Index: lib/libfetch/common.c =================================================================== --- lib/libfetch/common.c (revision 267293) +++ lib/libfetch/common.c (working copy) @@ -888,6 +888,7 @@ return (0); #else (void)conn; + (void)URL; (void)verbose; fprintf(stderr, "SSL support disabled\n"); return (-1); Index: usr.sbin/ctld/Makefile =================================================================== --- usr.sbin/ctld/Makefile (revision 267293) +++ usr.sbin/ctld/Makefile (working copy) @@ -9,8 +9,8 @@ #CFLAGS+= -DICL_KERNEL_PROXY MAN= ctld.8 ctl.conf.5 -DPADD= ${LIBCAM} ${LIBSBUF} ${LIBBSDXML} ${LIBUTIL} -LDADD= -lbsdxml -lcam -lcrypto -lfl -lsbuf -lssl -lutil +DPADD= ${LIBCAM} ${LIBMD} ${LIBSBUF} ${LIBBSDXML} ${LIBUTIL} +LDADD= -lbsdxml -lcam -lfl -lmd -lsbuf -lutil -lmd YFLAGS+= -v CLEANFILES= y.tab.c y.tab.h y.output Index: usr.sbin/ctld/login.c =================================================================== --- usr.sbin/ctld/login.c (revision 267293) +++ usr.sbin/ctld/login.c (working copy) @@ -37,9 +37,7 @@ #include #include #include -#include -#include -#include +#include #include "ctld.h" #include "iscsi_proto.h" @@ -356,17 +354,14 @@ size_t response_len) { MD5_CTX ctx; - int rv; assert(response_len == MD5_DIGEST_LENGTH); - MD5_Init(&ctx); - MD5_Update(&ctx, &id, sizeof(id)); - MD5_Update(&ctx, secret, strlen(secret)); - MD5_Update(&ctx, challenge, challenge_len); - rv = MD5_Final(response, &ctx); - if (rv != 1) - log_errx(1, "MD5_Final"); + MD5Init(&ctx); + MD5Update(&ctx, &id, sizeof(id)); + MD5Update(&ctx, secret, strlen(secret)); + MD5Update(&ctx, challenge, challenge_len); + MD5Final(response, &ctx); } #define LOGIN_CHALLENGE_LEN 1024 @@ -565,7 +560,6 @@ struct pdu *request; char challenge_bin[LOGIN_CHALLENGE_LEN]; unsigned char id; - int rv; /* * Receive CHAP_A PDU. @@ -576,18 +570,8 @@ /* * Generate the challenge. */ - rv = RAND_bytes(challenge_bin, sizeof(challenge_bin)); - if (rv != 1) { - login_send_error(request, 0x03, 0x02); - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } - rv = RAND_bytes(&id, sizeof(id)); - if (rv != 1) { - login_send_error(request, 0x03, 0x02); - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } + arc4random_buf(challenge_bin, sizeof(challenge_bin)); + arc4random_buf(&id, sizeof(id)); /* * Send the challenge. Index: usr.sbin/iscsid/Makefile =================================================================== --- usr.sbin/iscsid/Makefile (revision 267293) +++ usr.sbin/iscsid/Makefile (working copy) @@ -8,8 +8,8 @@ #CFLAGS+= -DICL_KERNEL_PROXY MAN= iscsid.8 -DPADD= ${LIBUTIL} -LDADD= -lcrypto -lssl -lutil +DPADD= ${LIBMD} ${LIBUTIL} +LDADD= -lmd -lutil WARNS= 6 Index: usr.sbin/iscsid/login.c =================================================================== --- usr.sbin/iscsid/login.c (revision 267293) +++ usr.sbin/iscsid/login.c (working copy) @@ -36,9 +36,7 @@ #include #include #include -#include -#include -#include +#include #include "iscsid.h" #include "iscsi_proto.h" @@ -376,17 +374,14 @@ size_t response_len) { MD5_CTX ctx; - int rv; assert(response_len == MD5_DIGEST_LENGTH); - MD5_Init(&ctx); - MD5_Update(&ctx, &id, sizeof(id)); - MD5_Update(&ctx, secret, strlen(secret)); - MD5_Update(&ctx, challenge, challenge_len); - rv = MD5_Final(response, &ctx); - if (rv != 1) - log_errx(1, "MD5_Final"); + MD5Init(&ctx); + MD5Update(&ctx, &id, sizeof(id)); + MD5Update(&ctx, secret, strlen(secret)); + MD5Update(&ctx, challenge, challenge_len); + MD5Final(response, &ctx); } static void @@ -588,7 +583,7 @@ const char *chap_a, *chap_c, *chap_i; char *chap_r, *challenge, response_bin[MD5_DIGEST_LENGTH]; size_t challenge_len; - int error, rv; + int error; unsigned char id; char *mutual_chap_c, mutual_chap_i[4]; @@ -647,18 +642,10 @@ "binary challenge size is %zd bytes", sizeof(conn->conn_mutual_challenge)); - rv = RAND_bytes(conn->conn_mutual_challenge, + arc4random_buf(conn->conn_mutual_challenge, sizeof(conn->conn_mutual_challenge)); - if (rv != 1) { - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } - rv = RAND_bytes(&conn->conn_mutual_id, + arc4random_buf(&conn->conn_mutual_id, sizeof(conn->conn_mutual_id)); - if (rv != 1) { - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } mutual_chap_c = login_bin2hex(conn->conn_mutual_challenge, sizeof(conn->conn_mutual_challenge)); snprintf(mutual_chap_i, sizeof(mutual_chap_i), @@ -752,8 +739,6 @@ static void login_create_isid(struct connection *conn) { - int rv; - /* * RFC 3720, 10.12.5: 10b, "Random" ISID. * @@ -760,11 +745,7 @@ */ conn->conn_isid[0] = 0x80; - rv = RAND_bytes(&conn->conn_isid[1], 3); - if (rv != 1) { - log_errx(1, "RAND_bytes failed: %s", - ERR_error_string(ERR_get_error(), NULL)); - } + arc4random_buf(&conn->conn_isid[1], 3); } void