[libiscsi/el6] add patches

bonzini bonzini at fedoraproject.org
Fri May 3 11:43:17 UTC 2013 

commit c003d61541bd600ece8c7fea005e1acc4a4be3a6
Author: Paolo Bonzini <pbonzini at redhat.com>
Date:   Fri May 3 13:42:42 2013 +0200

    add patches

 0002-use-libgcrypt-for-MD5.patch    |  162 +++++++++++++++++++++++++++++++++++
 0003-fix-crash-in-iscsi-tools.patch |   53 +++++++++++
 2 files changed, 215 insertions(+), 0 deletions(-)
---
diff --git a/0002-use-libgcrypt-for-MD5.patch b/0002-use-libgcrypt-for-MD5.patch
new file mode 100644
index 0000000..9bb7224
--- /dev/null
+++ b/0002-use-libgcrypt-for-MD5.patch
@@ -0,0 +1,162 @@
+From 8217ffdc2af8b412949d0d21a6ff3777c8e4953f Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini at redhat.com>
+Date: Fri, 3 May 2013 12:47:12 +0200
+Subject: [PATCH] use libgcrypt for MD5
+
+This makes sure that CHAP authentication is disabled if the system
+is running in FIPS 140-2 mode.  MD5 is not a secure algorithm according
+to the standard.
+
+Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
+
+Conflicts:
+	Makefile.am
+	lib/login.c
+---
+ Makefile.am  |  6 +++++-
+ configure.ac |  3 +++
+ lib/login.c  | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++-------
+ 3 files changed, 61 insertions(+), 8 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index b750cdb..e308552 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -25,9 +25,13 @@ dist_noinst_DATA = lib/libiscsi.syms
+ lib_LTLIBRARIES = lib/libiscsi.la
+ lib_libiscsi_la_SOURCES = \
+ 	lib/connect.c lib/crc32c.c lib/discovery.c lib/init.c \
+-	lib/login.c lib/md5.c lib/nop.c lib/pdu.c lib/scsi-command.c \
++	lib/login.c lib/nop.c lib/pdu.c lib/scsi-command.c \
+ 	lib/scsi-lowlevel.c lib/socket.c lib/sync.c lib/task_mgmt.c
+ 
++if !HAVE_LIBGCRYPT
++lib_libiscsi_la_SOURCES += lib/md5.c
++endif
++
+ SONAME=$(firstword $(subst ., ,$(VERSION)))
+ SOREL=$(shell printf "%d%02d%02d" $(subst ., ,$(VERSION)))
+ lib_libiscsi_la_LDFLAGS = \
+diff --git a/configure.ac b/configure.ac
+index bb95018..95d4ec6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -28,6 +28,9 @@ AC_SUBST(WARN_CFLAGS)
+ 
+ AC_CONFIG_HEADER(config.h)
+ 
++AC_CHECK_LIB([gcrypt], [gcry_control])
++AM_CONDITIONAL([HAVE_LIBGCRYPT], [test $ac_cv_lib_gcrypt_gcry_control = yes])
++
+ AC_CACHE_CHECK([for sin_len in sock],libiscsi_cv_HAVE_SOCK_SIN_LEN,[
+ AC_TRY_COMPILE([#include <sys/types.h>
+ #include <sys/socket.h>
+diff --git a/lib/login.c b/lib/login.c
+index 5da4d21..39ae237 100644
+--- a/lib/login.c
++++ b/lib/login.c
+@@ -25,12 +25,17 @@
+ #include <arpa/inet.h>
+ #endif
+ 
++#include "config.h"
+ #include <stdio.h>
++#include <assert.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include "iscsi.h"
+ #include "iscsi-private.h"
+ #include "md5.h"
++#ifdef HAVE_LIBGCRYPT
++#include <gcrypt.h>
++#endif
+ 
+ static int
+ iscsi_login_add_initiatorname(struct iscsi_context *iscsi, struct iscsi_pdu *pdu)
+@@ -649,13 +654,48 @@ i2h(int i)
+ 	return i + '0';
+ }
+ 
++#ifndef HAVE_LIBGCRYPT
++typedef struct MD5Context *gcry_md_hd_t;
++#define gcry_md_write MD5Update
++#define GCRY_MD_MD5 1
++
++static inline void gcry_md_open(gcry_md_hd_t *hd, int algo, unsigned int flags)
++{
++	assert(algo == GCRY_MD_MD5 && flags == 0);
++	*hd = malloc(sizeof(struct MD5Context));
++	if (*hd) {
++		MD5Init(*hd);
++	}
++}
++
++static inline void gcry_md_putc(gcry_md_hd_t h, unsigned char c)
++{
++	MD5Update(h, &c, 1);
++}
++
