Hello community, here is the log from the commit of package open-iscsi for openSUSE:Factory checked in at 2019-11-23 23:23:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/open-iscsi (Old) and /work/SRC/openSUSE:Factory/.open-iscsi.new.26869 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "open-iscsi" Sat Nov 23 23:23:07 2019 rev:89 rq:749404 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/open-iscsi/open-iscsi.changes 2019-11-06 15:19:39.845383549 +0100 +++ /work/SRC/openSUSE:Factory/.open-iscsi.new.26869/open-iscsi.changes 2019-11-23 23:23:08.630810779 +0100 @@ -1,0 +2,20 @@ +Mon Nov 18 17:42:09 UTC 2019 - Lee Duncan <[email protected]> + +- Merged in latest upstream (2.1.0), including more fixes for + iscsiuio, and cleanup/bug-fixes of new CHAP code. + This replaces open-iscsi-2.0.878-suse.tar.bz2 with + open-iscsi-2.1.0-suse.tar.bz2, and it resets + open-iscsi-SUSE-latest.diff.bz2 with fixes after 2.1.0-suse. + + Also, updated the Summary lines in the spec file that + started with "iSCSI ...", since rpmlint didn't like + them starting with a non-capital letter, and updated the + version number for iscsiuio to match the code. + +------------------------------------------------------------------- +Sat Nov 9 17:44:09 UTC 2019 - Lee Duncan <[email protected]> + +- Use SPEC-file macro for systemd generator directory, since + the libexec macro is changing from /usr/lib to /usr/libexec. + +------------------------------------------------------------------- Old: ---- open-iscsi-2.0.878-suse.tar.bz2 New: ---- open-iscsi-2.1.0-suse.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ open-iscsi.spec ++++++ --- /var/tmp/diff_new_pack.e39LMp/_old 2019-11-23 23:23:09.106810827 +0100 +++ /var/tmp/diff_new_pack.e39LMp/_new 2019-11-23 23:23:09.106810827 +0100 @@ -16,15 +16,17 @@ # -%define iscsi_release 878-suse +%define iscsi_minor_release 1 +%define iscsi_patch_release 0 +%define iscsi_patch_release_suse %{iscsi_patch_release}-suse Name: open-iscsi -Version: 2.0.878 +Version: 2.1.0 Release: 0 Summary: Linux iSCSI Software Initiator License: GPL-2.0-or-later Group: Productivity/Networking/Other Url: http://www.open-iscsi.com -Source: %{name}-2.0.%{iscsi_release}.tar.bz2 +Source: %{name}-2.%{iscsi_minor_release}.%{iscsi_patch_release_suse}.tar.bz2 Patch1: %{name}-SUSE-latest.diff.bz2 BuildRequires: autoconf BuildRequires: automake @@ -62,9 +64,9 @@ iscsiadm. %package -n libopeniscsiusr0_2_0 -Version: 2.0.878 +Version: 2.%{iscsi_minor_release}.%{iscsi_patch_release} Release: 0 -Summary: iSCSI User-level Library +Summary: The iSCSI User-level Library Group: System/Libraries Obsoletes: libopeniscsiusr0_1_0 @@ -72,7 +74,7 @@ The iSCSI user-space API from the open-iscsi project. %package -n iscsiuio -Version: 0.7.8.4 +Version: 0.7.8.6 Release: 0 Summary: Linux Broadcom NetXtremem II iscsi server Group: Productivity/Networking/Other @@ -94,9 +96,9 @@ "uio"). %package devel -Version: 2.0.878 +Version: 2.%{iscsi_minor_release}.%{iscsi_patch_release} Release: 0 -Summary: iSCSI User-level Library Development Library and Include files +Summary: The iSCSI User-level Library Development Library and Include files Group: Development/Libraries/C and C++ Requires: %{name} = %{version} @@ -106,7 +108,7 @@ the libopeniscsiusr library. %prep -%setup -q -n %{name}-2.0.%{iscsi_release} +%setup -q -n %{name}-2.%{iscsi_minor_release}.%{iscsi_patch_release_suse} %patch1 -p1 %build @@ -179,7 +181,7 @@ %{_unitdir}/iscsid.service %{_unitdir}/iscsid.socket %{_unitdir}/iscsi.service -%{_libexecdir}/systemd/system-generators/ibft-rule-generator +%{_systemdgeneratordir}/ibft-rule-generator %{_sbindir}/rciscsi %{_sbindir}/rciscsid /sbin/iscsid ++++++ open-iscsi-2.0.878-suse.tar.bz2 -> open-iscsi-2.1.0-suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/.travis.yml new/open-iscsi-2.1.0-suse/.travis.yml --- old/open-iscsi-2.0.878-suse/.travis.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/open-iscsi-2.1.0-suse/.travis.yml 2019-11-18 19:06:18.000000000 +0100 @@ -0,0 +1,33 @@ +language: c +compiler: gcc +os: linux +dist: bionic + +env: + global: + # This is an excrypted setting of COVERITY_SCAN_TOKEN=<token> + # Travis-CI has the private key to decrypt this and set the environment + # variable with the token needed for Coverity API access + - secure: kUIw3pil4akjNycH+R2mq8oUszQrt/TCwkQb20oBRXoqsRzYLF6I9VT5wdAERjPsD7BDSiWLxLnisYrdRAs/tQ9h3xvnOJQAX8wKvVF/B883kOwOdI17DkY/dKdzWT+LbojjaXCHZf2yaKVAjibRPO2E8J9zsvpuDLDlon7zD123Amnb/XrSVJH4jefscs1OXFVtaMIKNs7AQPoPK7V9oMZoIbBF5NhYSPpytlf5/VL6ePQlXdd4xAiQR+dg5PvEbMquJh4GvcTo5DzOAJN8L9nGvlGlH5YKxHo7tkOpKFRnCATyenbpVaUBTb/TzA9OsVmxfSr/WrzLLXQxCwfOG6ktZp+1+ANRuL5wLCtDJLooGCw4Wxsicgw69snBoFPWoPW8w4osNQAaGINZnPKM2WSFxq2DBrqHrccGk1lze7upNHikBrwSTgv+SklmZUfcDQjWYxC2owH21BHhVTV6hgNShwS5q9gwWtSWAHc4f34Qvn1gjdV2/791Skk/t4GgTSmt0j0ZVcfsQJaZBvDwkot1yDJ0u/3av+ElMAmCb/9wG3dSqUXv9/V6mAutNb243igIZko6Vmpcosp2bJKXyeVbRkgbMoIfH2VQf9n1sbb01+V9lZsk9usIZZYRcW9Bz6d2H+ooDrM/ha1kQjVqMDP2EyCdBKmQjr8iAi9E4yQ= + +addons: + apt: + update: true + packages: + - libsystemd-dev + - libkmod-dev + - libmount-dev + - libisns-dev + - openssl + - flex + - bison + coverity_scan: + project: + name: open-iscsi/open-iscsi + notification_email: [email protected] + build_command: make + branch_pattern: coverity_scan + +before_install: echo -n | openssl s_client -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca- + +script: if [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then make; fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/Changelog new/open-iscsi-2.1.0-suse/Changelog --- old/open-iscsi-2.0.878-suse/Changelog 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/Changelog 2019-11-18 19:06:18.000000000 +0100 @@ -1,4 +1,43 @@ -open-iscsi-2.0-877 - open-iscsi-2.0.878 +open-iscsi-2.0.878 - open-iscsi-2.1.0 + +# output from "git shortlog --no-merges 2.0.878..HEAD" + +Chris Leech (29): + CHAP SHA-1, SHA-256, SHA3-256 via OpenSSL's libcrypto + setup Travis-CI builds and Coverity scans + fix Coverity scan + Resource leak: returning without freeing netdev + Out-of-bounds-write: Overrunning array link_target + Resource leak: Variable rec going out of scope leaks the storage it points to + Out-of-bounds write: Overrunning array link_target + Buffer not null terminated: Calling strncpy with a maximum size argument on destination array might leave the destination string unterminated + Out-of-bounds access: Overrunning array value_list + Resource leak: Variable startup_cmd going out of scope leaks the storage it point to. + Buffer not null terminated: Calling strncpy with a maximum size argument on destination array + Uninitialized scalar variable + Uninitialized pointer read: Using uninitialized value ifaces.next + Uninitialized scalar variable: Using uninitialized value number when calling acl_text_to_number + Resource leak: Handle variable sockfd going out of scope leaks the handle. + Resource leak: Variable chap_info going out of scope leaks the storage it points to. + Resource leak: Variable matched_ses going out of scope leaks the storage it points to. + Resource leak: Handle variable fd going out of scope leaks the handle. + Resource leak: Handle variable fd going out of scope leaks the handle. + Out-of-bounds read: Overrunning array of 4 bytes at byte offset 7 by dereferencing pointer + iscsi-iname: change default IQN prefix + iscsi-iname: verify prefix length is at most 210 characters + iscsi-iname remove unneeded temp buffer + iscsistart -b probably never worked with PPC OF parsing? + fwparam_pcc mulitple resource leaks + Resource leak: Handle variable fd going out of scope leaks the handle. + Out-of-bounds read: Overrunning array of 8 2-byte elements + Resource leak: Variable raw going out of scope leaks the storage it points to. + Uninitialized scalar value rc + +Lee Duncan (2): + Initialize timeout for printing specific session info. + Fix version strings in ChangeLog + +open-iscsi-2.0.877 - open-iscsi-2.0.878 # output from "git shortlog --no-merges 2.0.877..HEAD" @@ -45,7 +84,7 @@ Make iscsid.service a requirement. Fixed iscsi.service considering every signal and exit code as successful. Now only code 21 (no objects found to execute on) and normal exit conditions are valid. -open-iscsi-2.0-876 - open-iscsi-2.0.877 +open-iscsi-2.0.876 - open-iscsi-2.0.877 Antoine de Maleprade (1): iscsid: fix logging level when starting daemon @@ -172,7 +211,7 @@ Better error message and failure if netlink socket fails. -open-iscsi-2.0-875 - open-iscsi-2.0.876 +open-iscsi-2.0.875 - open-iscsi-2.0.876 Chris Leech (2): delete old kernel code @@ -230,7 +269,7 @@ remove kernel subdir from clean Makefile target -open-iscsi-2.0-874 - open-iscsi-2.0.875 +open-iscsi-2.0.874 - open-iscsi-2.0.875 Andrew Patterson (3): iscsiuio must be present to use hardware offload for bnx2{,x} @@ -303,7 +342,7 @@ iscsid: Add qedi ping transport hook -open-iscsi-2.0-873 - open-iscsi-2.0.874 +open-iscsi-2.0.873 - open-iscsi-2.0.874 Adam Jackson (6): actor: Mark actor_check static @@ -544,7 +583,7 @@ Merge pull request #8 from dscunkel/master Merge pull request #9 from xypron/kernel_source_path -open-iscsi-2.0-872 - open-iscsi-2.0.873 +open-iscsi-2.0.872 - open-iscsi-2.0.873 Ales Kozumplik (1): fwparam_sysfs: fix pathname manipulation error in fwparam_sysfs_boot_info. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/Makefile new/open-iscsi-2.1.0-suse/Makefile --- old/open-iscsi-2.0.878-suse/Makefile 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/Makefile 2019-11-18 19:06:18.000000000 +0100 @@ -15,7 +15,7 @@ initddir = $(etcdir)/init.d libdir = $(prefix)/lib rulesdir = $(libdir)/udev/rules.d -systemddir = $(prefix)/lib/systemd/system +systemddir = $(prefix)/lib/systemd MANPAGES = doc/iscsid.8 doc/iscsiadm.8 doc/iscsi_discovery.8 \ iscsiuio/docs/iscsiuio.8 doc/iscsi_fw_login.8 doc/iscsi-iname.8 \ @@ -115,8 +115,11 @@ $(INSTALL) -m 644 $(RULESFILES) $(DESTDIR)/$(rulesdir) install_systemd: - $(INSTALL) -d $(DESTDIR)$(systemddir) - $(INSTALL) -m 644 $(SYSTEMDFILES) $(DESTDIR)/$(systemddir) + $(INSTALL) -d $(DESTDIR)$(systemddir)/system + $(INSTALL) -m 644 $(SYSTEMDFILES) $(DESTDIR)/$(systemddir)/system + $(INSTALL) -d $(DESTDIR)$(systemddir)/system-generators + $(INSTALL) -m 755 utils/ibft-rule-generator \ + $(DESTDIR)$(systemddir)/system-generators install_programs: $(PROGRAMS) $(SCRIPTS) $(INSTALL) -d $(DESTDIR)$(sbindir) @@ -151,23 +154,6 @@ $(INSTALL) -m 755 etc/initd/initd.debian \ $(DESTDIR)$(initddir)/open-iscsi -# install systemd service files for openSUSE -install_service_suse: - $(INSTALL) -d $(DESTDIR)$(systemddir)/system - $(INSTALL) -m 644 etc/systemd/iscsid.service \ - $(DESTDIR)$(systemddir)/system - $(INSTALL) -m 644 etc/systemd/iscsid.socket \ - $(DESTDIR)$(systemddir)/system - $(INSTALL) -m 644 etc/systemd/iscsi.service \ - $(DESTDIR)$(systemddir)/system - $(INSTALL) -m 644 etc/systemd/iscsiuio.service \ - $(DESTDIR)$(systemddir)/system - $(INSTALL) -m 644 etc/systemd/iscsiuio.socket \ - $(DESTDIR)$(systemddir)/system - $(INSTALL) -d $(DESTDIR)$(systemddir)/system-generators - $(INSTALL) -m 755 utils/ibft-rule-generator \ - $(DESTDIR)$(systemddir)/system-generators - install_iface: $(IFACEFILES) $(INSTALL) -d $(DESTDIR)$(etcdir)/iscsi/ifaces $(INSTALL) -m 644 $^ $(DESTDIR)$(etcdir)/iscsi/ifaces diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/doc/iscsi-iname.8 new/open-iscsi-2.1.0-suse/doc/iscsi-iname.8 --- old/open-iscsi-2.0.878-suse/doc/iscsi-iname.8 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/doc/iscsi-iname.8 2019-11-18 19:06:18.000000000 +0100 @@ -14,7 +14,7 @@ Display help .TP .BI [-p=]\fIprefix\fP -Use the prefix passed in instead of the default "iqn.2005-03.org.open-iscsi" +Use the prefix passed in instead of the default "iqn.2016-04.com.open-iscsi" .SH AUTHORS Open-iSCSI project <http://www.open-iscsi.com/> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/iscsiuio/src/uip/ipv6.c new/open-iscsi-2.1.0-suse/iscsiuio/src/uip/ipv6.c --- old/open-iscsi-2.0.878-suse/iscsiuio/src/uip/ipv6.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/iscsiuio/src/uip/ipv6.c 2019-11-18 19:06:18.000000000 +0100 @@ -521,7 +521,7 @@ sum = 0; ptr = (u16_t *)&ipv6->ipv6_src; - for (i = 0; i < sizeof(struct ipv6_addr); i++) { + for (i = 0; i < sizeof(struct ipv6_addr); i += 2) { sum += HOST_TO_NET16(*ptr); ptr++; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/iscsiuio/src/unix/libs/qedi.c new/open-iscsi-2.1.0-suse/iscsiuio/src/unix/libs/qedi.c --- old/open-iscsi-2.0.878-suse/iscsiuio/src/unix/libs/qedi.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/iscsiuio/src/unix/libs/qedi.c 2019-11-18 19:06:18.000000000 +0100 @@ -442,7 +442,7 @@ qedi_t *bp = NULL; struct stat uio_stat; int i, rc; - int count; + size_t count; uint32_t bus; uint32_t slot; uint32_t func; @@ -666,7 +666,7 @@ nic->mac_addr[0], nic->mac_addr[1], nic->mac_addr[2], nic->mac_addr[3], nic->mac_addr[4], nic->mac_addr[5]); - qedi_get_library_name(&nic->library_name, (size_t *)&count); + qedi_get_library_name(&nic->library_name, &count); LOG_INFO("%s: qedi initialized", nic->log_name); bp->flags |= QEDI_OPENED; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/iscsiuio/src/unix/main.c new/open-iscsi-2.1.0-suse/iscsiuio/src/unix/main.c --- old/open-iscsi-2.0.878-suse/iscsiuio/src/unix/main.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/iscsiuio/src/unix/main.c 2019-11-18 19:06:18.000000000 +0100 @@ -196,6 +196,7 @@ dup2(fd, 2); setsid(); chdir("/"); + close(fd); } #define ISCSI_OOM_PATH_LEN 48 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/iscsiuio/src/unix/nic_nl.c new/open-iscsi-2.1.0-suse/iscsiuio/src/unix/nic_nl.c --- old/open-iscsi-2.0.878-suse/iscsiuio/src/unix/nic_nl.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/iscsiuio/src/unix/nic_nl.c 2019-11-18 19:06:18.000000000 +0100 @@ -278,7 +278,7 @@ static int ctldev_handle(char *data, nic_t *nic) { - int rc; + int rc = 0; struct iscsi_uevent *ev; uint8_t *payload; struct iscsi_path *path; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/iscsiuio/src/unix/nic_utils.c new/open-iscsi-2.1.0-suse/iscsiuio/src/unix/nic_utils.c --- old/open-iscsi-2.0.878-suse/iscsiuio/src/unix/nic_utils.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/iscsiuio/src/unix/nic_utils.c 2019-11-18 19:06:18.000000000 +0100 @@ -245,6 +245,7 @@ "space for NIC %s " "during scan", raw); + free(raw); rc = -ENOMEM; break; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/libopeniscsiusr/version.h new/open-iscsi-2.1.0-suse/libopeniscsiusr/version.h --- old/open-iscsi-2.0.878-suse/libopeniscsiusr/version.h 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/libopeniscsiusr/version.h 2019-11-18 19:06:18.000000000 +0100 @@ -25,6 +25,6 @@ * This may not be the same value as the kernel versions because * some other maintainer could merge a patch without going through us */ -#define ISCSI_VERSION_STR "2.0-878-suse" +#define ISCSI_VERSION_STR "2.1.0-suse" #endif /* End of __ISCSI_OPEN_USR_VERSION_H__ */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/Makefile new/open-iscsi-2.1.0-suse/usr/Makefile --- old/open-iscsi-2.0.878-suse/usr/Makefile 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/Makefile 2019-11-18 19:06:18.000000000 +0100 @@ -50,8 +50,8 @@ # libc compat files SYSDEPS_SRCS = $(sort $(wildcard ../utils/sysdeps/*.o)) # sources shared between iscsid, iscsiadm and iscsistart -ISCSI_LIB_SRCS = iscsi_util.o io.o auth.o iscsi_timer.o login.o log.o md5.o \ - sha1.o iface.o idbm.o sysfs.o host.o session_info.o iscsi_sysfs.o \ +ISCSI_LIB_SRCS = iscsi_util.o io.o auth.o iscsi_timer.o login.o log.o \ + iface.o idbm.o sysfs.o host.o session_info.o iscsi_sysfs.o \ iscsi_net_util.o iscsid_req.o transport.o iser.o cxgbi.o be2iscsi.o \ initiator_common.o iscsi_err.o flashnode.o uip_mgmt_ipc.o \ netlink.o $(SYSDEPS_SRCS) @@ -75,7 +75,7 @@ iscsistart: $(ISCSI_LIB_SRCS) $(INITIATOR_SRCS) $(FW_BOOT_SRCS) \ iscsistart.o statics.o - $(CC) $(CFLAGS) $^ -o $@ -lrt $(LDFLAGS) $(ISCSI_LIB) + $(CC) $(CFLAGS) $^ -o $@ -lcrypto -lrt $(LDFLAGS) $(ISCSI_LIB) clean: rm -f *.o $(PROGRAMS) .depend $(LIBSYS) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/auth.c new/open-iscsi-2.1.0-suse/usr/auth.c --- old/open-iscsi-2.0.878-suse/usr/auth.