Hello! When trying to buildworld from 267293 with WITHOUT_OPENSSL I run into a few issues. It seems that the following options currently need to be implied:
WITHOUT_LDNS WITHOUT_BSNMP WITHOUT_DMAGENT WITHOUT_PKGBOOTSTRAP WITHOUT_SVNLITE The WITHOUT_BSNMP option also currently needs to enforce WITHOUT_ATM. With those all set, WITHOUT_OPENSSL almost works. There remains a warning in libfetch, and both ctld and iscsid use OpenSSL with the option set or not. I've included a patch with a one liner change to avoid the warning in libfetch, and changes to usr.sbin/ctld and usr.sbin/iscsid to use arc4random_buf and md5.h instead of similar OpenSSL functions. I don't use iscsi, so that part of the patch is unfortunately untested. It might be preferable to add WITHOUT_CTLD and WITHOUT_ISCSID instead. Tony
Index: lib/libfetch/common.c
===================================================================
--- lib/libfetch/common.c (revision 267293)
+++ lib/libfetch/common.c (working copy)
@@ -888,6 +888,7 @@
return (0);
#else
(void)conn;
+ (void)URL;
(void)verbose;
fprintf(stderr, "SSL support disabled\n");
return (-1);
Index: usr.sbin/ctld/Makefile
===================================================================
--- usr.sbin/ctld/Makefile (revision 267293)
+++ usr.sbin/ctld/Makefile (working copy)
@@ -9,8 +9,8 @@
#CFLAGS+= -DICL_KERNEL_PROXY
MAN= ctld.8 ctl.conf.5
-DPADD= ${LIBCAM} ${LIBSBUF} ${LIBBSDXML} ${LIBUTIL}
-LDADD= -lbsdxml -lcam -lcrypto -lfl -lsbuf -lssl -lutil
+DPADD= ${LIBCAM} ${LIBMD} ${LIBSBUF} ${LIBBSDXML} ${LIBUTIL}
+LDADD= -lbsdxml -lcam -lfl -lmd -lsbuf -lutil -lmd
YFLAGS+= -v
CLEANFILES= y.tab.c y.tab.h y.output
Index: usr.sbin/ctld/login.c
===================================================================
--- usr.sbin/ctld/login.c (revision 267293)
+++ usr.sbin/ctld/login.c (working copy)
@@ -37,9 +37,7 @@
#include <string.h>
#include <unistd.h>
#include <netinet/in.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
+#include <md5.h>
#include "ctld.h"
#include "iscsi_proto.h"
@@ -356,17 +354,14 @@
size_t response_len)
{
MD5_CTX ctx;
- int rv;
assert(response_len == MD5_DIGEST_LENGTH);
- MD5_Init(&ctx);
- MD5_Update(&ctx, &id, sizeof(id));
- MD5_Update(&ctx, secret, strlen(secret));
- MD5_Update(&ctx, challenge, challenge_len);
- rv = MD5_Final(response, &ctx);
- if (rv != 1)
- log_errx(1, "MD5_Final");
+ MD5Init(&ctx);
+ MD5Update(&ctx, &id, sizeof(id));
+ MD5Update(&ctx, secret, strlen(secret));
+ MD5Update(&ctx, challenge, challenge_len);
+ MD5Final(response, &ctx);
}
#define LOGIN_CHALLENGE_LEN 1024
@@ -565,7 +560,6 @@
struct pdu *request;
char challenge_bin[LOGIN_CHALLENGE_LEN];
unsigned char id;
- int rv;
/*
* Receive CHAP_A PDU.
@@ -576,18 +570,8 @@
/*
* Generate the challenge.
*/
- rv = RAND_bytes(challenge_bin, sizeof(challenge_bin));
- if (rv != 1) {
- login_send_error(request, 0x03, 0x02);
- log_errx(1, "RAND_bytes failed: %s",
- ERR_error_string(ERR_get_error(), NULL));
- }
- rv = RAND_bytes(&id, sizeof(id));
- if (rv != 1) {
- login_send_error(request, 0x03, 0x02);
- log_errx(1, "RAND_bytes failed: %s",
- ERR_error_string(ERR_get_error(), NULL));
- }
+ arc4random_buf(challenge_bin, sizeof(challenge_bin));
+ arc4random_buf(&id, sizeof(id));
/*
* Send the challenge.
