libiscsi icon indicating copy to clipboard operation
libiscsi copied to clipboard

Published 20 hours ago verified publisher icon sahlberg

Add support for SHA1, SHA256 and SHA3-256 CHAP

Open ddiss opened this issue 5 years ago • 3 comments

Upstream open-iscsi (https://github.com/open-iscsi/open-iscsi/pull/170) and LIO (queued at https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=5.5/scsi-queue&id=a572d24af4d16e70743feb0b4decb17aaae7ce43) now have support for SHA1, SHA256 and SHA3-256 CHAP authentication.

The new algorithm identifiers have been officially assigned via https://www.iana.org/assignments/ppp-numbers/ppp-numbers.xml#ppp-numbers-9 . It'd be great if libiscsi picked up support for these too.

ddiss avatar Nov 06 '19 09:11 ddiss

CHAP with MD5 currently uses the in-tree lib/md5.c library. For the new algorithms I think it'd make sense to pull in openssl (like libsmb2). Should we keep the in-tree md5 lib around and conditionally add support for the new algorithms only if openssl is present? It'd obviously be much simpler if we just make openssl a hard dependency and drop bundled md5 support.

ddiss avatar Nov 06 '19 11:11 ddiss

Hmm, actually I see that an optional libgcrypt dependency is already there, with fallback to bundled md5.

ddiss avatar Nov 06 '19 11:11 ddiss

On Wed, Nov 6, 2019 at 9:10 PM David Disseldorp [email protected] wrote:

CHAP with MD5 currently uses the in-tree lib/md5.c library. For the new algorithms I think it'd make sense to pull in openssl (like libsmb2). Should we keep the in-tree md5 lib around and conditionally add support for the new algorithms only if openssl is present? It'd obviously be much simpler if we just make openssl a hard dependency and drop bundled md5 support.

I don't think openssl is compatible with lgplv2.1 We have licence compatible versions of sha1 and sha256 in libsmb2 so we can borrow that code.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/sahlberg/libiscsi/issues/304?email_source=notifications&email_token=AADY3EB76JO5S4FNDETN5BLQSKQZ7A5CNFSM4JJSDV32YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEDGFTLY#issuecomment-550263215, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADY3EC3UNK6PXNNMNHMWJLQSKQZ7ANCNFSM4JJSDV3Q .

sahlberg avatar Nov 06 '19 12:11 sahlberg