On 6/8/21 3:06 PM, Laszlo Ersek wrote: > Introduce the NETWORK_ISCSI_MD5_ENABLE feature test macro for NetworkPkg. > When explicitly set to FALSE, remove MD5 from IScsiDxe's CHAP algorithm > list. > > Set NETWORK_ISCSI_MD5_ENABLE to TRUE by default, for compatibility > reasons. Not just to minimize the disruption for platforms that currently > include IScsiDxe, but also because RFC 7143 mandates MD5 for CHAP, and > some vendors' iSCSI targets support MD5 only. > > With MD5 enabled, IScsiDxe will suggest SHA256, and then fall back to MD5 > if the target requests it. With MD5 disabled, IScsiDxe will suggest > SHA256, and break off the connection (and session) if the target doesn't > support SHA256. > > Cc: Jiaxin Wu <jiaxin...@intel.com> > Cc: Maciej Rabeda <maciej.rab...@linux.intel.com> > Cc: Philippe Mathieu-Daudé <phi...@redhat.com> > Cc: Siyuan Fu <siyuan...@intel.com> > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355 > Signed-off-by: Laszlo Ersek <ler...@redhat.com> > --- > NetworkPkg/NetworkBuildOptions.dsc.inc | 2 +- > NetworkPkg/NetworkDefines.dsc.inc | 20 ++++++++++++++++++++ > NetworkPkg/IScsiDxe/IScsiCHAP.c | 2 ++ > 3 files changed, 23 insertions(+), 1 deletion(-)
Reviewed-by: Philippe Mathieu-Daude <phi...@redhat.com> -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#76680): https://edk2.groups.io/g/devel/message/76680 Mute This Topic: https://groups.io/mt/83395035/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
