Re: [PATCH net-next v2 3/3] sctp: Convert cookie authentication to use HMAC-SHA256
From: Xin Long <lucien.xin@gmail.com>
Date: 2025-08-15 21:19:39
Also in:
linux-crypto, linux-sctp
From: Xin Long <lucien.xin@gmail.com>
Date: 2025-08-15 21:19:39
Also in:
linux-crypto, linux-sctp
On Fri, Aug 15, 2025 at 3:09 PM Jakub Kicinski [off-list ref] wrote:
On Tue, 12 Aug 2025 21:01:21 -0700 Eric Biggers wrote:quoted
+ if (net->sctp.cookie_auth_enable) + tbl.data = (char *)"sha256"; + else + tbl.data = (char *)"none"; + tbl.maxlen = strlen(tbl.data); + return proc_dostring(&tbl, 0, buffer, lenp, ppos);I wonder if someone out there expects to read back what they wrote, but let us find out.
I feel it's a bit weird to have: # sysctl net.sctp.cookie_hmac_alg="md5" net.sctp.cookie_hmac_alg = md5 # sysctl net.sctp.cookie_hmac_alg net.sctp.cookie_hmac_alg = sha256 This patch deprecates md5 and sha1 use there. So generally, for situations like this, should we also issue a warning, or just fail it? Paolo, what do you think?
It'd be great to get an ack / review from SCTP maintainers, otherwise we'll apply by Monday..
Other than that, LGTM. Sorry for the late reply, I was running some SCTP-auth related tests against the patchset.