Thread (13 messages) 13 messages, 3 authors, 2025-08-18

Re: [PATCH net-next v2 3/3] sctp: Convert cookie authentication to use HMAC-SHA256

From: Xin Long <lucien.xin@gmail.com>
Date: 2025-08-15 21:19:39
Also in: linux-crypto, linux-sctp

On Fri, Aug 15, 2025 at 3:09 PM Jakub Kicinski [off-list ref] wrote:
On Tue, 12 Aug 2025 21:01:21 -0700 Eric Biggers wrote:
quoted
+     if (net->sctp.cookie_auth_enable)
+             tbl.data = (char *)"sha256";
+     else
+             tbl.data = (char *)"none";
+     tbl.maxlen = strlen(tbl.data);
+     return proc_dostring(&tbl, 0, buffer, lenp, ppos);
I wonder if someone out there expects to read back what they wrote,
but let us find out.
I feel it's a bit weird to have:

# sysctl net.sctp.cookie_hmac_alg="md5"
net.sctp.cookie_hmac_alg = md5
# sysctl net.sctp.cookie_hmac_alg
net.sctp.cookie_hmac_alg = sha256

This patch deprecates md5 and sha1 use there.
So generally, for situations like this, should we also issue a
warning, or just fail it?

Paolo, what do you think?
It'd be great to get an ack / review from SCTP maintainers, otherwise
we'll apply by Monday..
Other than that, LGTM.
Sorry for the late reply, I was running some SCTP-auth related tests
against the patchset.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help