packages/open-iscsi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
open-iscsi/0027-use-openssl-for-random-data-generation.patch
Wenchao Hao e04742a163 backport patches from epoch2 
Signed-off-by: Wenchao Hao <haowenchao@huawei.com>
2020-11-12 17:28:13 +08:00

69 lines
2.4 KiB
Diff
Raw Blame History

From 9457552a6543fe739a1f090bb657e634a70ffafe Mon Sep 17 00:00:00 2001
From: David Disseldorp <ddiss@suse.de>
Date: Wed, 22 Jul 2020 15:45:47 +0200
Subject: [PATCH 1/8] use openssl for random data generation
48a4e5b475836bcb952fb53a8bde45bdf68fe38f added an openssl dependency, so
use it for obtaining random buffers via RAND_bytes().
Suggested-by: Marcus Meissner <meissner@suse.de>
Signed-off-by: David Disseldorp <ddiss@suse.de>
---
usr/auth.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/usr/auth.c b/usr/auth.c
index a222c53..a1d99e9 100644
--- a/usr/auth.c
+++ b/usr/auth.c
@@ -43,6 +43,7 @@ static const char acl_authmethod_set_chap_alg_list[] = "CHAP";
static const char acl_reject_option_name[] = "Reject";
#include <openssl/evp.h>
+#include <openssl/rand.h>
static int auth_hash_init(EVP_MD_CTX **context, int chap_alg);
static void auth_hash_update(EVP_MD_CTX *context, unsigned char *md, unsigned int);
static unsigned int auth_hash_final(unsigned char *, EVP_MD_CTX *context);
@@ -1008,6 +1009,7 @@ acl_rmt_auth(struct iscsi_acl *client)
enum auth_dbg_status dbg_status;
const char *chap_rsp_key_val;
const char *chap_username_key_val;
+ int ssl_ret = 0;
switch (client->rmt_state) {
case AUTH_RMT_STATE_SEND_ALG:
@@ -1023,7 +1025,13 @@ acl_rmt_auth(struct iscsi_acl *client)
client->rmt_state = AUTH_RMT_STATE_DONE;
break;
}
- get_random_bytes(id_data, 1);
+
+ ssl_ret = RAND_bytes(id_data, sizeof(id_data));
+ if (ssl_ret != 1) {
+ client->rmt_state = AUTH_RMT_STATE_ERROR;
+ client->dbg_status = AUTH_DBG_STATUS_AUTH_FAIL;
+ break;
+ }
client->send_chap_identifier = id_data[0];
snprintf(client->scratch_key_value, AUTH_STR_MAX_LEN, "%lu",
(unsigned long)client->send_chap_identifier);
@@ -1032,8 +1040,13 @@ acl_rmt_auth(struct iscsi_acl *client)
client->scratch_key_value);
client->send_chap_challenge.length = client->chap_challenge_len;
- get_random_bytes(client->send_chap_challenge.large_binary,
- client->send_chap_challenge.length);
+ ssl_ret = RAND_bytes(client->send_chap_challenge.large_binary,
+ client->send_chap_challenge.length);
+ if (ssl_ret != 1) {
+ client->rmt_state = AUTH_RMT_STATE_ERROR;
+ client->dbg_status = AUTH_DBG_STATUS_AUTH_FAIL;
+ break;
+ }
acl_set_key_value(&client->send_key_block,
AUTH_KEY_TYPE_CHAP_CHALLENGE, "");
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink