diff options
author | David Disseldorp <ddiss@suse.de> | 2020-07-22 15:45:47 +0200 |
---|---|---|
committer | David Disseldorp <ddiss@suse.de> | 2020-07-22 15:52:27 +0200 |
commit | 9457552a6543fe739a1f090bb657e634a70ffafe (patch) | |
tree | 3c54b9b0dc7e6bbe04f323bd0b331a2e3cdabc7d | |
parent | bbca9471fb3df4c0264618fea3341cca966787a6 (diff) | |
download | open-iscsi-9457552a6543fe739a1f090bb657e634a70ffafe.tar.gz |
use openssl for random data generation
48a4e5b475836bcb952fb53a8bde45bdf68fe38f added an openssl dependency, so
use it for obtaining random buffers via RAND_bytes().
Suggested-by: Marcus Meissner <meissner@suse.de>
Signed-off-by: David Disseldorp <ddiss@suse.de>
-rw-r--r-- | usr/auth.c | 19 |
1 files changed, 16 insertions, 3 deletions
@@ -43,6 +43,7 @@ static const char acl_authmethod_set_chap_alg_list[] = "CHAP"; static const char acl_reject_option_name[] = "Reject"; #include <openssl/evp.h> +#include <openssl/rand.h> static int auth_hash_init(EVP_MD_CTX **context, int chap_alg); static void auth_hash_update(EVP_MD_CTX *context, unsigned char *md, unsigned int); static unsigned int auth_hash_final(unsigned char *, EVP_MD_CTX *context); @@ -1008,6 +1009,7 @@ acl_rmt_auth(struct iscsi_acl *client) enum auth_dbg_status dbg_status; const char *chap_rsp_key_val; const char *chap_username_key_val; + int ssl_ret = 0; switch (client->rmt_state) { case AUTH_RMT_STATE_SEND_ALG: @@ -1023,7 +1025,13 @@ acl_rmt_auth(struct iscsi_acl *client) client->rmt_state = AUTH_RMT_STATE_DONE; break; } - get_random_bytes(id_data, 1); + + ssl_ret = RAND_bytes(id_data, sizeof(id_data)); + if (ssl_ret != 1) { + client->rmt_state = AUTH_RMT_STATE_ERROR; + client->dbg_status = AUTH_DBG_STATUS_AUTH_FAIL; + break; + } client->send_chap_identifier = id_data[0]; snprintf(client->scratch_key_value, AUTH_STR_MAX_LEN, "%lu", (unsigned long)client->send_chap_identifier); @@ -1032,8 +1040,13 @@ acl_rmt_auth(struct iscsi_acl *client) client->scratch_key_value); client->send_chap_challenge.length = client->chap_challenge_len; - get_random_bytes(client->send_chap_challenge.large_binary, - client->send_chap_challenge.length); + ssl_ret = RAND_bytes(client->send_chap_challenge.large_binary, + client->send_chap_challenge.length); + if (ssl_ret != 1) { + client->rmt_state = AUTH_RMT_STATE_ERROR; + client->dbg_status = AUTH_DBG_STATUS_AUTH_FAIL; + break; + } acl_set_key_value(&client->send_key_block, AUTH_KEY_TYPE_CHAP_CHALLENGE, ""); |