mirror of https://github.com/acidanthera/audk.git
NetworkPkg/IScsiDxe: clean up "ISCSI_CHAP_AUTH_DATA.OutChallengeLength"
The "ISCSI_CHAP_AUTH_DATA.OutChallenge" field is declared as a UINT8 array with ISCSI_CHAP_AUTH_MAX_LEN (1024) elements. However, when the challenge is generated and formatted, only ISCSI_CHAP_RSP_LEN (16) octets are used in the array. Change the array size to ISCSI_CHAP_RSP_LEN, and remove the (now unused) ISCSI_CHAP_AUTH_MAX_LEN macro. Remove the "ISCSI_CHAP_AUTH_DATA.OutChallengeLength" field, which is superfluous too. Most importantly, explain in a new comment *why* tying the challenge size to the digest size (ISCSI_CHAP_RSP_LEN) has always made sense. (See also Linux kernel commit 19f5f88ed779, "scsi: target: iscsi: tie the challenge length to the hash digest size", 2019-11-06.) For sure, the motivation that the new comment now explains has always been there, and has always been the same, for IScsiDxe; it's just that now we spell it out too. No change in peer-visible behavior. Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Message-Id: <20210608121259.32451-4-lersek@redhat.com>
This commit is contained in:
parent
29cab43bb7
commit
95616b8661
|
@ -122,7 +122,7 @@ IScsiCHAPAuthTarget (
|
||||||
AuthData->AuthConfig->ReverseCHAPSecret,
|
AuthData->AuthConfig->ReverseCHAPSecret,
|
||||||
SecretSize,
|
SecretSize,
|
||||||
AuthData->OutChallenge,
|
AuthData->OutChallenge,
|
||||||
AuthData->OutChallengeLength,
|
ISCSI_CHAP_RSP_LEN, // ChallengeLength
|
||||||
VerifyRsp
|
VerifyRsp
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -490,7 +490,6 @@ IScsiCHAPToSendReq (
|
||||||
// CHAP_C=<C>
|
// CHAP_C=<C>
|
||||||
//
|
//
|
||||||
IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN);
|
IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN);
|
||||||
AuthData->OutChallengeLength = ISCSI_CHAP_RSP_LEN;
|
|
||||||
IScsiBinToHex (
|
IScsiBinToHex (
|
||||||
(UINT8 *) AuthData->OutChallenge,
|
(UINT8 *) AuthData->OutChallenge,
|
||||||
ISCSI_CHAP_RSP_LEN,
|
ISCSI_CHAP_RSP_LEN,
|
||||||
|
|
|
@ -19,7 +19,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
#define ISCSI_CHAP_ALGORITHM_MD5 5
|
#define ISCSI_CHAP_ALGORITHM_MD5 5
|
||||||
|
|
||||||
#define ISCSI_CHAP_AUTH_MAX_LEN 1024
|
|
||||||
///
|
///
|
||||||
/// MD5_HASHSIZE
|
/// MD5_HASHSIZE
|
||||||
///
|
///
|
||||||
|
@ -59,9 +58,13 @@ typedef struct _ISCSI_CHAP_AUTH_DATA {
|
||||||
//
|
//
|
||||||
// Auth-data to be sent out for mutual authentication.
|
// Auth-data to be sent out for mutual authentication.
|
||||||
//
|
//
|
||||||
|
// While the challenge size is technically independent of the hashing
|
||||||
|
// algorithm, it is good practice to avoid hashing *fewer bytes* than the
|
||||||
|
// digest size. In other words, it's good practice to feed *at least as many
|
||||||
|
// bytes* to the hashing algorithm as the hashing algorithm will output.
|
||||||
|
//
|
||||||
UINT32 OutIdentifier;
|
UINT32 OutIdentifier;
|
||||||
UINT8 OutChallenge[ISCSI_CHAP_AUTH_MAX_LEN];
|
UINT8 OutChallenge[ISCSI_CHAP_RSP_LEN];
|
||||||
UINT32 OutChallengeLength;
|
|
||||||
} ISCSI_CHAP_AUTH_DATA;
|
} ISCSI_CHAP_AUTH_DATA;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue