From: Eric Biggers <ebiggers@xxxxxxxxxx> The crypto algorithms selected by the ESP and AH kconfig options are out-of-date with the guidance of RFC 8221, which lists the legacy algorithms MD5 and DES as "MUST NOT" be implemented, and some more modern algorithms like AES-GCM and HMAC-SHA256 as "MUST" be implemented. But the options select the legacy algorithms, not the modern ones. Therefore, modify these options to select the MUST algorithms -- and *only* the MUST algorithms. Also improve the help text. Suggested-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Suggested-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx> Cc: Corentin Labbe <clabbe@xxxxxxxxxxxx> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> --- net/ipv4/Kconfig | 21 +++++++++++++++++++-- net/ipv6/Kconfig | 21 +++++++++++++++++++-- net/xfrm/Kconfig | 15 +++++++++------ 3 files changed, 47 insertions(+), 10 deletions(-) diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig index 39a7a21744dc03..14fc8d6582499b 100644 --- a/net/ipv4/Kconfig +++ b/net/ipv4/Kconfig @@ -342,7 +342,17 @@ config INET_AH tristate "IP: AH transformation" select XFRM_AH ---help--- - Support for IPsec AH. + Support for IPsec AH (Authentication Header). + + AH can be used with various authentication algorithms. Besides + enabling AH support itself, this option enables the generic + implementations of the algorithms that RFC 8221 lists as MUST be + implemented. If you need any other algorithms, you'll need to enable + them in the crypto API. You should also enable accelerated + implementations of any needed algorithms when available. + + Note that RFC 8221 considers AH itself to be "NOT RECOMMENDED". It is + better to use ESP only, using an AEAD cipher such as AES-GCM. If unsure, say Y. @@ -350,7 +360,14 @@ config INET_ESP tristate "IP: ESP transformation" select XFRM_ESP ---help--- - Support for IPsec ESP. + Support for IPsec ESP (Encapsulating Security Payload). + + ESP can be used with various encryption and authentication algorithms. + Besides enabling ESP support itself, this option enables the generic + implementations of the algorithms that RFC 8221 lists as MUST be + implemented. If you need any other algorithms, you'll need to enable + them in the crypto API. You should also enable accelerated + implementations of any needed algorithms when available. If unsure, say Y. diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig index 70313f16319dd2..7398085ab10d58 100644 --- a/net/ipv6/Kconfig +++ b/net/ipv6/Kconfig @@ -51,7 +51,17 @@ config INET6_AH tristate "IPv6: AH transformation" select XFRM_AH ---help--- - Support for IPsec AH. + Support for IPsec AH (Authentication Header). + + AH can be used with various authentication algorithms. Besides + enabling AH support itself, this option enables the generic + implementations of the algorithms that RFC 8221 lists as MUST be + implemented. If you need any other algorithms, you'll need to enable + them in the crypto API. You should also enable accelerated + implementations of any needed algorithms when available. + + Note that RFC 8221 considers AH itself to be "NOT RECOMMENDED". It is + better to use ESP only, using an AEAD cipher such as AES-GCM. If unsure, say Y. @@ -59,7 +69,14 @@ config INET6_ESP tristate "IPv6: ESP transformation" select XFRM_ESP ---help--- - Support for IPsec ESP. + Support for IPsec ESP (Encapsulating Security Payload). + + ESP can be used with various encryption and authentication algorithms. + Besides enabling ESP support itself, this option enables the generic + implementations of the algorithms that RFC 8221 lists as MUST be + implemented. If you need any other algorithms, you'll need to enable + them in the crypto API. You should also enable accelerated + implementations of any needed algorithms when available. If unsure, say Y. diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig index b2ff8df2c836ef..e77ba529229cf5 100644 --- a/net/xfrm/Kconfig +++ b/net/xfrm/Kconfig @@ -67,26 +67,29 @@ config XFRM_STATISTICS If unsure, say N. +# This option selects XFRM_ALGO along with the AH authentication algorithms that +# RFC 8221 lists as MUST be implemented. config XFRM_AH tristate select XFRM_ALGO select CRYPTO select CRYPTO_HMAC - select CRYPTO_MD5 - select CRYPTO_SHA1 + select CRYPTO_SHA256 +# This option selects XFRM_ALGO along with the ESP encryption and authentication +# algorithms that RFC 8221 lists as MUST be implemented. config XFRM_ESP tristate select XFRM_ALGO select CRYPTO + select CRYPTO_AES select CRYPTO_AUTHENC - select CRYPTO_HMAC - select CRYPTO_MD5 select CRYPTO_CBC - select CRYPTO_SHA1 - select CRYPTO_DES select CRYPTO_ECHAINIV + select CRYPTO_GCM + select CRYPTO_HMAC select CRYPTO_SEQIV + select CRYPTO_SHA256 config XFRM_IPCOMP tristate -- 2.26.2