lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <59a973c8-4cf1-46b4-960e-a54c64ffdaed@kernel.org>
Date: Fri, 1 Aug 2025 17:17:56 +0200
From: Matthieu Baerts <matttbe@...nel.org>
To: Eric Biggers <ebiggers@...nel.org>
Cc: linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
 Paolo Abeni <pabeni@...hat.com>, Mat Martineau <martineau@...nel.org>,
 Geliang Tang <geliang@...nel.org>, netdev@...r.kernel.org,
 mptcp@...ts.linux.dev
Subject: Re: [PATCH net] mptcp: use HMAC-SHA256 library instead of open-coded
 HMAC

Hi Eric,

On 31/07/2025 23:41, Eric Biggers wrote:
> On Thu, Jul 31, 2025 at 11:27:50PM +0200, Matthieu Baerts wrote:
>> Hi Eric,
>>
>> On 31/07/2025 21:50, Eric Biggers wrote:
>>> Now that there are easy-to-use HMAC-SHA256 library functions, use these
>>> in net/mptcp/crypto.c instead of open-coding the HMAC algorithm.
>>>
>>> Remove the WARN_ON_ONCE() for messages longer than SHA256_DIGEST_SIZE.
>>> The new implementation handles all message lengths correctly.
>>>
>>> The mptcp-crypto KUnit test still passes after this change.
>>
>> Thank you for this patch! It is a good idea, and it looks good to me!
>>
>> Reviewed-by: Matthieu Baerts (NGI0) <matttbe@...nel.org>
>>
>> One small detail: net-next is currently closed [1], and I don't think
>> this patch can be applied in -net. So except if you plan to take it in
>> the libcrypto tree for 6.17 -- but that's probably strange -- what I can
>> do is to apply it in the MPTCP tree, and send it to net-next later on.
>> Is this OK for you?
>>
>> [1] https://patchwork.hopto.org/net-next.html
>>
>> Cheers,
>> Matt
>> --
> 
> The MPTCP tree (and then net-next) for 6.18 is fine.  I know this isn't
> a great time to send patches, but I just happened to have some time now.

No problem, having this patch now is fine for MPTCP. I just queued it
for 6.18.

Applied in our tree (feat. for net-next):

New patches for t/upstream:
- 1eadc6f75c43: mptcp: use HMAC-SHA256 library instead of open-coded HMAC
- Results: 94c274f914c9..5c7ec796258e (export)

Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