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/auth.c 2019-11-18 19:06:18.000000000 +0100 @@ -34,7 +34,6 @@ #include "sysdeps.h" #include "auth.h" #include "initiator.h" -#include "md5.h" #include "log.h" static const char acl_hexstring[] = "0123456789abcdefABCDEF"; @@ -43,9 +42,11 @@ static const char acl_authmethod_set_chap_alg_list[] = "CHAP"; static const char acl_reject_option_name[] = "Reject"; -void auth_md5_init(struct MD5Context *); -void auth_md5_update(struct MD5Context *, unsigned char *, unsigned int); -void auth_md5_final(unsigned char *, struct MD5Context *); +#include <openssl/evp.h> +static int auth_hash_init(EVP_MD_CTX **context, int chap_alg); +static void auth_hash_update(EVP_MD_CTX *context, unsigned char *md, unsigned int); +static unsigned int auth_hash_final(unsigned char *, EVP_MD_CTX *context); + void get_random_bytes(unsigned char *data, unsigned int length); size_t strlcpy(char *, const char *, size_t); size_t strlcat(char *, const char *, size_t); @@ -57,18 +58,19 @@ unsigned char *response_data) { unsigned char id_data[1]; - struct MD5Context context; + EVP_MD_CTX *context = NULL; unsigned char out_data[AUTH_STR_MAX_LEN]; unsigned int out_length = AUTH_STR_MAX_LEN; if (!client->passwd_present) return AUTH_DBG_STATUS_LOCAL_PASSWD_NOT_SET; - auth_md5_init(&context); + if (auth_hash_init(&context, client->negotiated_chap_alg) != 0) + return AUTH_DBG_STATUS_AUTH_FAIL; /* id byte */ id_data[0] = id; - auth_md5_update(&context, id_data, 1); + auth_hash_update(context, id_data, 1); /* decrypt password */ if (acl_data(out_data, &out_length, client->passwd_data, @@ -79,15 +81,15 @@ return AUTH_DBG_STATUS_PASSWD_TOO_SHORT_WITH_NO_IPSEC; /* shared secret */ - auth_md5_update(&context, out_data, out_length); + auth_hash_update(context, out_data, out_length); /* clear decrypted password */ memset(out_data, 0, AUTH_STR_MAX_LEN); /* challenge value */ - auth_md5_update(&context, challenge_data, challenge_length); + auth_hash_update(context, challenge_data, challenge_length); - auth_md5_final(response_data, &context); + auth_hash_final(response_data, context); return AUTH_DBG_STATUS_NOT_SET; /* no error */ } @@ -103,8 +105,8 @@ unsigned int rsp_length) { iscsi_session_t *session = client->session_handle; - struct MD5Context context; - unsigned char verify_data[16]; + EVP_MD_CTX *context = NULL; + unsigned char verify_data[client->chap_challenge_len]; /* the expected credentials are in the session */ if (session->username_in == NULL) { @@ -137,21 +139,22 @@ return AUTH_STATUS_FAIL; } - auth_md5_init(&context); + if (auth_hash_init(&context, client->negotiated_chap_alg) != 0) + return AUTH_STATUS_FAIL; /* id byte */ verify_data[0] = id; - auth_md5_update(&context, verify_data, 1); + auth_hash_update(context, verify_data, 1); /* shared secret */ - auth_md5_update(&context, (unsigned char *)session->password_in, + auth_hash_update(context, (unsigned char *)session->password_in, session->password_in_length); /* challenge value */ - auth_md5_update(&context, (unsigned char *)challenge_data, + auth_hash_update(context, (unsigned char *)challenge_data, challenge_length); - auth_md5_final(verify_data, &context); + auth_hash_final(verify_data, context); if (memcmp(response_data, verify_data, sizeof(verify_data)) == 0) { log_debug(1, "initiator authenticated target %s", @@ -164,23 +167,54 @@ return AUTH_STATUS_FAIL; } -void -auth_md5_init(struct MD5Context *context) -{ - MD5Init(context); -} +static int auth_hash_init(EVP_MD_CTX **context, int chap_alg) { + const EVP_MD *digest = NULL; + *context = EVP_MD_CTX_new(); + int rc; + + switch (chap_alg) { + case AUTH_CHAP_ALG_MD5: + digest = EVP_md5(); + break; + case AUTH_CHAP_ALG_SHA1: + digest = EVP_sha1(); + break; + case AUTH_CHAP_ALG_SHA256: + digest = EVP_sha256(); + break; + case AUTH_CHAP_ALG_SHA3_256: + digest = EVP_sha3_256(); + break; + } -void -auth_md5_update(struct MD5Context *context, unsigned char *data, - unsigned int length) -{ - MD5Update(context, data, length); -} + if (*context == NULL) + goto fail_context; + if (digest == NULL) + goto fail_digest; + rc = EVP_DigestInit_ex(*context, digest, NULL); + if (!rc) + goto fail_init; -void -auth_md5_final(unsigned char *hash, struct MD5Context *context) -{ - MD5Final(hash, context); + return 0; + +fail_init: +fail_digest: + EVP_MD_CTX_free(*context); + *context = NULL; +fail_context: + return -1; +} + +static void auth_hash_update(EVP_MD_CTX *context, unsigned char *data, unsigned int length) { + EVP_DigestUpdate(context, data, length); +} + +static unsigned int auth_hash_final(unsigned char *hash, EVP_MD_CTX *context) { + unsigned int md_len; + EVP_DigestFinal_ex(context, hash, &md_len); + EVP_MD_CTX_free(context); + context = NULL; + return md_len; } void @@ -225,7 +259,7 @@ acl_text_to_number(const char *text, unsigned long *num) { char *end; - unsigned long number = *num; + unsigned long number; if (text[0] == '0' && (text[1] == 'x' || text[1] == 'X')) number = strtoul(text + 2, &end, 16); @@ -301,6 +335,9 @@ acl_chk_chap_alg_optn(int chap_algorithm) { if (chap_algorithm == AUTH_OPTION_NONE || + chap_algorithm == AUTH_CHAP_ALG_SHA3_256 || + chap_algorithm == AUTH_CHAP_ALG_SHA256 || + chap_algorithm == AUTH_CHAP_ALG_SHA1 || chap_algorithm == AUTH_CHAP_ALG_MD5) return 0; @@ -701,6 +738,20 @@ if (number == (unsigned long)client->chap_alg_list[i]) { client->negotiated_chap_alg = number; + switch (number) { + case AUTH_CHAP_ALG_MD5: + client->chap_challenge_len = AUTH_CHAP_MD5_RSP_LEN; + break; + case AUTH_CHAP_ALG_SHA1: + client->chap_challenge_len = AUTH_CHAP_SHA1_RSP_LEN; + break; + case AUTH_CHAP_ALG_SHA256: + client->chap_challenge_len = AUTH_CHAP_SHA256_RSP_LEN; + break; + case AUTH_CHAP_ALG_SHA3_256: + client->chap_challenge_len = AUTH_CHAP_SHA3_256_RSP_LEN; + break; + } return; } } @@ -816,7 +867,7 @@ acl_local_auth(struct iscsi_acl *client) { unsigned int chap_identifier; - unsigned char response_data[AUTH_CHAP_RSP_LEN]; + unsigned char response_data[AUTH_CHAP_RSP_MAX]; unsigned long number; int status; enum auth_dbg_status dbg_status; @@ -848,7 +899,10 @@ client->local_state = AUTH_LOCAL_STATE_ERROR; client->dbg_status = AUTH_DBG_STATUS_CHAP_ALG_REJECT; break; - } else if (client->negotiated_chap_alg != AUTH_CHAP_ALG_MD5) { + } else if ((client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA3_256) && + (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA256) && + (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA1) && + (client->negotiated_chap_alg != AUTH_CHAP_ALG_MD5)) { client->local_state = AUTH_LOCAL_STATE_ERROR; client->dbg_status = AUTH_DBG_STATUS_CHAP_ALG_BAD; break; @@ -923,8 +977,8 @@ break; } - acl_data_to_text(response_data, - AUTH_CHAP_RSP_LEN, client->scratch_key_value, + acl_data_to_text(response_data, client->chap_challenge_len, + client->scratch_key_value, AUTH_STR_MAX_LEN); acl_set_key_value(&client->send_key_block, AUTH_KEY_TYPE_CHAP_RSP, @@ -949,7 +1003,7 @@ unsigned char id_data[1]; unsigned char response_data[AUTH_STR_MAX_LEN]; unsigned int rsp_len = AUTH_STR_MAX_LEN; - unsigned char my_rsp_data[AUTH_CHAP_RSP_LEN]; + unsigned char my_rsp_data[AUTH_CHAP_RSP_MAX]; int status; enum auth_dbg_status dbg_status; const char *chap_rsp_key_val; @@ -1012,7 +1066,7 @@ break; } - if (rsp_len == AUTH_CHAP_RSP_LEN) { + if (rsp_len == client->chap_challenge_len) { dbg_status = acl_chap_compute_rsp(client, 1, client->send_chap_identifier, client->send_chap_challenge.large_binary, @@ -1021,7 +1075,7 @@ if (dbg_status == AUTH_DBG_STATUS_NOT_SET && memcmp(my_rsp_data, response_data, - AUTH_CHAP_RSP_LEN) == 0) { + client->chap_challenge_len) == 0) { client->rmt_state = AUTH_RMT_STATE_ERROR; client->dbg_status = AUTH_DBG_STATUS_PASSWD_IDENTICAL; break; @@ -1765,6 +1819,28 @@ } int +acl_init_chap_digests(int *value_list) { + EVP_MD_CTX *context = EVP_MD_CTX_new(); + int i = 0; + + if (EVP_DigestInit_ex(context, EVP_sha3_256(), NULL)) { + value_list[i++] = AUTH_CHAP_ALG_SHA3_256; + } + if (EVP_DigestInit_ex(context, EVP_sha256(), NULL)) { + value_list[i++] = AUTH_CHAP_ALG_SHA256; + } + if (EVP_DigestInit_ex(context, EVP_sha1(), NULL)) { + value_list[i++] = AUTH_CHAP_ALG_SHA1; + } + if (EVP_DigestInit_ex(context, EVP_md5(), NULL)) { + value_list[i++] = AUTH_CHAP_ALG_MD5; + } + return i; +} + +#define MAX(a,b) ((a) > (b) ? (a) : (b)) + +int acl_init(int node_type, int buf_desc_count, struct auth_buffer_desc *buff_desc) { struct iscsi_acl *client; @@ -1772,7 +1848,7 @@ struct auth_str_block *send_str_blk; struct auth_large_binary *recv_chap_challenge; struct auth_large_binary *send_chap_challenge; - int value_list[2]; + int value_list[MAX(AUTH_METHOD_MAX_COUNT, AUTH_CHAP_ALG_MAX_COUNT)]; if (buf_desc_count != 5 || !buff_desc) return AUTH_STATUS_ERROR; @@ -1825,7 +1901,6 @@ client->node_type = (enum auth_node_type) node_type; client->auth_rmt = 1; client->passwd_present = 0; - client->chap_challenge_len = AUTH_CHAP_RSP_LEN; client->ip_sec = 0; client->phase = AUTH_PHASE_CONFIGURE; @@ -1851,10 +1926,8 @@ return AUTH_STATUS_ERROR; } - value_list[0] = AUTH_CHAP_ALG_MD5; - - if (acl_set_chap_alg_list(client, 1, value_list) != - AUTH_STATUS_NO_ERROR) { + if (acl_set_chap_alg_list(client, acl_init_chap_digests(value_list), + value_list) != AUTH_STATUS_NO_ERROR) { client->phase = AUTH_PHASE_ERROR; return AUTH_STATUS_ERROR; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/auth.h new/open-iscsi-2.1.0-suse/usr/auth.h --- old/open-iscsi-2.0.878-suse/usr/auth.h 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/auth.h 2019-11-18 19:06:18.000000000 +0100 @@ -29,7 +29,11 @@ AUTH_LARGE_BINARY_MAX_LEN = 1024, AUTH_RECV_END_MAX_COUNT = 10, ACL_SIGNATURE = 0x5984B2E3, - AUTH_CHAP_RSP_LEN = 16, + AUTH_CHAP_MD5_RSP_LEN = 16, + AUTH_CHAP_SHA1_RSP_LEN = 20, + AUTH_CHAP_SHA256_RSP_LEN = 32, + AUTH_CHAP_SHA3_256_RSP_LEN = 32, + AUTH_CHAP_RSP_MAX = 32, }; /* @@ -61,7 +65,10 @@ AUTH_METHOD_MAX_COUNT = 2, AUTH_CHAP_ALG_MD5 = 5, - AUTH_CHAP_ALG_MAX_COUNT = 2 + AUTH_CHAP_ALG_SHA1 = 6, + AUTH_CHAP_ALG_SHA256 = 7, + AUTH_CHAP_ALG_SHA3_256 = 8, + AUTH_CHAP_ALG_MAX_COUNT = 5 }; enum auth_neg_role { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/host.c new/open-iscsi-2.1.0-suse/usr/host.c --- old/open-iscsi-2.0.878-suse/usr/host.