Details
-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
None
-
Any system using GSS and a linux kernel 4.6 and above.
-
9223372036854775807
Description
Currently the GSS code for Lustre directly uses the linux crypto API. This code uses struct crypto_hash which has now been removed in newer kernels for struct crypto_ahash. Libcfs crypto API has moved to this new kernel API but it doesn't have support for the algos that GSS wants to use. So the first question to ask is does GSS move to libcfs crypto API and we expand support in the libcfs crypto API to AES and DEC or do we ignore libcfs crypto API and just use the linux crypto api directly and use the newer ahash api.
Attachments
Issue Links
- is related to
-
LU-9073 SSK: lgss_sk generates keys with invalid HMAC and Crypto algorithms
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- is related to
-
-
- Reopened
-
-
-
- Resolved
-
-
LU-3289 IU Shared Secret Key authentication and encryption
-
- Resolved
-
-
-
- Resolved
-
Activity
Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: https://review.whamcloud.com/33592
Subject: LU-8602 gss: support OpenSSL 1.1
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 4cb1c93ba786b8378a808cd7a863f46b45eab238
Sebastien Buisson (sbuisson@ddn.com) uploaded a new patch: https://review.whamcloud.com/33493
Subject: LU-8602 gss: get rid of cfs_crypto_hash_desc
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 3ef2ea65e9701f8cee19d987c9927fe1e12779b9
James
Have you tried this recently? How does GSS behave with Ubuntu 18.04 clients?
Peter
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/31191/
Subject: LU-8602 gss: autoconf check missing "test" keyword
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 4dd55cb2bcffd681117b8513a91908afe0647108
Olaf Faaland-LLNL (faaland1@llnl.gov) uploaded a new patch: https://review.whamcloud.com/31191
Subject: LU-8602 gss: autoconf check missing "test" keyword
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 9b73c8b86b67f7f78b97c95ac81ff2d5f7a0bc69
The patch at https://review.whamcloud.com/31095 breaks the ability to build SSK due to a script error:
checking for krb5_derive_key in -lgssapi_krb5... no
./configure: line 21783: xyes: command not found
checking whether OpenSSL has functions needed for SSK... no
This is due to the second part of the if statement after the &&:
AS_IF([test "x$gss_conf_test" = xsuccess && "x$enable_gss" != xno], [
This should probably be
AS_IF([test "x$gss_conf_test" = xsuccess && test "x$enable_gss" != xno], [
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/31095/
Subject: LU-8602 gss: Fix autoconf check for crypto_hash
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: f6329102615e111490c7955a0a9e8b8610f8a244
Olaf Faaland-LLNL (faaland1@llnl.gov) uploaded a new patch: https://review.whamcloud.com/31095
Subject: LU-8602 gss: Fix autoconf check for crypto_hash
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 4d35ca99ac1a1e23c3ccf30303e88e5e7d063d79
There is an bug in the autoconf code for LC_CONFIG_GSS; if LC_HAVE_CRYPTO_HASH sets enable_gss to no, but gss_conf_test==success, enable_gss is set back to yes and the build fails.
Should I submit a patch? That code will go away when "gss: Properly port gss to newer crypto api" is landed, but I assume the latter will not be backported to 2.10 whereas the autoconf fix could be.
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/25199/
Subject: LU-8602 libcfs: call proper crypto algo when keys are passed in
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 53e967746f37d5f0322bfc984af3ce1c9517079b
Sebastien I got everything to work on Ubuntu/Debian