++static inline char *gcry_md_read(gcry_md_hd_t h, int algo)
++{
++	unsigned char digest[16];
++	assert(algo == 0 || algo == GCRY_MD_MD5);
++
++	MD5Final(digest, h);
++	return memcpy(h->buf, digest, sizeof(digest));
++}
++
++static inline void gcry_md_close(gcry_md_hd_t h)
++{
++	memset(h, 0, sizeof(*h));
++	free(h);
++}
++#endif
++
+ static int
+ iscsi_login_add_chap_response(struct iscsi_context *iscsi, struct iscsi_pdu *pdu)
+ {
+ 	char *str;
+ 	unsigned char c, cc[2];
+ 	unsigned char digest[16];
+-	struct MD5Context ctx;
++	gcry_md_hd_t ctx;
+ 	int i;
+ 
+ 	if (iscsi->current_phase != ISCSI_PDU_LOGIN_CSG_SECNEG
+@@ -663,21 +703,27 @@ iscsi_login_add_chap_response(struct iscsi_context *iscsi, struct iscsi_pdu *pdu
+ 		return 0;
+ 	}
+ 
++	gcry_md_open(&ctx, GCRY_MD_MD5, 0);
++	if (!ctx) {
++		iscsi_set_error(iscsi, "Cannot create MD5 algorithm");
++		return -1;
++	}
++
+ 	if (!iscsi->chap_c[0]) {
+ 		iscsi_set_error(iscsi, "No CHAP challenge found");
+ 		return -1;
+ 	}
+-	MD5Init(&ctx);
+-	c = iscsi->chap_i;
+-	MD5Update(&ctx, &c, 1);
+-	MD5Update(&ctx, (unsigned char *)iscsi->passwd, strlen(iscsi->passwd));
++	gcry_md_putc(ctx, iscsi->chap_i);
++	gcry_md_write(ctx, (unsigned char *)iscsi->passwd, strlen(iscsi->passwd));
++
+ 	str = iscsi->chap_c;
+ 	while (*str != 0) {
+ 		c = (h2i(str[0]) << 4) | h2i(str[1]);
+ 		str += 2;
+-		MD5Update(&ctx, &c, 1);
++		gcry_md_putc(ctx, c);
+ 	}
+-	MD5Final(digest, &ctx);
++	memcpy(digest, gcry_md_read(ctx, 0), sizeof(digest));
++	gcry_md_close(ctx);
+ 
+ 	str = (char *)"CHAP_R=0x";
+ 	if (iscsi_pdu_add_data(iscsi, pdu, (unsigned char *)str, strlen(str))
+-- 
+1.8.2
+
diff --git a/0003-fix-crash-in-iscsi-tools.patch b/0003-fix-crash-in-iscsi-tools.patch
new file mode 100644
index 0000000..37ae089
--- /dev/null
+++ b/0003-fix-crash-in-iscsi-tools.patch
@@ -0,0 +1,53 @@
+From 38ef7b1e200f8f6315335c5b6aba3405bf9ee404 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini at redhat.com>
+Date: Fri, 3 May 2013 13:26:37 +0200
+Subject: [PATCH] fix crash in iscsi-tools
+
+---
+ src/iscsi-inq.c            | 2 --
+ src/iscsi-ls.c             | 2 --
+ src/iscsi-readcapacity16.c | 2 --
+ 3 files changed, 6 deletions(-)
+
+diff --git a/src/iscsi-inq.c b/src/iscsi-inq.c
+index 031e4e3..fa15a53 100644
+--- a/src/iscsi-inq.c
++++ b/src/iscsi-inq.c
+@@ -276,8 +276,6 @@ int main(int argc, const char *argv[])
+ 	}
+ 	iscsi_url = iscsi_parse_full_url(iscsi, url);
+ 	
+-	if (url) free(url);
+-	
+ 	if (iscsi_url == NULL) {
+ 		fprintf(stderr, "Failed to parse URL: %s\n", 
+ 			iscsi_get_error(iscsi));
+diff --git a/src/iscsi-ls.c b/src/iscsi-ls.c
+index b8c4b7c..6feec11 100644
+--- a/src/iscsi-ls.c
++++ b/src/iscsi-ls.c
+@@ -373,8 +373,6 @@ int main(int argc, const char *argv[])
+ 
+ 	iscsi_url = iscsi_parse_portal_url(iscsi, url);
+ 	
+-	if (url) free(url);
+-	
+ 	if (iscsi_url == NULL) {
+ 		fprintf(stderr, "Failed to parse URL: %s\n", 
+ 			iscsi_get_error(iscsi));
+diff --git a/src/iscsi-readcapacity16.c b/src/iscsi-readcapacity16.c
+index bbbc38f..39a70b9 100644
+--- a/src/iscsi-readcapacity16.c
++++ b/src/iscsi-readcapacity16.c
+@@ -118,8 +118,6 @@ int main(int argc, const char *argv[])
+ 	}
+ 	iscsi_url = iscsi_parse_full_url(iscsi, url);
+ 	
+-	if (url) free(url);
+-	
+ 	if (iscsi_url == NULL) {
+ 		fprintf(stderr, "Failed to parse URL: %s\n", 
+ 			iscsi_get_error(iscsi));
+-- 
+1.8.2
+

More information about the scm-commits mailing list