Index: usr.sbin/iscsid/Makefile
===================================================================
--- usr.sbin/iscsid/Makefile (revision 267293)
+++ usr.sbin/iscsid/Makefile (working copy)
@@ -8,8 +8,8 @@
#CFLAGS+= -DICL_KERNEL_PROXY
MAN= iscsid.8
-DPADD= ${LIBUTIL}
-LDADD= -lcrypto -lssl -lutil
+DPADD= ${LIBMD} ${LIBUTIL}
+LDADD= -lmd -lutil
WARNS= 6
Index: usr.sbin/iscsid/login.c
===================================================================
--- usr.sbin/iscsid/login.c (revision 267293)
+++ usr.sbin/iscsid/login.c (working copy)
@@ -36,9 +36,7 @@
#include <stdlib.h>
#include <string.h>
#include <netinet/in.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
+#include <md5.h>
#include "iscsid.h"
#include "iscsi_proto.h"
@@ -376,17 +374,14 @@
size_t response_len)
{
MD5_CTX ctx;
- int rv;
assert(response_len == MD5_DIGEST_LENGTH);
- MD5_Init(&ctx);
- MD5_Update(&ctx, &id, sizeof(id));
- MD5_Update(&ctx, secret, strlen(secret));
- MD5_Update(&ctx, challenge, challenge_len);
- rv = MD5_Final(response, &ctx);
- if (rv != 1)
- log_errx(1, "MD5_Final");
+ MD5Init(&ctx);
+ MD5Update(&ctx, &id, sizeof(id));
+ MD5Update(&ctx, secret, strlen(secret));
+ MD5Update(&ctx, challenge, challenge_len);
+ MD5Final(response, &ctx);
}
static void
@@ -588,7 +583,7 @@
const char *chap_a, *chap_c, *chap_i;
char *chap_r, *challenge, response_bin[MD5_DIGEST_LENGTH];
size_t challenge_len;
- int error, rv;
+ int error;
unsigned char id;
char *mutual_chap_c, mutual_chap_i[4];
@@ -647,18 +642,10 @@
"binary challenge size is %zd bytes",
sizeof(conn->conn_mutual_challenge));
- rv = RAND_bytes(conn->conn_mutual_challenge,
+ arc4random_buf(conn->conn_mutual_challenge,
sizeof(conn->conn_mutual_challenge));
- if (rv != 1) {
- log_errx(1, "RAND_bytes failed: %s",
- ERR_error_string(ERR_get_error(), NULL));
- }
- rv = RAND_bytes(&conn->conn_mutual_id,
+ arc4random_buf(&conn->conn_mutual_id,
sizeof(conn->conn_mutual_id));
- if (rv != 1) {
- log_errx(1, "RAND_bytes failed: %s",
- ERR_error_string(ERR_get_error(), NULL));
- }
mutual_chap_c = login_bin2hex(conn->conn_mutual_challenge,
sizeof(conn->conn_mutual_challenge));
snprintf(mutual_chap_i, sizeof(mutual_chap_i),
@@ -752,8 +739,6 @@
static void
login_create_isid(struct connection *conn)
{
- int rv;
-
/*
* RFC 3720, 10.12.5: 10b, "Random" ISID.
*
@@ -760,11 +745,7 @@
*/
conn->conn_isid[0] = 0x80;
- rv = RAND_bytes(&conn->conn_isid[1], 3);
- if (rv != 1) {
- log_errx(1, "RAND_bytes failed: %s",
- ERR_error_string(ERR_get_error(), NULL));
- }
+ arc4random_buf(&conn->conn_isid[1], 3);
}
void
pgp8Pz_cNMAag.pgp
Description: PGP signature
