lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 26 Oct 2012 02:22:58 -0400 (EDT)
From:	David Miller <davem@...emloft.net>
To:	vyasevich@...il.com
Cc:	nhorman@...driver.com, linux-sctp@...r.kernel.org,
	netdev@...r.kernel.org
Subject: Re: [PATCH v2] sctp: Make hmac algorithm selection for cookie
 generation dynamic

From: Vlad Yasevich <vyasevich@...il.com>
Date: Thu, 25 Oct 2012 09:09:28 -0400

> On 10/24/2012 03:20 PM, Neil Horman wrote:
>> Currently sctp allows for the optional use of md5 of sha1 hmac
>> algorithms to
>> generate cookie values when establishing new connections via two build
>> time
>> config options.  Theres no real reason to make this a static
>> selection.  We can
>> add a sysctl that allows for the dynamic selection of these algorithms
>> at run
>> time, with the default value determined by the corresponding crypto
>> library
>> availability.
>> This comes in handy when, for example running a system in FIPS mode,
>> where use
>> of md5 is disallowed, but SHA1 is permitted.
>>
>> Note: This new sysctl has no corresponding socket option to select the
>> cookie
>> hmac algorithm.  I chose not to implement that intentionally, as RFC
>> 6458
>> contains no option for this value, and I opted not to pollute the
>> socket option
>> namespace.
>>
>> Change notes:
>> v2)
>> 	* Updated subject to have the proper sctp prefix as per Dave M.
>> 	* Replaced deafult selection options with new options that allow
>> 	  developers to explicitly select available hmac algs at build time
>> 	  as per suggestion by Vlad Y.
>>
> 
> Thanks Neil.  That's much better.
> 
> Acked-by: Vlad Yasevich <vyasevich@...il.com>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