lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 7 Jan 2013 09:49:21 -0500
From:	Neil Horman <nhorman@...driver.com>
To:	Florian Fainelli <florian@...nwrt.org>
Cc:	netdev@...r.kernel.org, David Miller <davem@...emloft.net>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Vlad Yasevich <vyasevich@...il.com>, linux-sctp@...r.kernel.org
Subject: Re: [PATCH v2] sctp: Change defaults on cookie hmac selection

On Mon, Jan 07, 2013 at 02:25:39PM +0100, Florian Fainelli wrote:
> Hello Neil,
> 
> Le 12/15/12 02:22, Neil Horman a écrit :
> >Recently I posted commit 3c68198e75 which made selection of the cookie hmac
> >algorithm selectable.  This is all well and good, but Linus noted that it
> >changes the default config:
> >http://marc.info/?l=linux-netdev&m=135536629004808&w=2
> >
> >I've modified the sctp Kconfig file to reflect the recommended way of making
> >this choice, using the thermal driver example specified, and brought the
> >defaults back into line with the way they were prior to my origional patch
> >
> >Also, on Linus' suggestion, re-adding ability to select default 'none' hmac
> >algorithm, so we don't needlessly bloat the kernel by forcing a non-none
> >default.  This also led me to note that we won't honor the default none
> >condition properly because of how sctp_net_init is encoded.  Fix that up as
> >well.
> >
> >Tested by myself (allbeit fairly quickly).  All configuration combinations seems
> >to work soundly.
> >
> >Signed-off-by: Neil Horman <nhorman@...driver.com>
> >CC: David Miller <davem@...emloft.net>
> >CC: Linus Torvalds <torvalds@...ux-foundation.org>
> >CC: Vlad Yasevich <vyasevich@...il.com>
> >CC: linux-sctp@...r.kernel.org
> >---
> >  net/sctp/Kconfig    | 27 +++++++++++++++++++++++++--
> >  net/sctp/protocol.c |  4 ++--
> >  2 files changed, 27 insertions(+), 4 deletions(-)
> >
> >diff --git a/net/sctp/Kconfig b/net/sctp/Kconfig
> >index a9edd2e..c262106 100644
> >--- a/net/sctp/Kconfig
> >+++ b/net/sctp/Kconfig
> >@@ -66,12 +66,36 @@ config SCTP_DBG_OBJCNT
> >  	  'cat /proc/net/sctp/sctp_dbg_objcnt'
> >
> >  	  If unsure, say N
> >+choice
> >+	prompt "Default SCTP cookie HMAC encoding"
> >+	default SCTP_COOKIE_HMAC_MD5
> 
> Should not this be SCTP_DEFAULT_COOKIE_HMAC_MD5? I just tried to
> update to 3.8-rc2, and I usually build my kernel-headers with:
> 
> yes '' | ARCH=foo make oldconfig
> 
> and this just kept asking me for this config symbol because none
> could be provided.
> --
> Florian
> 

No, the config mechanism is setup to offer the user the ability to choose a
default cookie hmac, alg, then optionally select any other hmac algs you would
like to be made available (in the event you want to change the default at run
time).  When you select the default, it eables (via the select directive), the
corresponding SCTP_COOKIE_HMAC_* config option, which is used in the build, and
then prompts for the remaining values.

Neil

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