1
linux/net/sctp
Neil Horman 3c68198e75 sctp: Make hmac algorithm selection for cookie generation dynamic
Currently sctp allows for the optional use of md5 of sha1 hmac algorithms to
generate cookie values when establishing new connections via two build time
config options.  Theres no real reason to make this a static selection.  We can
add a sysctl that allows for the dynamic selection of these algorithms at run
time, with the default value determined by the corresponding crypto library
availability.
This comes in handy when, for example running a system in FIPS mode, where use
of md5 is disallowed, but SHA1 is permitted.

Note: This new sysctl has no corresponding socket option to select the cookie
hmac algorithm.  I chose not to implement that intentionally, as RFC 6458
contains no option for this value, and I opted not to pollute the socket option
namespace.

Change notes:
v2)
	* Updated subject to have the proper sctp prefix as per Dave M.
	* Replaced deafult selection options with new options that allow
	  developers to explicitly select available hmac algs at build time
	  as per suggestion by Vlad Y.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: Vlad Yasevich <vyasevich@gmail.com>
CC: "David S. Miller" <davem@davemloft.net>
CC: netdev@vger.kernel.org
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-10-26 02:22:18 -04:00
..
associola.c sctp: Make sysctl tunables per net 2012-08-14 23:32:16 -07:00
auth.c sctp: fix bogus if statement in sctp_auth_recv_cid() 2012-08-16 13:36:29 -07:00
bind_addr.c sctp: Make sysctl tunables per net 2012-08-14 23:32:16 -07:00
chunk.c sctp: Make the mib per network namespace 2012-08-14 23:30:36 -07:00
command.c
debug.c sctp: remove completely unsed EMPTY state 2011-04-20 01:51:03 -07:00
endpointola.c sctp: Make sysctl tunables per net 2012-08-14 23:32:16 -07:00
input.c sctp: fix a typo in prototype of __sctp_rcv_lookup() 2012-10-04 15:53:48 -04:00
inqueue.c
ipv6.c sctp: Make the mib per network namespace 2012-08-14 23:30:36 -07:00
Kconfig sctp: Make hmac algorithm selection for cookie generation dynamic 2012-10-26 02:22:18 -04:00
Makefile
objcnt.c sctp: Make the proc files per network namespace. 2012-08-14 23:29:53 -07:00
output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-09-15 11:43:53 -04:00
outqueue.c sctp: check src addr when processing SACK to update transport state 2012-10-04 15:53:48 -04:00
primitive.c sctp: Push struct net down to sctp_chunk_event_lookup 2012-08-14 23:30:37 -07:00
probe.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-10-23 11:47:02 -07:00
proc.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2012-08-24 18:54:37 -04:00
protocol.c sctp: Make hmac algorithm selection for cookie generation dynamic 2012-10-26 02:22:18 -04:00
sm_make_chunk.c sctp: Make sysctl tunables per net 2012-08-14 23:32:16 -07:00
sm_sideeffect.c sctp: fix call to SCTP_CMD_PROCESS_SACK in sctp_cmd_interpreter() 2012-10-16 14:41:46 -04:00
sm_statefuns.c sctp: check src addr when processing SACK to update transport state 2012-10-04 15:53:48 -04:00
sm_statetable.c sctp: Make sysctl tunables per net 2012-08-14 23:32:16 -07:00
socket.c sctp: Make hmac algorithm selection for cookie generation dynamic 2012-10-26 02:22:18 -04:00
ssnmap.c
sysctl.c sctp: Make hmac algorithm selection for cookie generation dynamic 2012-10-26 02:22:18 -04:00
transport.c sctp: Make sysctl tunables per net 2012-08-14 23:32:16 -07:00
tsnmap.c sctp: be more restrictive in transport selection on bundled sacks 2012-06-30 22:44:35 -07:00
ulpevent.c netvm: prevent a stream-specific deadlock 2012-07-31 18:42:47 -07:00
ulpqueue.c sctp: Make the mib per network namespace 2012-08-14 23:30:36 -07:00