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/host.c 2019-11-18 19:06:18.000000000 +0100 @@ -217,7 +217,7 @@ static void print_host_ifaces(struct host_info *hinfo, char *prefix) { - int nr_found; + int nr_found = 0; iscsi_sysfs_for_each_iface_on_host(prefix, hinfo->host_no, &nr_found, print_host_iface); @@ -262,14 +262,14 @@ matched_ses[matched_se_count++] = ses[i]; if (!matched_se_count) - return 0; + goto out; printf("\t*********\n"); printf("\tSessions:\n"); printf("\t*********\n"); session_info_print_tree(matched_ses, matched_se_count, "\t", session_info_flags, 0/* don't show password */); - +out: free(matched_ses); return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/iscsi_net_util.c new/open-iscsi-2.1.0-suse/usr/iscsi_net_util.c --- old/open-iscsi-2.0.878-suse/usr/iscsi_net_util.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/iscsi_net_util.c 2019-11-18 19:06:18.000000000 +0100 @@ -193,22 +193,24 @@ sockfd = socket(AF_INET, SOCK_DGRAM, 0); - strncpy(if_hwaddr.ifr_name, netdev, IFNAMSIZ); + strlcpy(if_hwaddr.ifr_name, netdev, IFNAMSIZ); ioctl(sockfd, SIOCGIFHWADDR, &if_hwaddr); - if (if_hwaddr.ifr_hwaddr.sa_family != ARPHRD_ETHER) + if (if_hwaddr.ifr_hwaddr.sa_family != ARPHRD_ETHER) { + close(sockfd); return NULL; + } ifni = if_nameindex(); for (i = 0; ifni[i].if_index && ifni[i].if_name; i++) { - strncpy(vlan_hwaddr.ifr_name, ifni[i].if_name, IFNAMSIZ); + strlcpy(vlan_hwaddr.ifr_name, ifni[i].if_name, IFNAMSIZ); ioctl(sockfd, SIOCGIFHWADDR, &vlan_hwaddr); if (vlan_hwaddr.ifr_hwaddr.sa_family != ARPHRD_ETHER) continue; if (!memcmp(if_hwaddr.ifr_hwaddr.sa_data, vlan_hwaddr.ifr_hwaddr.sa_data, ETH_ALEN)) { - strncpy(vlanrq.device1, ifni[i].if_name, IFNAMSIZ); + strlcpy(vlanrq.device1, ifni[i].if_name, IFNAMSIZ); rc = ioctl(sockfd, SIOCGIFVLAN, &vlanrq); if ((rc == 0) && (vlanrq.u.VID == vlan_id)) { vlan = strdup(vlanrq.device1); @@ -271,7 +273,8 @@ if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) == -1) { log_error("Could not open socket to manage network " "(err %d - %s)", errno, strerror(errno)); - return errno; + ret = errno; + goto done; } /* Bring up NIC with correct address - unless it @@ -389,7 +392,8 @@ ret = 0; done: - close(sock); + if (sock >= 0) + close(sock); if (vlan_id) free(netdev); return ret; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/iscsi_sysfs.c new/open-iscsi-2.1.0-suse/usr/iscsi_sysfs.c --- old/open-iscsi-2.0.878-suse/usr/iscsi_sysfs.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/iscsi_sysfs.c 2019-11-18 19:06:18.000000000 +0100 @@ -464,7 +464,7 @@ log_debug(7, "could not get transport name for host%d", host_no); else - strncpy(fnode->transport_name, t->name, + strlcpy(fnode->transport_name, t->name, ISCSI_TRANSPORT_NAME_MAXLEN); snprintf(sess_id, sizeof(sess_id), ISCSI_FLASHNODE_SESS, host_no, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/iscsi_util.c new/open-iscsi-2.1.0-suse/usr/iscsi_util.c --- old/open-iscsi-2.0.878-suse/usr/iscsi_util.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/iscsi_util.c 2019-11-18 19:06:18.000000000 +0100 @@ -62,6 +62,7 @@ setsid(); if (chdir("/") < 0) log_debug(1, "Could not chdir to /: %s", strerror(errno)); + close(fd); } #define ISCSI_OOM_PATH_LEN 48 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/iscsiadm.c new/open-iscsi-2.1.0-suse/usr/iscsiadm.c --- old/open-iscsi-2.0.878-suse/usr/iscsiadm.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/iscsiadm.c 2019-11-18 19:06:18.000000000 +0100 @@ -524,10 +524,9 @@ */ struct iface_rec *pattern_iface, *tmp_iface; struct node_rec *rec, *tmp_rec; - struct list_head iface_list; + LIST_HEAD(iface_list); int missed_leading_login = 0; log_debug(1, "Logging into leading-login portals"); - INIT_LIST_HEAD(&iface_list); iface_link_ifaces(&iface_list); list_for_each_entry_safe(pattern_iface, tmp_iface, &iface_list, list) { @@ -657,10 +656,9 @@ static int login_portals(struct node_rec *pattern_rec) { - struct list_head rec_list; + LIST_HEAD(rec_list); int nr_found, rc, err; - INIT_LIST_HEAD(&rec_list); err = for_each_matched_rec(pattern_rec, &rec_list, link_recs); if (err == ISCSI_ERR_NO_OBJS_FOUND) return err; @@ -974,7 +972,7 @@ if (rc) { log_error("Could not read iface %s. Error %d", iface->name, rc); - return rc; + goto free_drec; } iface_copy(&rec->iface, iface); @@ -987,6 +985,7 @@ rec->iface.transport_name, iface_str(&rec->iface), ip, port, tpgt, targetname); } +free_drec: free(drec); free_rec: free(rec); @@ -1171,11 +1170,10 @@ do_software_sendtargets(discovery_rec_t *drec, struct list_head *ifaces, int info_level, int do_login, int op, int sync_drec) { - struct list_head rec_list; + LIST_HEAD(rec_list); struct node_rec *rec, *tmp; int rc; - INIT_LIST_HEAD(&rec_list); /* * compat: if the user did not pass any op then we do all * ops for them @@ -1221,11 +1219,10 @@ static int do_isns(discovery_rec_t *drec, struct list_head *ifaces, int info_level, int do_login, int op) { - struct list_head rec_list; + LIST_HEAD(rec_list); struct node_rec *rec, *tmp; int rc; - INIT_LIST_HEAD(&rec_list); /* * compat: if the user did not pass any op then we do all * ops for them @@ -1663,7 +1660,7 @@ rc = ISCSI_ERR; } - goto exit_set_chap; + goto free_iovec; } ipc->ctldev_close(); @@ -2883,14 +2880,13 @@ static int exec_fw_disc_op(discovery_rec_t *drec, struct list_head *ifaces, int info_level, int do_login, int op) { - struct list_head targets, rec_list, new_ifaces; + LIST_HEAD(targets); + LIST_HEAD(rec_list); + LIST_HEAD(new_ifaces); struct iface_rec *iface, *tmp_iface; struct node_rec *rec, *tmp_rec; int rc = 0; - INIT_LIST_HEAD(&targets); - INIT_LIST_HEAD(&rec_list); - INIT_LIST_HEAD(&new_ifaces); /* * compat: if the user did not pass any op then we do all * ops for them @@ -2971,13 +2967,11 @@ int info_level, int do_login, int op) { struct boot_context *context; - struct list_head targets, rec_list; + LIST_HEAD(targets); + LIST_HEAD(rec_list); struct node_rec *rec; int rc = 0; - INIT_LIST_HEAD(&targets); - INIT_LIST_HEAD(&rec_list); - if (drec) return exec_fw_disc_op(drec, ifaces, info_level, do_login, op); @@ -3531,13 +3525,13 @@ int timeout = ISCSID_REQ_TIMEOUT; struct sigaction sa_old; struct sigaction sa_new; - struct list_head ifaces; + LIST_HEAD(ifaces); struct iface_rec *iface = NULL, *tmp; struct node_rec *rec = NULL; uint64_t host_no = (uint64_t)MAX_HOST_NO + 1; uint64_t index = ULLONG_MAX; struct user_param *param; - struct list_head params; + LIST_HEAD(params); struct iscsi_context *ctx = NULL; int librc = LIBISCSI_OK; struct iscsi_session **ses = NULL; @@ -3550,8 +3544,6 @@ goto out; } - INIT_LIST_HEAD(¶ms); - INIT_LIST_HEAD(&ifaces); /* do not allow ctrl-c for now... */ memset(&sa_old, 0, sizeof(struct sigaction)); memset(&sa_new, 0, sizeof(struct sigaction)); @@ -3948,6 +3940,7 @@ rc = ISCSI_ERR_NOMEM; goto out; } + info->iscsid_req_tmo = -1; rc = iscsi_sysfs_get_sessioninfo_by_id(info, session); if (rc) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/iscsid_req.c new/open-iscsi-2.1.0-suse/usr/iscsid_req.c --- old/open-iscsi-2.0.878-suse/usr/iscsid_req.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/iscsid_req.c 2019-11-18 19:06:18.000000000 +0100 @@ -55,6 +55,8 @@ if (system(startup_cmd) < 0) log_error("Could not execute '%s' (err %d)", startup_cmd, errno); + + free(startup_cmd); } #define MAXSLEEP 128 @@ -95,6 +97,8 @@ if (nsec <= MAXSLEEP/2) sleep(nsec); } + close(*fd); + *fd = -1; log_error("can not connect to iSCSI daemon (%d)!", errno); return ISCSI_ERR_ISCSID_NOTCONN; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/md5.c new/open-iscsi-2.1.0-suse/usr/md5.c --- old/open-iscsi-2.0.878-suse/usr/md5.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/md5.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,236 +0,0 @@ -/* - * This code implements the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. - * - * To compute the message digest of a chunk of bytes, declare an - * MD5Context structure, pass it to MD5Init, call MD5Update as - * needed on buffers full of bytes, and then call MD5Final, which - * will fill a supplied 16-byte array with the digest. - * - * Changed so as no longer to depend on Colin Plumb's `usual.h' header - * definitions; now uses stuff from dpkg's config.h. - * - Ian Jackson <[email protected]>. - * Still in the public domain. - */ - -#include "md5.h" - -#ifdef WORDS_BIGENDIAN -void -byteSwap(UWORD32 *buf, unsigned words) -{ - md5byte *p = (md5byte *)buf; - - do { - *buf++ = (UWORD32)((unsigned)p[3] << 8 | p[2]) << 16 | - ((unsigned)p[1] << 8 | p[0]); - p += 4; - } while (--words); -} -#else -#define byteSwap(buf,words) -#endif - -/* - * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious - * initialization constants. - */ -void -MD5Init(struct MD5Context *ctx) -{ - ctx->buf[0] = 0x67452301; - ctx->buf[1] = 0xefcdab89; - ctx->buf[2] = 0x98badcfe; - ctx->buf[3] = 0x10325476; - - ctx->bytes[0] = 0; - ctx->bytes[1] = 0; -} - -/* - * Update context to reflect the concatenation of another buffer full - * of bytes. - */ -void -MD5Update(struct MD5Context *ctx, md5byte const *buf, unsigned len) -{ - UWORD32 t; - - /* Update byte count */ - - t = ctx->bytes[0]; - if ((ctx->bytes[0] = t + len) < t) - ctx->bytes[1]++; /* Carry from low to high */ - - t = 64 - (t & 0x3f); /* Space available in ctx->in (at least 1) */ - if (t > len) { - memcpy((md5byte *)ctx->in + 64 - t, buf, len); - return; - } - /* First chunk is an odd size */ - memcpy((md5byte *)ctx->in + 64 - t, buf, t); - byteSwap(ctx->in, 16); - MD5Transform(ctx->buf, ctx->in); - buf += t; - len -= t; - - /* Process data in 64-byte chunks */ - while (len >= 64) { - memcpy(ctx->in, buf, 64); - byteSwap(ctx->in, 16); - MD5Transform(ctx->buf, ctx->in); - buf += 64; - len -= 64; - } - - /* Handle any remaining bytes of data. */ - memcpy(ctx->in, buf, len); -} - -/* - * Final wrapup - pad to 64-byte boundary with the bit pattern - * 1 0* (64-bit count of bits processed, MSB-first) - */ -void -MD5Final(md5byte digest[16], struct MD5Context *ctx) -{ - int count = ctx->bytes[0] & 0x3f; /* Number of bytes in ctx->in */ - md5byte *p = (md5byte *)ctx->in + count; - - /* Set the first char of padding to 0x80. There is always room. */ - *p++ = 0x80; - - /* Bytes of padding needed to make 56 bytes (-8..55) */ - count = 56 - 1 - count; - - if (count < 0) { /* Padding forces an extra block */ - memset(p, 0, count + 8); - byteSwap(ctx->in, 16); - MD5Transform(ctx->buf, ctx->in); - p = (md5byte *)ctx->in; - count = 56; - } - memset(p, 0, count); - byteSwap(ctx->in, 14); - - /* Append length in bits and transform */ - ctx->in[14] = ctx->bytes[0] << 3; - ctx->in[15] = ctx->bytes[1] << 3 | ctx->bytes[0] >> 29; - MD5Transform(ctx->buf, ctx->in); - - byteSwap(ctx->buf, 4); - memcpy(digest, ctx->buf, 16); - memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ -} - -#ifndef ASM_MD5 - -/* The four core functions - F1 is optimized somewhat */ - -/* #define F1(x, y, z) (x & y | ~x & z) */ -#define F1(x, y, z) (z ^ (x & (y ^ z))) -#define F2(x, y, z) F1(z, x, y) -#define F3(x, y, z) (x ^ y ^ z) -#define F4(x, y, z) (y ^ (x | ~z)) - -/* This is the central step in the MD5 algorithm. */ -#define MD5STEP(f,w,x,y,z,in,s) \ - (w += f(x,y,z) + in, w = (w<<s | w>>(32-s)) + x) - -/* - * The core of the MD5 algorithm, this alters an existing MD5 hash to - * reflect the addition of 16 longwords of new data. MD5Update blocks - * the data and converts bytes into longwords for this routine. - */ -void -MD5Transform(UWORD32 buf[4], UWORD32 const in[16]) -{ - register UWORD32 a, b, c, d; - - a = buf[0]; - b = buf[1]; - c = buf[2]; - d = buf[3]; - - MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); - MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); - MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); - MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); - MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); - MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); - MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); - MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); - MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); - MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); - MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); - MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); - MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); - MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); - MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); - MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); - - MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); - MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); - MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); - MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); - MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); - MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); - MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); - MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); - MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); - MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); - MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); - MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); - MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); - MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); - MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); - MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); - - MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); - MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); - MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); - MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); - MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); - MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); - MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); - MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); - MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); - MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); - MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); - MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); - MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); - MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); - MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); - MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); - - MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); - MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); - MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); - MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); - MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); - MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); - MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); - MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); - MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); - MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); - MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); - MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); - MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); - MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); - MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); - MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); - - buf[0] += a; - buf[1] += b; - buf[2] += c; - buf[3] += d; -} - -#endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/md5.h new/open-iscsi-2.1.0-suse/usr/md5.h --- old/open-iscsi-2.0.878-suse/usr/md5.h 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/md5.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,60 +0,0 @@ -/* - * This is the header file for the MD5 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - * - * Equivalent code is available from RSA Data Security, Inc. - * This code has been tested against that, and is equivalent, - * except that you don't need to include two pages of legalese - * with every copy. - * - * To compute the message digest of a chunk of bytes, declare an - * MD5Context structure, pass it to MD5Init, call MD5Update as - * needed on buffers full of bytes, and then call MD5Final, which - * will fill a supplied 16-byte array with the digest. - * - * Changed so as no longer to depend on Colin Plumb's `usual.h' - * header definitions; now uses stuff from dpkg's config.h - * - Ian Jackson <[email protected]>. - * Still in the public domain. - */ - -#ifndef MD5_H -#define MD5_H - -#include <string.h> -#include <sys/types.h> -#include <netinet/in.h> -#include <stdint.h> -#if (__BYTE_ORDER == __BIG_ENDIAN) -# define WORDS_BIGENDIAN 1 -#endif - -typedef uint32_t UWORD32; - - -#ifdef __cplusplus -extern "C" { -#endif - - -#define md5byte unsigned char - -struct MD5Context { - UWORD32 buf[4]; - UWORD32 bytes[2]; - UWORD32 in[16]; -}; - -void MD5Init(struct MD5Context *context); -void MD5Update(struct MD5Context *context, md5byte const *buf, unsigned len); -void MD5Final(unsigned char digest[16], struct MD5Context *context); -void MD5Transform(UWORD32 buf[4], UWORD32 const in[16]); - - -#ifdef __cplusplus -} -#endif - -#endif /* !MD5_H */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/sha1.c new/open-iscsi-2.1.0-suse/usr/sha1.c --- old/open-iscsi-2.0.878-suse/usr/sha1.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/sha1.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,167 +0,0 @@ -/* - * Cryptographic API. - * - * SHA1 Secure Hash Algorithm. - * - * Derived from cryptoapi implementation, adapted for in-place - * scatterlist interface. Originally based on the public domain - * implementation written by Steve Reid. - * - * Copyright (c) Alan Smithee. - * Copyright (c) Andrew McDonald <[email protected]> - * Copyright (c) Jean-Francois Dive <[email protected]> - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - */ -#include "sha1.h" - -#define SHA1_DIGEST_SIZE 20 -#define SHA1_HMAC_BLOCK_SIZE 64 - -static inline uint32_t rol(uint32_t value, uint32_t bits) -{ - return (((value) << (bits)) | ((value) >> (32 - (bits)))); -} - -/* blk0() and blk() perform the initial expand. */ -/* I got the idea of expanding during the round function from SSLeay */ -# define blk0(i) block32[i] - -#define blk(i) (block32[i&15] = rol(block32[(i+13)&15]^block32[(i+8)&15] \ - ^block32[(i+2)&15]^block32[i&15],1)) - -/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ -#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5); \ - w=rol(w,30); -#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5); \ - w=rol(w,30); -#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); -#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5); \ - w=rol(w,30); -#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); - -/* Hash a single 512-bit block. This is the core of the algorithm. */ -static void sha1_transform(uint32_t *state, const uint8_t *in) -{ - uint32_t a, b, c, d, e; - uint32_t block32[16]; - - /* convert/copy data to workspace */ - for (a = 0; a < sizeof(block32)/sizeof(uint32_t); a++) - block32[a] = ntohl (((const uint32_t *)in)[a]); - - /* Copy context->state[] to working vars */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - - /* 4 rounds of 20 operations each. Loop unrolled. */ - R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); - R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); - R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); - R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); - R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); - R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); - R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); - R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); - R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); - R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); - R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); - R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); - R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); - R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); - R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); - R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); - R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); - R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); - R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); - R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); - /* Add the working vars back into context.state[] */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - /* Wipe variables */ - a = b = c = d = e = 0; - memset (block32, 0x00, sizeof block32); -} - -void sha1_init(void *ctx) -{ - struct sha1_ctx *sctx = ctx; - static const struct sha1_ctx initstate = { - 0, - { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0 }, - { 0, } - }; - - *sctx = initstate; -} - -void sha1_update(void *ctx, const uint8_t *data, unsigned int len) -{ - struct sha1_ctx *sctx = ctx; - unsigned int i, j; - - j = (sctx->count >> 3) & 0x3f; - sctx->count += len << 3; - - if ((j + len) > 63) { - memcpy(&sctx->buffer[j], data, (i = 64-j)); - sha1_transform(sctx->state, sctx->buffer); - for ( ; i + 63 < len; i += 64) { - sha1_transform(sctx->state, &data[i]); - } - j = 0; - } - else i = 0; - memcpy(&sctx->buffer[j], &data[i], len - i); -} - - -/* Add padding and return the message digest. */ -void sha1_final(void* ctx, uint8_t *out) -{ - struct sha1_ctx *sctx = ctx; - uint32_t i, j, index, padlen; - uint64_t t; - uint8_t bits[8] = { 0, }; - static const uint8_t padding[64] = { 0x80, }; - - t = sctx->count; - bits[7] = 0xff & t; t>>=8; - bits[6] = 0xff & t; t>>=8; - bits[5] = 0xff & t; t>>=8; - bits[4] = 0xff & t; t>>=8; - bits[3] = 0xff & t; t>>=8; - bits[2] = 0xff & t; t>>=8; - bits[1] = 0xff & t; t>>=8; - bits[0] = 0xff & t; - - /* Pad out to 56 mod 64 */ - index = (sctx->count >> 3) & 0x3f; - padlen = (index < 56) ? (56 - index) : ((64+56) - index); - sha1_update(sctx, padding, padlen); - - /* Append length */ - sha1_update(sctx, bits, sizeof bits); - - /* Store state in digest */ - for (i = j = 0; i < 5; i++, j += 4) { - uint32_t t2 = sctx->state[i]; - out[j+3] = t2 & 0xff; t2>>=8; - out[j+2] = t2 & 0xff; t2>>=8; - out[j+1] = t2 & 0xff; t2>>=8; - out[j ] = t2 & 0xff; - } - - /* Wipe context */ - memset(sctx, 0, sizeof *sctx); -} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/sha1.h new/open-iscsi-2.1.0-suse/usr/sha1.h --- old/open-iscsi-2.0.878-suse/usr/sha1.h 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/sha1.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,27 +0,0 @@ -/* - * sha1.h - SHA1 Secure Hash Algorithm used for CHAP authentication. - * copied from the Linux kernel's Cryptographic API and slightly adjusted to - * fit IET's needs - * - * This file is (c) 2004 Xiranet Communications GmbH <[email protected]> - * and licensed under the GPL. - */ - -#ifndef SHA1_H -#define SHA1_H - -#include <sys/types.h> -#include <string.h> -#include "types.h" - -struct sha1_ctx { - uint64_t count; - uint32_t state[5]; - uint8_t buffer[64]; -}; - -void sha1_init(void *ctx); -void sha1_update(void *ctx, const uint8_t *data, unsigned int len); -void sha1_final(void* ctx, uint8_t *out); - -#endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/sysfs.c new/open-iscsi-2.1.0-suse/usr/sysfs.c --- old/open-iscsi-2.0.878-suse/usr/sysfs.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/sysfs.c 2019-11-18 19:06:18.000000000 +0100 @@ -134,7 +134,7 @@ strlcpy(link_path, sysfs_path, sizeof(link_path)); strlcat(link_path, devpath, sizeof(link_path)); - len = readlink(link_path, link_target, sizeof(link_target)); + len = readlink(link_path, link_target, sizeof(link_target) - 1); if (len <= 0) return -1; link_target[len] = '\0'; @@ -225,7 +225,7 @@ strlcpy(link_path, sysfs_path, sizeof(link_path)); strlcat(link_path, dev->devpath, sizeof(link_path)); strlcat(link_path, "/subsystem", sizeof(link_path)); - len = readlink(link_path, link_target, sizeof(link_target)); + len = readlink(link_path, link_target, sizeof(link_target) - 1); if (len > 0) { /* get subsystem from "subsystem" link */ link_target[len] = '\0'; @@ -255,7 +255,7 @@ strlcpy(link_path, sysfs_path, sizeof(link_path)); strlcat(link_path, dev->devpath, sizeof(link_path)); strlcat(link_path, "/driver", sizeof(link_path)); - len = readlink(link_path, link_target, sizeof(link_target)); + len = readlink(link_path, link_target, sizeof(link_target) - 1); if (len > 0) { link_target[len] = '\0'; dbg("driver link '%s' points to '%s'", link_path, link_target); @@ -363,7 +363,7 @@ int len; const char *pos; - len = readlink(path_full, link_target, sizeof(link_target)); + len = readlink(path_full, link_target, sizeof(link_target) - 1); if (len > 0) { link_target[len] = '\0'; pos = strrchr(link_target, '/'); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/usr/version.h new/open-iscsi-2.1.0-suse/usr/version.h --- old/open-iscsi-2.0.878-suse/usr/version.h 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/usr/version.h 2019-11-18 19:06:18.000000000 +0100 @@ -6,7 +6,7 @@ * This may not be the same value as the kernel versions because * some other maintainer could merge a patch without going through us */ -#define ISCSI_VERSION_STR "2.0-878-suse" +#define ISCSI_VERSION_STR "2.1.0-suse" #define ISCSI_VERSION_FILE "/sys/module/scsi_transport_iscsi/version" #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/utils/fwparam_ibft/fwparam_ppc.c new/open-iscsi-2.1.0-suse/utils/fwparam_ibft/fwparam_ppc.c --- old/open-iscsi-2.0.878-suse/utils/fwparam_ibft/fwparam_ppc.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/utils/fwparam_ibft/fwparam_ppc.c 2019-11-18 19:06:18.000000000 +0100 @@ -132,6 +132,7 @@ error = errno; fprintf(stderr, "%s: open %s, %s\n", __func__, mac_file, strerror(errno)); + free(mac_file); goto lpm_bail; } @@ -140,12 +141,10 @@ error = EIO; fprintf(stderr, "%s: read %s, %s\n", __func__, mac_file, strerror(errno)); - goto lpm_bail; } free(mac_file); close(mac_fd); - lpm_bail: return error; } @@ -483,7 +482,6 @@ if (!error) error = locate_mac(devtree, ofwdevs[0]); if (!error) { - context = calloc(1, sizeof(*context)); if (!context) error = ISCSI_ERR_NOMEM; else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/open-iscsi-2.0.878-suse/utils/iscsi-iname.c new/open-iscsi-2.1.0-suse/utils/iscsi-iname.c --- old/open-iscsi-2.0.878-suse/utils/iscsi-iname.c 2019-09-13 18:22:40.000000000 +0200 +++ new/open-iscsi-2.1.0-suse/utils/iscsi-iname.c 2019-11-18 19:06:18.000000000 +0100 @@ -36,10 +36,13 @@ #define RANDOM_NUM_GENERATOR "/dev/urandom" +/* iSCSI names have a maximum length of 223 characters, we reserve 13 to append + * a seperator and 12 characters (6 random bytes in hex representation) */ +#define PREFIX_MAX_LEN 210 + int main(int argc, char *argv[]) { - char iname[256]; struct timeval time; struct utsname system_info; long hostid; @@ -52,7 +55,6 @@ char *prefix; /* initialize */ - memset(iname, 0, sizeof (iname)); memset(digest, 0, sizeof (digest)); memset(&context, 0, sizeof (context)); MD5Init(&context); @@ -67,13 +69,18 @@ exit(0); } else if ( strcmp(prefix, "-p") == 0 ) { prefix = argv[2]; + if (strnlen(prefix, PREFIX_MAX_LEN + 1) > PREFIX_MAX_LEN) { + printf("Error: Prefix cannot exceed %d " + "characters.\n", PREFIX_MAX_LEN); + exit(1); + } } else { printf("\nUsage: iscsi-iname [-h | --help | " "-p <prefix>]\n"); exit(0); } } else { - prefix = "iqn.2005-03.org.open-iscsi"; + prefix = "iqn.2016-04.com.open-iscsi"; } /* try to feed some entropy from the pool to MD5 in order to get @@ -132,10 +139,7 @@ } /* print the prefix followed by 6 bytes of the MD5 hash */ - sprintf(iname, "%s:%x%x%x%x%x%x", prefix, + printf("%s:%x%x%x%x%x%x\n", prefix, bytes[0], bytes[1], bytes[2], bytes[3], bytes[4], bytes[5]); - - iname[sizeof (iname) - 1] = '\0'; - printf("%s\n", iname); return 0; } ++++++ open-iscsi-SUSE-latest.diff.bz2 ++++++ --- /var/tmp/diff_new_pack.e39LMp/_old 2019-11-23 23:23:09.538810872 +0100 +++ /var/tmp/diff_new_pack.e39LMp/_new 2019-11-23 23:23:09.542810872 +0100 @@ -1,441 +0,0 @@ -diff --git a/Makefile b/Makefile -index 6d6bfcbaef6d..f0ae91449a97 100644 ---- a/Makefile -+++ b/Makefile -@@ -15,7 +15,7 @@ etcdir = /etc - initddir = $(etcdir)/init.d - libdir = $(prefix)/lib - rulesdir = $(libdir)/udev/rules.d --systemddir = $(prefix)/lib/systemd/system -+systemddir = $(prefix)/lib/systemd - - MANPAGES = doc/iscsid.8 doc/iscsiadm.8 doc/iscsi_discovery.8 \ - iscsiuio/docs/iscsiuio.8 doc/iscsi_fw_login.8 doc/iscsi-iname.8 \ -@@ -115,8 +115,11 @@ install_udev_rules: - $(INSTALL) -m 644 $(RULESFILES) $(DESTDIR)/$(rulesdir) - - install_systemd: -- $(INSTALL) -d $(DESTDIR)$(systemddir) -- $(INSTALL) -m 644 $(SYSTEMDFILES) $(DESTDIR)/$(systemddir) -+ $(INSTALL) -d $(DESTDIR)$(systemddir)/system -+ $(INSTALL) -m 644 $(SYSTEMDFILES) $(DESTDIR)/$(systemddir)/system -+ $(INSTALL) -d $(DESTDIR)$(systemddir)/system-generators -+ $(INSTALL) -m 755 utils/ibft-rule-generator \ -+ $(DESTDIR)$(systemddir)/system-generators - - install_programs: $(PROGRAMS) $(SCRIPTS) - $(INSTALL) -d $(DESTDIR)$(sbindir) -@@ -151,23 +154,6 @@ install_initd_debian: - $(INSTALL) -m 755 etc/initd/initd.debian \ - $(DESTDIR)$(initddir)/open-iscsi - --# install systemd service files for openSUSE --install_service_suse: -- $(INSTALL) -d $(DESTDIR)$(systemddir)/system -- $(INSTALL) -m 644 etc/systemd/iscsid.service \ -- $(DESTDIR)$(systemddir)/system -- $(INSTALL) -m 644 etc/systemd/iscsid.socket \ -- $(DESTDIR)$(systemddir)/system -- $(INSTALL) -m 644 etc/systemd/iscsi.service \ -- $(DESTDIR)$(systemddir)/system -- $(INSTALL) -m 644 etc/systemd/iscsiuio.service \ -- $(DESTDIR)$(systemddir)/system -- $(INSTALL) -m 644 etc/systemd/iscsiuio.socket \ -- $(DESTDIR)$(systemddir)/system -- $(INSTALL) -d $(DESTDIR)$(systemddir)/system-generators -- $(INSTALL) -m 755 utils/ibft-rule-generator \ -- $(DESTDIR)$(systemddir)/system-generators -- - install_iface: $(IFACEFILES) - $(INSTALL) -d $(DESTDIR)$(etcdir)/iscsi/ifaces - $(INSTALL) -m 644 $^ $(DESTDIR)$(etcdir)/iscsi/ifaces -diff --git a/usr/Makefile b/usr/Makefile -index 42ce6f0cfe1c..338f9ebe1d9d 100644 ---- a/usr/Makefile -+++ b/usr/Makefile -@@ -50,8 +50,8 @@ PROGRAMS = iscsid iscsiadm iscsistart - # libc compat files - SYSDEPS_SRCS = $(sort $(wildcard ../utils/sysdeps/*.o)) - # sources shared between iscsid, iscsiadm and iscsistart --ISCSI_LIB_SRCS = iscsi_util.o io.o auth.o iscsi_timer.o login.o log.o md5.o \ -- sha1.o iface.o idbm.o sysfs.o host.o session_info.o iscsi_sysfs.o \ -+ISCSI_LIB_SRCS = iscsi_util.o io.o auth.o iscsi_timer.o login.o log.o \ -+ iface.o idbm.o sysfs.o host.o session_info.o iscsi_sysfs.o \ - iscsi_net_util.o iscsid_req.o transport.o iser.o cxgbi.o be2iscsi.o \ - initiator_common.o iscsi_err.o flashnode.o uip_mgmt_ipc.o \ - netlink.o $(SYSDEPS_SRCS) -@@ -75,7 +75,7 @@ iscsiadm: $(ISCSI_LIB_SRCS) $(DISCOVERY_SRCS) iscsiadm.o session_mgmt.o mntcheck - - iscsistart: $(ISCSI_LIB_SRCS) $(INITIATOR_SRCS) $(FW_BOOT_SRCS) \ - iscsistart.o statics.o -- $(CC) $(CFLAGS) $^ -o $@ -lrt $(LDFLAGS) $(ISCSI_LIB) -+ $(CC) $(CFLAGS) $^ -o $@ -lcrypto -lrt $(LDFLAGS) $(ISCSI_LIB) - - clean: - rm -f *.o $(PROGRAMS) .depend $(LIBSYS) -diff --git a/usr/auth.c b/usr/auth.c -index e44a279ca157..1ffb258108e5 100644 ---- a/usr/auth.c -+++ b/usr/auth.c -@@ -34,7 +34,6 @@ - #include "sysdeps.h" - #include "auth.h" - #include "initiator.h" --#include "md5.h" - #include "log.h" - - static const char acl_hexstring[] = "0123456789abcdefABCDEF"; -@@ -43,9 +42,11 @@ static const char acl_base64_string[] = - static const char acl_authmethod_set_chap_alg_list[] = "CHAP"; - static const char acl_reject_option_name[] = "Reject"; - --void auth_md5_init(struct MD5Context *); --void auth_md5_update(struct MD5Context *, unsigned char *, unsigned int); --void auth_md5_final(unsigned char *, struct MD5Context *); -+#include <openssl/evp.h> -+static int auth_hash_init(EVP_MD_CTX **context, int chap_alg); -+static void auth_hash_update(EVP_MD_CTX *context, unsigned char *md, unsigned int); -+static unsigned int auth_hash_final(unsigned char *, EVP_MD_CTX *context); -+ - void get_random_bytes(unsigned char *data, unsigned int length); - size_t strlcpy(char *, const char *, size_t); - size_t strlcat(char *, const char *, size_t); -@@ -57,18 +58,19 @@ acl_chap_compute_rsp(struct iscsi_acl *client, int rmt_auth, unsigned int id, - unsigned char *response_data) - { - unsigned char id_data[1]; -- struct MD5Context context; -+ EVP_MD_CTX *context = NULL; - unsigned char out_data[AUTH_STR_MAX_LEN]; - unsigned int out_length = AUTH_STR_MAX_LEN; - - if (!client->passwd_present) - return AUTH_DBG_STATUS_LOCAL_PASSWD_NOT_SET; - -- auth_md5_init(&context); -+ if (auth_hash_init(&context, client->negotiated_chap_alg) != 0) -+ return AUTH_DBG_STATUS_AUTH_FAIL; - - /* id byte */ - id_data[0] = id; -- auth_md5_update(&context, id_data, 1); -+ auth_hash_update(context, id_data, 1); - - /* decrypt password */ - if (acl_data(out_data, &out_length, client->passwd_data, -@@ -79,15 +81,15 @@ acl_chap_compute_rsp(struct iscsi_acl *client, int rmt_auth, unsigned int id, - return AUTH_DBG_STATUS_PASSWD_TOO_SHORT_WITH_NO_IPSEC; - - /* shared secret */ -- auth_md5_update(&context, out_data, out_length); -+ auth_hash_update(context, out_data, out_length); - - /* clear decrypted password */ - memset(out_data, 0, AUTH_STR_MAX_LEN); - - /* challenge value */ -- auth_md5_update(&context, challenge_data, challenge_length); -+ auth_hash_update(context, challenge_data, challenge_length); - -- auth_md5_final(response_data, &context); -+ auth_hash_final(response_data, context); - - return AUTH_DBG_STATUS_NOT_SET; /* no error */ - } -@@ -103,8 +105,8 @@ acl_chap_auth_request(struct iscsi_acl *client, char *username, unsigned int id, - unsigned int rsp_length) - { - iscsi_session_t *session = client->session_handle; -- struct MD5Context context; -- unsigned char verify_data[16]; -+ EVP_MD_CTX *context = NULL; -+ unsigned char verify_data[client->chap_challenge_len]; - - /* the expected credentials are in the session */ - if (session->username_in == NULL) { -@@ -137,21 +139,22 @@ acl_chap_auth_request(struct iscsi_acl *client, char *username, unsigned int id, - return AUTH_STATUS_FAIL; - } - -- auth_md5_init(&context); -+ if (auth_hash_init(&context, client->negotiated_chap_alg) != 0) -+ return AUTH_STATUS_FAIL; - - /* id byte */ - verify_data[0] = id; -- auth_md5_update(&context, verify_data, 1); -+ auth_hash_update(context, verify_data, 1); - - /* shared secret */ -- auth_md5_update(&context, (unsigned char *)session->password_in, -+ auth_hash_update(context, (unsigned char *)session->password_in, - session->password_in_length); - - /* challenge value */ -- auth_md5_update(&context, (unsigned char *)challenge_data, -+ auth_hash_update(context, (unsigned char *)challenge_data, - challenge_length); - -- auth_md5_final(verify_data, &context); -+ auth_hash_final(verify_data, context); - - if (memcmp(response_data, verify_data, sizeof(verify_data)) == 0) { - log_debug(1, "initiator authenticated target %s", -@@ -164,23 +167,54 @@ acl_chap_auth_request(struct iscsi_acl *client, char *username, unsigned int id, - return AUTH_STATUS_FAIL; - } - --void --auth_md5_init(struct MD5Context *context) --{ -- MD5Init(context); -+static int auth_hash_init(EVP_MD_CTX **context, int chap_alg) { -+ const EVP_MD *digest = NULL; -+ *context = EVP_MD_CTX_new(); -+ int rc; -+ -+ switch (chap_alg) { -+ case AUTH_CHAP_ALG_MD5: -+ digest = EVP_md5(); -+ break; -+ case AUTH_CHAP_ALG_SHA1: -+ digest = EVP_sha1(); -+ break; -+ case AUTH_CHAP_ALG_SHA256: -+ digest = EVP_sha256(); -+ break; -+ case AUTH_CHAP_ALG_SHA3_256: -+ digest = EVP_sha3_256(); -+ break; -+ } -+ -+ if (*context == NULL) -+ goto fail_context; -+ if (digest == NULL) -+ goto fail_digest; -+ rc = EVP_DigestInit_ex(*context, digest, NULL); -+ if (!rc) -+ goto fail_init; -+ -+ return 0; -+ -+fail_init: -+fail_digest: -+ EVP_MD_CTX_free(*context); -+ *context = NULL; -+fail_context: -+ return -1; - } - --void --auth_md5_update(struct MD5Context *context, unsigned char *data, -- unsigned int length) --{ -- MD5Update(context, data, length); -+static void auth_hash_update(EVP_MD_CTX *context, unsigned char *data, unsigned int length) { -+ EVP_DigestUpdate(context, data, length); - } - --void --auth_md5_final(unsigned char *hash, struct MD5Context *context) --{ -- MD5Final(hash, context); -+static unsigned int auth_hash_final(unsigned char *hash, EVP_MD_CTX *context) { -+ unsigned int md_len; -+ EVP_DigestFinal_ex(context, hash, &md_len); -+ EVP_MD_CTX_free(context); -+ context = NULL; -+ return md_len; - } - - void -@@ -301,6 +335,9 @@ static int - acl_chk_chap_alg_optn(int chap_algorithm) - { - if (chap_algorithm == AUTH_OPTION_NONE || -+ chap_algorithm == AUTH_CHAP_ALG_SHA3_256 || -+ chap_algorithm == AUTH_CHAP_ALG_SHA256 || -+ chap_algorithm == AUTH_CHAP_ALG_SHA1 || - chap_algorithm == AUTH_CHAP_ALG_MD5) - return 0; - -@@ -701,6 +738,20 @@ acl_chk_chap_alg_key(struct iscsi_acl *client) - if (number == (unsigned long)client->chap_alg_list[i]) - { - client->negotiated_chap_alg = number; -+ switch (number) { -+ case AUTH_CHAP_ALG_MD5: -+ client->chap_challenge_len = AUTH_CHAP_MD5_RSP_LEN; -+ break; -+ case AUTH_CHAP_ALG_SHA1: -+ client->chap_challenge_len = AUTH_CHAP_SHA1_RSP_LEN; -+ break; -+ case AUTH_CHAP_ALG_SHA256: -+ client->chap_challenge_len = AUTH_CHAP_SHA256_RSP_LEN; -+ break; -+ case AUTH_CHAP_ALG_SHA3_256: -+ client->chap_challenge_len = AUTH_CHAP_SHA3_256_RSP_LEN; -+ break; -+ } - return; - } - } -@@ -816,7 +867,7 @@ static void - acl_local_auth(struct iscsi_acl *client) - { - unsigned int chap_identifier; -- unsigned char response_data[AUTH_CHAP_RSP_LEN]; -+ unsigned char response_data[AUTH_CHAP_RSP_MAX]; - unsigned long number; - int status; - enum auth_dbg_status dbg_status; -@@ -848,7 +899,10 @@ acl_local_auth(struct iscsi_acl *client) - client->local_state = AUTH_LOCAL_STATE_ERROR; - client->dbg_status = AUTH_DBG_STATUS_CHAP_ALG_REJECT; - break; -- } else if (client->negotiated_chap_alg != AUTH_CHAP_ALG_MD5) { -+ } else if ((client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA3_256) && -+ (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA256) && -+ (client->negotiated_chap_alg != AUTH_CHAP_ALG_SHA1) && -+ (client->negotiated_chap_alg != AUTH_CHAP_ALG_MD5)) { - client->local_state = AUTH_LOCAL_STATE_ERROR; - client->dbg_status = AUTH_DBG_STATUS_CHAP_ALG_BAD; - break; -@@ -923,8 +977,8 @@ acl_local_auth(struct iscsi_acl *client) - break; - } - -- acl_data_to_text(response_data, -- AUTH_CHAP_RSP_LEN, client->scratch_key_value, -+ acl_data_to_text(response_data, client->chap_challenge_len, -+ client->scratch_key_value, - AUTH_STR_MAX_LEN); - acl_set_key_value(&client->send_key_block, - AUTH_KEY_TYPE_CHAP_RSP, -@@ -949,7 +1003,7 @@ acl_rmt_auth(struct iscsi_acl *client) - unsigned char id_data[1]; - unsigned char response_data[AUTH_STR_MAX_LEN]; - unsigned int rsp_len = AUTH_STR_MAX_LEN; -- unsigned char my_rsp_data[AUTH_CHAP_RSP_LEN]; -+ unsigned char my_rsp_data[AUTH_CHAP_RSP_MAX]; - int status; - enum auth_dbg_status dbg_status; - const char *chap_rsp_key_val; -@@ -1012,7 +1066,7 @@ acl_rmt_auth(struct iscsi_acl *client) - break; - } - -- if (rsp_len == AUTH_CHAP_RSP_LEN) { -+ if (rsp_len == client->chap_challenge_len) { - dbg_status = acl_chap_compute_rsp(client, 1, - client->send_chap_identifier, - client->send_chap_challenge.large_binary, -@@ -1021,7 +1075,7 @@ acl_rmt_auth(struct iscsi_acl *client) - - if (dbg_status == AUTH_DBG_STATUS_NOT_SET && - memcmp(my_rsp_data, response_data, -- AUTH_CHAP_RSP_LEN) == 0) { -+ client->chap_challenge_len) == 0) { - client->rmt_state = AUTH_RMT_STATE_ERROR; - client->dbg_status = AUTH_DBG_STATUS_PASSWD_IDENTICAL; - break; -@@ -1764,6 +1818,28 @@ acl_set_chap_alg_list(struct iscsi_acl *client, unsigned int option_count, - acl_chk_chap_alg_list); - } - -+int -+acl_init_chap_digests(int *value_list) { -+ EVP_MD_CTX *context = EVP_MD_CTX_new(); -+ int i = 0; -+ -+ if (EVP_DigestInit_ex(context, EVP_sha3_256(), NULL)) { -+ value_list[i++] = AUTH_CHAP_ALG_SHA3_256; -+ } -+ if (EVP_DigestInit_ex(context, EVP_sha256(), NULL)) { -+ value_list[i++] = AUTH_CHAP_ALG_SHA256; -+ } -+ if (EVP_DigestInit_ex(context, EVP_sha1(), NULL)) { -+ value_list[i++] = AUTH_CHAP_ALG_SHA1; -+ } -+ if (EVP_DigestInit_ex(context, EVP_md5(), NULL)) { -+ value_list[i++] = AUTH_CHAP_ALG_MD5; -+ } -+ return i; -+} -+ -+#define MAX(a,b) ((a) > (b) ? (a) : (b)) -+ - int - acl_init(int node_type, int buf_desc_count, struct auth_buffer_desc *buff_desc) - { -@@ -1772,7 +1848,7 @@ acl_init(int node_type, int buf_desc_count, struct auth_buffer_desc *buff_desc) - struct auth_str_block *send_str_blk; - struct auth_large_binary *recv_chap_challenge; - struct auth_large_binary *send_chap_challenge; -- int value_list[2]; -+ int value_list[MAX(AUTH_METHOD_MAX_COUNT, AUTH_CHAP_ALG_MAX_COUNT)]; - - if (buf_desc_count != 5 || !buff_desc) - return AUTH_STATUS_ERROR; -@@ -1825,7 +1901,6 @@ acl_init(int node_type, int buf_desc_count, struct auth_buffer_desc *buff_desc) - client->node_type = (enum auth_node_type) node_type; - client->auth_rmt = 1; - client->passwd_present = 0; -- client->chap_challenge_len = AUTH_CHAP_RSP_LEN; - client->ip_sec = 0; - - client->phase = AUTH_PHASE_CONFIGURE; -@@ -1851,10 +1926,8 @@ acl_init(int node_type, int buf_desc_count, struct auth_buffer_desc *buff_desc) - return AUTH_STATUS_ERROR; - } - -- value_list[0] = AUTH_CHAP_ALG_MD5; -- -- if (acl_set_chap_alg_list(client, 1, value_list) != -- AUTH_STATUS_NO_ERROR) { -+ if (acl_set_chap_alg_list(client, acl_init_chap_digests(value_list), -+ value_list) != AUTH_STATUS_NO_ERROR) { - client->phase = AUTH_PHASE_ERROR; - return AUTH_STATUS_ERROR; - } -diff --git a/usr/auth.h b/usr/auth.h -index 2cc348910a07..f6dbbe4be25c 100644 ---- a/usr/auth.h -+++ b/usr/auth.h -@@ -29,7 +29,11 @@ enum { - AUTH_LARGE_BINARY_MAX_LEN = 1024, - AUTH_RECV_END_MAX_COUNT = 10, - ACL_SIGNATURE = 0x5984B2E3, -- AUTH_CHAP_RSP_LEN = 16, -+ AUTH_CHAP_MD5_RSP_LEN = 16, -+ AUTH_CHAP_SHA1_RSP_LEN = 20, -+ AUTH_CHAP_SHA256_RSP_LEN = 32, -+ AUTH_CHAP_SHA3_256_RSP_LEN = 32, -+ AUTH_CHAP_RSP_MAX = 32, - }; - - /* -@@ -61,7 +65,10 @@ enum { - AUTH_METHOD_MAX_COUNT = 2, - - AUTH_CHAP_ALG_MD5 = 5, -- AUTH_CHAP_ALG_MAX_COUNT = 2 -+ AUTH_CHAP_ALG_SHA1 = 6, -+ AUTH_CHAP_ALG_SHA256 = 7, -+ AUTH_CHAP_ALG_SHA3_256 = 8, -+ AUTH_CHAP_ALG_MAX_COUNT = 5 - }; - - enum auth_neg_role { -diff --git a/usr/iscsiadm.c b/usr/iscsiadm.c -index 9215dc11f868..39583ddb6f2b 100644 ---- a/usr/iscsiadm.c -+++ b/usr/iscsiadm.c -@@ -3948,6 +3948,7 @@ main(int argc, char **argv) - rc = ISCSI_ERR_NOMEM; - goto out; - } -+ info->iscsid_req_tmo = -1; - - rc = iscsi_sysfs_get_sessioninfo_by_id(info, session); - if (rc) {
