Sha256Update,\r
Sha256Final\r
},\r
+#ifdef ENABLE_MD5_DEPRECATED_INTERFACES\r
//\r
// Keep the deprecated MD5 entry at the end of the array (making MD5 the\r
// least preferred choice of the initiator).\r
Md5Update,\r
Md5Final\r
},\r
+#endif // ENABLE_MD5_DEPRECATED_INTERFACES\r
};\r
\r
//\r
#\r
##\r
\r
-!if $(NETWORK_ISCSI_ENABLE) == TRUE\r
+!if $(NETWORK_ISCSI_ENABLE) == TRUE && $(NETWORK_ISCSI_MD5_ENABLE) == TRUE\r
MSFT:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES\r
INTEL:*_*_*_CC_FLAGS = /D ENABLE_MD5_DEPRECATED_INTERFACES\r
GCC:*_*_*_CC_FLAGS = -D ENABLE_MD5_DEPRECATED_INTERFACES\r
# DEFINE NETWORK_HTTP_BOOT_ENABLE = TRUE\r
# DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE\r
# DEFINE NETWORK_ISCSI_ENABLE = FALSE\r
+# DEFINE NETWORK_ISCSI_MD5_ENABLE = TRUE\r
# DEFINE NETWORK_VLAN_ENABLE = TRUE\r
#\r
# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>\r
DEFINE NETWORK_ISCSI_ENABLE = FALSE\r
!endif\r
\r
+!ifndef NETWORK_ISCSI_MD5_ENABLE\r
+ #\r
+ # This flag enables the deprecated MD5 hash algorithm in iSCSI CHAP\r
+ # authentication.\r
+ #\r
+ # Note: The NETWORK_ISCSI_MD5_ENABLE flag only makes a difference if\r
+ # NETWORK_ISCSI_ENABLE is TRUE; otherwise, NETWORK_ISCSI_MD5_ENABLE is\r
+ # ignored.\r
+ #\r
+ # With NETWORK_ISCSI_MD5_ENABLE set to TRUE, MD5 is enabled as the\r
+ # least preferred CHAP hash algorithm. With NETWORK_ISCSI_MD5_ENABLE\r
+ # set to FALSE, MD5 is disabled statically, at build time.\r
+ #\r
+ # The default value is TRUE, because RFC 7143 mandates MD5, and because\r
+ # several vendors' iSCSI targets only support MD5, for CHAP.\r
+ #\r
+ DEFINE NETWORK_ISCSI_MD5_ENABLE = TRUE\r
+!endif\r
+\r
!if $(NETWORK_ENABLE) == TRUE\r
#\r
# Check the flags to see if there is any conflict.\r