From 62a9ff5e206e33addbe3b206c398fe33d0666117 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Fri, 22 May 2020 10:10:17 -0700 Subject: [PATCH 502/502] CHAP enhancement backport fixes for RHEL 7 Minor build fixes OpenSSL 1.0.1 API differences disable SHA3 (OpenSSL version isssue) --- Makefile | 2 +- etc/iscsid.conf | 4 ++-- libiscsi/Makefile | 5 +++-- usr/Makefile | 4 ++-- usr/auth.c | 18 ++++++++++++------ usr/idbm.c | 2 +- 6 files changed, 21 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 340c457..d4f705c 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,7 @@ IFACEFILES = etc/iface.example # Compatibility: parse old OPTFLAGS argument ifdef OPTFLAGS -CFLAGS = $(OPTFLAGS) +CFLAGS = $(OPTFLAGS) --std=gnu99 endif # Export it so configure of iscsiuio & open-isns will diff --git a/etc/iscsid.conf b/etc/iscsid.conf index 82cc7d0..0bb7675 100644 --- a/etc/iscsid.conf +++ b/etc/iscsid.conf @@ -59,9 +59,9 @@ node.leading_login = No # To configure which CHAP algorithms to enable set # node.session.auth.chap_algs to a comma seperated list. # The algorithms should be listen with most prefered first. -# Valid values are MD5, SHA1, SHA256, and SHA3-256. +# Valid values are MD5, SHA1, SHA256 # The default is MD5. -#node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5 +#node.session.auth.chap_algs = SHA256,SHA1,MD5 # To set a CHAP username and password for initiator # authentication by the target(s), uncomment the following lines: diff --git a/libiscsi/Makefile b/libiscsi/Makefile index 317a7ec..5a920ff 100644 --- a/libiscsi/Makefile +++ b/libiscsi/Makefile @@ -4,7 +4,8 @@ OSNAME=$(shell uname -s) OPTFLAGS ?= -O2 -g WARNFLAGS ?= -Wall -Wstrict-prototypes CFLAGS = $(OPTFLAGS) $(WARNFLAGS) -I../include -I../usr \ - -D$(OSNAME) -fPIC -D_GNU_SOURCE -fvisibility=hidden + -D$(OSNAME) -fPIC -D_GNU_SOURCE -fvisibility=hidden --std=gnu99 +CFLAGS += -lcrypto LIB = libiscsi.so.0 TESTS = tests/test_discovery_sendtargets tests/test_discovery_firmware TESTS += tests/test_login tests/test_logout tests/test_params @@ -13,7 +14,7 @@ TESTS += tests/test_set_auth tests/test_get_auth COMMON_SRCS = sysdeps.o # sources shared between iscsid, iscsiadm and iscsistart -ISCSI_LIB_SRCS = netlink.o transport.o cxgbi.o be2iscsi.o iscsi_timer.o initiator_common.o iscsi_err.o session_info.o iscsi_util.o io.o auth.o discovery.o login.o log.o md5.o sha1.o iface.o idbm.o sysfs.o iscsi_sysfs.o iscsi_net_util.o iscsid_req.o iser.o uip_mgmt_ipc.o +ISCSI_LIB_SRCS = netlink.o transport.o cxgbi.o be2iscsi.o iscsi_timer.o initiator_common.o iscsi_err.o session_info.o iscsi_util.o io.o auth.o discovery.o login.o log.o iface.o idbm.o sysfs.o iscsi_sysfs.o iscsi_net_util.o iscsid_req.o iser.o uip_mgmt_ipc.o FW_PARAM_SRCS = fw_entry.o prom_lex.o prom_parse.tab.o fwparam_ppc.o fwparam_sysfs.o # sources shared with the userspace utils, note we build these separately diff --git a/usr/Makefile b/usr/Makefile index db40c3a..8d3b9ae 100644 --- a/usr/Makefile +++ b/usr/Makefile @@ -63,10 +63,10 @@ all: $(PROGRAMS) iscsid: $(ISCSI_LIB_SRCS) $(INITIATOR_SRCS) $(DISCOVERY_SRCS) \ iscsid.o session_mgmt.o discoveryd.o mntcheck.o - $(CC) $(CFLAGS) $^ -o $@ -L../utils/open-isns -lisns -lrt -lmount $(LDFLAGS) + $(CC) $(CFLAGS) $^ -o $@ -L../utils/open-isns -lisns -lrt -lcrypto -lmount $(LDFLAGS) iscsiadm: $(ISCSI_LIB_SRCS) $(DISCOVERY_SRCS) iscsiadm.o session_mgmt.o mntcheck.o - $(CC) $(CFLAGS) $^ -o $@ -L../utils/open-isns -lisns -lmount $(LDFLAGS) + $(CC) $(CFLAGS) $^ -o $@ -L../utils/open-isns -lcrypto -lisns -lmount $(LDFLAGS) iscsistart: $(ISCSI_LIB_SRCS) $(INITIATOR_SRCS) $(FW_BOOT_SRCS) \ iscsistart.o statics.o diff --git a/usr/auth.c b/usr/auth.c index ec934e6..5a02434 100644 --- a/usr/auth.c +++ b/usr/auth.c @@ -169,7 +169,7 @@ acl_chap_auth_request(struct iscsi_acl *client, char *username, unsigned int id, static int auth_hash_init(EVP_MD_CTX **context, int chap_alg) { const EVP_MD *digest = NULL; - *context = EVP_MD_CTX_new(); + *context = EVP_MD_CTX_create(); int rc; switch (chap_alg) { @@ -182,9 +182,11 @@ static int auth_hash_init(EVP_MD_CTX **context, int chap_alg) { case AUTH_CHAP_ALG_SHA256: digest = EVP_sha256(); break; + /* case AUTH_CHAP_ALG_SHA3_256: digest = EVP_sha3_256(); break; + */ } if (*context == NULL) @@ -199,7 +201,7 @@ static int auth_hash_init(EVP_MD_CTX **context, int chap_alg) { fail_init: fail_digest: - EVP_MD_CTX_free(*context); + EVP_MD_CTX_destroy(*context); *context = NULL; fail_context: return -1; @@ -212,7 +214,7 @@ static void auth_hash_update(EVP_MD_CTX *context, unsigned char *data, unsigned static unsigned int auth_hash_final(unsigned char *hash, EVP_MD_CTX *context) { unsigned int md_len; EVP_DigestFinal_ex(context, hash, &md_len); - EVP_MD_CTX_free(context); + EVP_MD_CTX_destroy(context); context = NULL; return md_len; } @@ -335,7 +337,7 @@ static int acl_chk_chap_alg_optn(int chap_algorithm) { if (chap_algorithm == AUTH_OPTION_NONE || - chap_algorithm == AUTH_CHAP_ALG_SHA3_256 || + // chap_algorithm == AUTH_CHAP_ALG_SHA3_256 || chap_algorithm == AUTH_CHAP_ALG_SHA256 || chap_algorithm == AUTH_CHAP_ALG_SHA1 || chap_algorithm == AUTH_CHAP_ALG_MD5) @@ -748,9 +750,11 @@ acl_chk_chap_alg_key(struct iscsi_acl *client) case AUTH_CHAP_ALG_SHA256: client->chap_challenge_len = AUTH_CHAP_SHA256_RSP_LEN; break; + /* case AUTH_CHAP_ALG_SHA3_256: client->chap_challenge_len = AUTH_CHAP_SHA3_256_RSP_LEN; break; + */ } return; } @@ -899,7 +903,7 @@ acl_local_auth(struct iscsi_acl *client) client->local_state = AUTH_LOCAL_STATE_ERROR; client->dbg_status = AUTH_DBG_STATUS_CHAP_ALG_REJECT; break; - } else if ((client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA3_256) && + } else if ( // (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA3_256) && (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA256) && (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA1) && (client->negotiated_chap_alg != AUTH_CHAP_ALG_MD5)) { @@ -1820,7 +1824,7 @@ acl_set_chap_alg_list(struct iscsi_acl *client, unsigned int option_count, int acl_init_chap_digests(int *value_list, unsigned *chap_algs, int conf_count) { - EVP_MD_CTX *context = EVP_MD_CTX_new(); + EVP_MD_CTX *context = EVP_MD_CTX_create(); int i = 0; for (int j = 0; j < conf_count; j++) { @@ -1849,6 +1853,7 @@ acl_init_chap_digests(int *value_list, unsigned *chap_algs, int conf_count) { "SHA256 due to crypto lib configuration"); } break; + /* case AUTH_CHAP_ALG_SHA3_256: if (EVP_DigestInit_ex(context, EVP_sha3_256(), NULL)) { value_list[i++] = AUTH_CHAP_ALG_SHA3_256; @@ -1857,6 +1862,7 @@ acl_init_chap_digests(int *value_list, unsigned *chap_algs, int conf_count) { "SHA3-256 due to crypto lib configuration"); } break; + */ case ~0: /* unset value in array, just ignore */ break; diff --git a/usr/idbm.c b/usr/idbm.c index a9c7b40..8d80b33 100644 --- a/usr/idbm.c +++ b/usr/idbm.c @@ -198,7 +198,7 @@ static struct int_list_tbl { { "MD5", AUTH_CHAP_ALG_MD5 }, { "SHA1", AUTH_CHAP_ALG_SHA1 }, { "SHA256", AUTH_CHAP_ALG_SHA256 }, - { "SHA3-256", AUTH_CHAP_ALG_SHA3_256 }, + // { "SHA3-256", AUTH_CHAP_ALG_SHA3_256 }, }; static int idbm_remove_disc_to_node_link(node_rec_t *rec, char *portal); -- 2.21.3