Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-8602

Support GSS crypto code with linux 4.6 kernels

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • Lustre 2.12.0
    • None
    • None
    • Any system using GSS and a linux kernel 4.6 and above.
    • 9223372036854775807

    Description

      Currently the GSS code for Lustre directly uses the linux crypto API. This code uses struct crypto_hash which has now been removed in newer kernels for struct crypto_ahash. Libcfs crypto API has moved to this new kernel API but it doesn't have support for the algos that GSS wants to use. So the first question to ask is does GSS move to libcfs crypto API and we expand support in the libcfs crypto API to AES and DEC or do we ignore libcfs crypto API and just use the linux crypto api directly and use the newer ahash api.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-9073 SSK: lgss_sk generates keys with invalid HMAC and Crypto algorithms

          • Blocker - Blocks development and/or testing work, production could not run.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. LU-9245 lgss_sk may unsafely overwrite nodemap and fsname fields in keys

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. LU-9430 logic errors in lgss_sk code

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-9795 SSK test failures in many suites when SHARED_KEY is enabled

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Reopened

          Bug - A problem which impairs or prevents the functions of the product. LU-11635 GSS build for client-only

          • Major - Major loss of function.
          • Resolved

          New Feature - A new feature of the product, which has yet to be developed. LU-3289 IU Shared Secret Key authentication and encryption

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. LU-8560 Support for linux 4.6 kernels

          • Major - Major loss of function.
          • Resolved

          Activity

            [LU-8602] Support GSS crypto code with linux 4.6 kernels
            gerrit Gerrit Updater added a comment -

            Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/33592/
            Subject: LU-8602 gss: support OpenSSL 1.1
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: f44a953b30b2a439a9477ed5ecf599e172366493

            gerrit Gerrit Updater added a comment - Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/33592/ Subject: LU-8602 gss: support OpenSSL 1.1 Project: fs/lustre-release Branch: master Current Patch Set: Commit: f44a953b30b2a439a9477ed5ecf599e172366493
            gerrit Gerrit Updater added a comment -

            Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/33493/
            Subject: LU-8602 gss: get rid of cfs_crypto_hash_desc
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: 553d93361d2db4ff39bf19ac66dc2d79f6e3e324

            gerrit Gerrit Updater added a comment - Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/33493/ Subject: LU-8602 gss: get rid of cfs_crypto_hash_desc Project: fs/lustre-release Branch: master Current Patch Set: Commit: 553d93361d2db4ff39bf19ac66dc2d79f6e3e324
            gerrit Gerrit Updater added a comment -

            Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/28309/
            Subject: LU-8602 gss: Properly port gss to newer crypto api.
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: a21c13d4df4bea1bec0f5804136740ed53d5a57f

            gerrit Gerrit Updater added a comment - Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/28309/ Subject: LU-8602 gss: Properly port gss to newer crypto api. Project: fs/lustre-release Branch: master Current Patch Set: Commit: a21c13d4df4bea1bec0f5804136740ed53d5a57f
            simmonsja James A Simmons added a comment -

            Sebastien I got everything to work on Ubuntu/Debian

            simmonsja James A Simmons added a comment - Sebastien I got everything to work on Ubuntu/Debian
            gerrit Gerrit Updater added a comment -

            Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: https://review.whamcloud.com/33592
            Subject: LU-8602 gss: support OpenSSL 1.1
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: 4cb1c93ba786b8378a808cd7a863f46b45eab238

            gerrit Gerrit Updater added a comment - Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: https://review.whamcloud.com/33592 Subject: LU-8602 gss: support OpenSSL 1.1 Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: 4cb1c93ba786b8378a808cd7a863f46b45eab238
            gerrit Gerrit Updater added a comment -

            Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: https://review.whamcloud.com/33493
            Subject: LU-8602 gss: get rid of cfs_crypto_hash_desc
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: 3ef2ea65e9701f8cee19d987c9927fe1e12779b9

            gerrit Gerrit Updater added a comment - Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: https://review.whamcloud.com/33493 Subject: LU-8602 gss: get rid of cfs_crypto_hash_desc Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: 3ef2ea65e9701f8cee19d987c9927fe1e12779b9
            pjones Peter Jones added a comment -

            James

            Have you tried this recently? How does GSS behave with Ubuntu 18.04 clients?

            Peter

            pjones Peter Jones added a comment - James Have you tried this recently? How does GSS behave with Ubuntu 18.04 clients? Peter
            gerrit Gerrit Updater added a comment -

            Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/31191/
            Subject: LU-8602 gss: autoconf check missing "test" keyword
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: 4dd55cb2bcffd681117b8513a91908afe0647108

            gerrit Gerrit Updater added a comment - Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/31191/ Subject: LU-8602 gss: autoconf check missing "test" keyword Project: fs/lustre-release Branch: master Current Patch Set: Commit: 4dd55cb2bcffd681117b8513a91908afe0647108
            gerrit Gerrit Updater added a comment -

            Olaf Faaland-LLNL (faaland1@llnl.gov) uploaded a new patch: https://review.whamcloud.com/31191
            Subject: LU-8602 gss: autoconf check missing "test" keyword
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: 9b73c8b86b67f7f78b97c95ac81ff2d5f7a0bc69

            gerrit Gerrit Updater added a comment - Olaf Faaland-LLNL (faaland1@llnl.gov) uploaded a new patch: https://review.whamcloud.com/31191 Subject: LU-8602 gss: autoconf check missing "test" keyword Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: 9b73c8b86b67f7f78b97c95ac81ff2d5f7a0bc69
            jfilizetti Jeremy Filizetti added a comment -

            The patch at https://review.whamcloud.com/31095 breaks the ability to build SSK due to a script error:

            checking for krb5_derive_key in -lgssapi_krb5... no
            ./configure: line 21783: xyes: command not found
            checking whether OpenSSL has functions needed for SSK... no

            This is due to the second part of the if statement after the &&:
            AS_IF([test "x$gss_conf_test" = xsuccess && "x$enable_gss" != xno], [

            This should probably be
            AS_IF([test "x$gss_conf_test" = xsuccess && test "x$enable_gss" != xno], [

            jfilizetti Jeremy Filizetti added a comment - The patch at https://review.whamcloud.com/31095 breaks the ability to build SSK due to a script error: checking for krb5_derive_key in -lgssapi_krb5... no ./configure: line 21783: xyes: command not found checking whether OpenSSL has functions needed for SSK... no This is due to the second part of the if statement after the &&: AS_IF( [test "x$gss_conf_test" = xsuccess && "x$enable_gss" != xno] , [ This should probably be AS_IF( [test "x$gss_conf_test" = xsuccess && test "x$enable_gss" != xno] , [

            People

              simmonsja James A Simmons
              simmonsja James A Simmons
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: