| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADvbK_csEoZhA9vnGnYbfV90omFqZ6dX+V3eVmWP7qCOqWDAKw@mail.gmail.com> Date: Fri, 15 Aug 2025 17:19:27 -0400 From: Xin Long <lucien.xin@...il.com> To: Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com> Cc: Eric Biggers <ebiggers@...nel.org>, linux-sctp@...r.kernel.org, netdev@...r.kernel.org, Marcelo Ricardo Leitner <marcelo.leitner@...il.com>, linux-crypto@...r.kernel.org Subject: Re: [PATCH net-next v2 3/3] sctp: Convert cookie authentication to use HMAC-SHA256 On Fri, Aug 15, 2025 at 3:09 PM Jakub Kicinski <kuba@...nel.org> wrote: > > On Tue, 12 Aug 2025 21:01:21 -0700 Eric Biggers wrote: > > + if (net->sctp.cookie_auth_enable) > > + tbl.data = (char *)"sha256"; > > + else > > + tbl.data = (char *)"none"; > > + tbl.maxlen = strlen(tbl.data); > > + return proc_dostring(&tbl, 0, buffer, lenp, ppos); > > I wonder if someone out there expects to read back what they wrote, > but let us find out. I feel it's a bit weird to have: # sysctl net.sctp.cookie_hmac_alg="md5" net.sctp.cookie_hmac_alg = md5 # sysctl net.sctp.cookie_hmac_alg net.sctp.cookie_hmac_alg = sha256 This patch deprecates md5 and sha1 use there. So generally, for situations like this, should we also issue a warning, or just fail it? Paolo, what do you think? > > It'd be great to get an ack / review from SCTP maintainers, otherwise > we'll apply by Monday.. Other than that, LGTM. Sorry for the late reply, I was running some SCTP-auth related tests against the patchset.
Powered by blists - more mailing lists