閱讀文章 - 看板 FB_current

發信人tony@scroner.com (Tony Morlan),

看板FB_current

標題WITHOUT_OPENSSL build failure

發信站NCTU CS FreeBSD Server (Tue Jun 10 01:18:04 2014)

轉信站ptt!csnews.cs.nctu!news.cednctu!FreeBSD.cs.nctu!.POSTED!freebsd.org!ow

--GID0FwUMdk1T2AWN Content-Type: multipart/mixed; boundary="xHFwDpU9dbj6ez1V" Content-Disposition: inline --xHFwDpU9dbj6ez1V Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello! When trying to buildworld from 267293 with WITHOUT_OPENSSL I run into a few issues. It seems that the following options currently need to be implied: WITHOUT_LDNS WITHOUT_BSNMP WITHOUT_DMAGENT WITHOUT_PKGBOOTSTRAP WITHOUT_SVNLITE The WITHOUT_BSNMP option also currently needs to enforce WITHOUT_ATM. With those all set, WITHOUT_OPENSSL almost works. There remains a warning in libfetch, and both ctld and iscsid use OpenSSL with the option set or not. I've included a patch with a one liner change to avoid the warning in libfetch, and changes to usr.sbin/ctld and usr.sbin/iscsid to use arc4random_buf and md5.h instead of similar OpenSSL functions. I don't use iscsi, so that part of the patch is unfortunately untested. It might be preferable to add WITHOUT_CTLD and WITHOUT_ISCSID instead. Tony --xHFwDpU9dbj6ez1V Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="without_openssl.patch" Content-Transfer-Encoding: quoted-printable Index: lib/libfetch/common.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- lib/libfetch/common.c (revision 267293) +++ lib/libfetch/common.c (working copy) @@ -888,6 +888,7 @@ return (0); #else (void)conn; + (void)URL; (void)verbose; fprintf(stderr, "SSL support disabled\n"); return (-1); Index: usr.sbin/ctld/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- usr.sbin/ctld/Makefile (revision 267293) +++ usr.sbin/ctld/Makefile (working copy) @@ -9,8 +9,8 @@ #CFLAGS+=3D -DICL_KERNEL_PROXY MAN=3D ctld.8 ctl.conf.5 =20 -DPADD=3D ${LIBCAM} ${LIBSBUF} ${LIBBSDXML} ${LIBUTIL} -LDADD=3D -lbsdxml -lcam -lcrypto -lfl -lsbuf -lssl -lutil +DPADD=3D ${LIBCAM} ${LIBMD} ${LIBSBUF} ${LIBBSDXML} ${LIBUTIL} +LDADD=3D -lbsdxml -lcam -lfl -lmd -lsbuf -lutil -lmd =20 YFLAGS+=3D -v CLEANFILES=3D y.tab.c y.tab.h y.output Index: usr.sbin/ctld/login.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- usr.sbin/ctld/login.c (revision 267293) +++ usr.sbin/ctld/login.c (working copy) @@ -37,9 +37,7 @@ #include <string.h> #include <unistd.h> #include <netinet/in.h> -#include <openssl/err.h> -#include <openssl/md5.h> -#include <openssl/rand.h> +#include <md5.h> =20 #include "ctld.h" #include "iscsi_proto.h" @@ -356,17 +354,14 @@ size_t response_len) { MD5_CTX ctx; - int rv; =20 assert(response_len =3D=3D MD5_DIGEST_LENGTH); =20 - MD5_Init(&ctx); - MD5_Update(&ctx, &id, sizeof(id)); - MD5_Update(&ctx, secret, strlen(secret)); - MD5_Update(&ctx, challenge, challenge_len); - rv =3D MD5_Final(response, &ctx); - if (rv !=3D 1) - log_errx(1, "MD5_Final"); + MD5Init(&ctx); + MD5Update(&ctx, &id, sizeof(id)); + MD5Update(&ctx, secret, strlen(secret)); + MD5Update(&ctx, challenge, challenge_len); + MD5Final(response, &ctx); } =20 #define LOGIN_CHALLENGE_LEN 1024 @@ -565,7 +560,6 @@ struct pdu *request; char challenge_bin[LOGIN_CHALLENGE_LEN]; unsigned char id; - int rv; =20 /* * Receive CHAP_A PDU. @@ -576,18 +570,8 @@ /* * Generate the challenge. */ - rv =3D RAND_bytes(challenge_bin, sizeof(challenge_bin)); - if (rv !=3D 1) { - login_send_error(request, 0x03, 0x02); - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } - rv =3D RAND_bytes(&id, sizeof(id)); - if (rv !