
 		case ~0:
 			/* unset value in array, just ignore */
 			break;
diff --git a/usr/idbm.c b/usr/idbm.c
index a9c7b40..8d80b33 100644
--- a/usr/idbm.c
+++ b/usr/idbm.c
@@ -198,7 +198,7 @@ static struct int_list_tbl {
 	{ "MD5", AUTH_CHAP_ALG_MD5 },
 	{ "SHA1", AUTH_CHAP_ALG_SHA1 },
 	{ "SHA256", AUTH_CHAP_ALG_SHA256 },
-	{ "SHA3-256", AUTH_CHAP_ALG_SHA3_256 },
+	// { "SHA3-256", AUTH_CHAP_ALG_SHA3_256 },
 };
 
 static int idbm_remove_disc_to_node_link(node_rec_t *rec, char *portal);
-- 
2.21.3

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation