Hi Maurizio, > iSCSI with the Challenge-Handshake Authentication Protocol is not FIPS > compliant. This is due to the fact that CHAP currently uses MD5 as > the only supported digest algorithm and MD5 is not allowed by FIPS. > > When FIPS mode is enabled on the target server, the CHAP > authentication won't work because the target driver will be prevented > from using the MD5 module. > > Given that CHAP is agnostic regarding the algorithm it uses, this > patchset introduce support for three new alternatives: SHA1, SHA256 > and SHA3-256. Can you please submit these on top of 5.5/scsi-queue which has your string parsing fixes in place? Thanks! -- Martin K. Petersen Oracle Linux Engineering