=3D 1) { - login_send_error(request, 0x03, 0x02); - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } + arc4random_buf(challenge_bin, sizeof(challenge_bin)); + arc4random_buf(&id, sizeof(id)); =20 /* * Send the challenge. Index: usr.sbin/iscsid/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- usr.sbin/iscsid/Makefile (revision 267293) +++ usr.sbin/iscsid/Makefile (working copy) @@ -8,8 +8,8 @@ #CFLAGS+=3D -DICL_KERNEL_PROXY MAN=3D iscsid.8 =20 -DPADD=3D ${LIBUTIL} -LDADD=3D -lcrypto -lssl -lutil +DPADD=3D ${LIBMD} ${LIBUTIL} +LDADD=3D -lmd -lutil =20 WARNS=3D 6 =20 Index: usr.sbin/iscsid/login.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- usr.sbin/iscsid/login.c (revision 267293) +++ usr.sbin/iscsid/login.c (working copy) @@ -36,9 +36,7 @@ #include <stdlib.h> #include <string.h> #include <netinet/in.h> -#include <openssl/err.h> -#include <openssl/md5.h> -#include <openssl/rand.h> +#include <md5.h> =20 #include "iscsid.h" #include "iscsi_proto.h" @@ -376,17 +374,14 @@ size_t response_len) { MD5_CTX ctx; - int rv; =20 assert(response_len =3D=3D MD5_DIGEST_LENGTH); =20 - MD5_Init(&ctx); - MD5_Update(&ctx, &id, sizeof(id)); - MD5_Update(&ctx, secret, strlen(secret)); - MD5_Update(&ctx, challenge, challenge_len); - rv =3D MD5_Final(response, &ctx); - if (rv !=3D 1) - log_errx(1, "MD5_Final"); + MD5Init(&ctx); + MD5Update(&ctx, &id, sizeof(id)); + MD5Update(&ctx, secret, strlen(secret)); + MD5Update(&ctx, challenge, challenge_len); + MD5Final(response, &ctx); } =20 static void @@ -588,7 +583,7 @@ const char *chap_a, *chap_c, *chap_i; char *chap_r, *challenge, response_bin[MD5_DIGEST_LENGTH]; size_t challenge_len; - int error, rv; + int error; unsigned char id; char *mutual_chap_c, mutual_chap_i[4]; =20 @@ -647,18 +642,10 @@ "binary challenge size is %zd bytes", sizeof(conn->conn_mutual_challenge)); =20 - rv =3D RAND_bytes(conn->conn_mutual_challenge, + arc4random_buf(conn->conn_mutual_challenge, sizeof(conn->conn_mutual_challenge)); - if (rv !=3D 1) { - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } - rv =3D RAND_bytes(&conn->conn_mutual_id, + arc4random_buf(&conn->conn_mutual_id, sizeof(conn->conn_mutual_id)); - if (rv !=3D 1) { - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } mutual_chap_c =3D login_bin2hex(conn->conn_mutual_challenge, sizeof(conn->conn_mutual_challenge)); snprintf(mutual_chap_i, sizeof(mutual_chap_i), @@ -752,8 +739,6 @@ static void login_create_isid(struct connection *conn) { - int rv; - /* * RFC 3720, 10.12.5: 10b, "Random" ISID. * @@ -760,11 +745,7 @@ */ conn->conn_isid[0] =3D 0x80;=20 =20 - rv =3D RAND_bytes(&conn->conn_isid[1], 3); - if (rv !=3D 1) { - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } + arc4random_buf(&conn->conn_isid[1], 3); } =20 void --xHFwDpU9dbj6ez1V-- --GID0FwUMdk1T2AWN Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJTljKFAAoJENozVLx0EqfWSg0P/0i5kv11hEe+f2tnnX8mye7J DxFH0NNqgJrIsJFi7FbMmu7R+Ogy45sTqgjHCuhC1pWQkc1aL7FkqCUKJJAtFtdc 8uQF0ShBKG42OpauL0SYuAEWPs06m8+4Ez8KLtHX64OguoDV/Z+ggzIFTg3n8oWg t6bh3o7+1Vm2KcdfMUXsntbxDLyeHwDzCRTUMHnS56GFdkL5T0KdWKd6oyriG02S qkonvG7oGyyEpVK9GzDrvqskX1wqcl3m30lOWDtuhEmcyY02AydOZfylkdsST1C6 /iB5nMTWMg81ZT/S/4mKxYe6GbfRnhIBma2FUAWJUg5R+fWcRKDucr8uvvlwlRAa j+VC+UrKQAxBqhW0zg7sjNaas2zhmTx4Lblc/mW8JXiTGD7dnP/0HMkg1F7X1hgD WdtUA6ASc33baqC9wreGNkmJsIqK1RBgo0IcY8MwIV2TxjbngHhU6pr0eIGyHxLN yWUc/nHkHd/6HNbVMaFWo6xlhAs9ro1qVvYJV0q9raNlBEkYpY0vaZSXJ1oZRHRg Y9ekIpkOt2TZlomygC7IQ2xb12GSzg0oUTrYUY/JcIR4Yr7HQgevJq1S3k42/ZH6 u710fExoZEyZRBd8dW8SUsn1nW9BwvDv5t0x1D8gdMLL/W243OsBuV6WFbeVkSgF u5+A5f6LQqGfeNel1Hca =sYyI -----END PGP SIGNATURE----- --GID0FwUMdk1T2AWN--