From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.groups.io with SMTP id smtpd.web08.2962.1623950838909030219 for ; Thu, 17 Jun 2021 10:27:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=Khg8QI2e; spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: philmd@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623950838; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fA3+mpX1AJgWmyiS7KzNvZjXqTnmS23SimjOCqWaN8A=; b=Khg8QI2e2TLaA2G3XUU7KBobfQvA7drESeIX1tqSZqWXI3mwwsC+QvcXxJuP0p6IZYVzTX Sx/DMH4IKQ8105FwxgUE76ZBkd1vgsVKJZEcNGhlN6p5U+Pb6iEkVzQZ/ihmkKok/md73T ul1Tu1t1snEv4acXirmF2IAYPhtTUaA= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-433-foCJT9ROO2iIig0w4T_E2Q-1; Thu, 17 Jun 2021 13:27:13 -0400 X-MC-Unique: foCJT9ROO2iIig0w4T_E2Q-1 Received: by mail-wm1-f72.google.com with SMTP id m6-20020a7bce060000b02901d2a0c361bfso1430775wmc.4 for ; Thu, 17 Jun 2021 10:27:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=fA3+mpX1AJgWmyiS7KzNvZjXqTnmS23SimjOCqWaN8A=; b=U+VQA2TaiHjWvoneUBnSrXuZWW7k8gjmFuV74sbrM46GPm6P3DBcXl7qRC8firdRAk dFwZFFYxcn5jM8poZfzBSGMopiZdNOOK5dyIvSnYu7NSk+u1fvanPgex+pJMPQIW0CbH 9h2+YRzQLfbS4LvsO2XZXmcjR199HfzUOjFC0cZejSKBYBAmbfby5YKPJDpZdcd6WMtr M+QD6mnkQ9QCaP469rjF7ku1ioXfCGHYb7dUXvDf3ak2+j6uVgpWMXK1UZfp/ZCocaqn hi2a8WTgILkfnAJ0ZKwALPQW4rX1+dZAmYDgDlXYH2+wpCfmIq0ytLj7ddc2KBK3ydqO sLtA== X-Gm-Message-State: AOAM532Wf7znkWlFoEAGHaJEq/n8Iyq4FtSvfTnexsCq4V0fGBREO8Ku NPCzQVBlQjCN3oUuxmocK33VhfjVd5x5viRD8M3LUZcvgAXa3xXDV9Pq8nNh/49q6hoGw1IAnKT DHZheNachxFOrqg== X-Received: by 2002:a7b:c405:: with SMTP id k5mr6489778wmi.34.1623950832615; Thu, 17 Jun 2021 10:27:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw7xUOgzQLBYQOhUW0b/m2hpwAQk8JNdyBGFdSaGr3tXDZZdZiOO5kvAn58eKJNvxFx51B3XQ== X-Received: by 2002:a7b:c405:: with SMTP id k5mr6489764wmi.34.1623950832452; Thu, 17 Jun 2021 10:27:12 -0700 (PDT) Return-Path: Received: from [192.168.1.36] (93.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.93]) by smtp.gmail.com with ESMTPSA id k5sm6063723wmk.11.2021.06.17.10.27.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 17 Jun 2021 10:27:11 -0700 (PDT) Subject: Re: [PATCH 6/6] NetworkPkg: introduce the NETWORK_ISCSI_MD5_ENABLE feature test macro To: Laszlo Ersek , edk2-devel-groups-io Cc: Jiaxin Wu , Maciej Rabeda , Siyuan Fu References: <20210608130652.2434-1-lersek@redhat.com> <20210608130652.2434-7-lersek@redhat.com> From: =?UTF-8?B?UGhpbGlwcGUgTWF0aGlldS1EYXVkw6k=?= Message-ID: <663e51bb-6a83-7db8-f2c1-1c6bc3a8a19c@redhat.com> Date: Thu, 17 Jun 2021 17:51:59 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: <20210608130652.2434-7-lersek@redhat.com> Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit On 6/8/21 3:06 PM, Laszlo Ersek wrote: > Introduce the NETWORK_ISCSI_MD5_ENABLE feature test macro for NetworkPkg. > When explicitly set to FALSE, remove MD5 from IScsiDxe's CHAP algorithm > list. > > Set NETWORK_ISCSI_MD5_ENABLE to TRUE by default, for compatibility > reasons. Not just to minimize the disruption for platforms that currently > include IScsiDxe, but also because RFC 7143 mandates MD5 for CHAP, and > some vendors' iSCSI targets support MD5 only. > > With MD5 enabled, IScsiDxe will suggest SHA256, and then fall back to MD5 > if the target requests it. With MD5 disabled, IScsiDxe will suggest > SHA256, and break off the connection (and session) if the target doesn't > support SHA256. > > Cc: Jiaxin Wu > Cc: Maciej Rabeda > Cc: Philippe Mathieu-Daudé > Cc: Siyuan Fu > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3355 > Signed-off-by: Laszlo Ersek > --- > NetworkPkg/NetworkBuildOptions.dsc.inc | 2 +- > NetworkPkg/NetworkDefines.dsc.inc | 20 ++++++++++++++++++++ > NetworkPkg/IScsiDxe/IScsiCHAP.c | 2 ++ > 3 files changed, 23 insertions(+), 1 deletion(-) Reviewed-by: Philippe Mathieu-Daude