Re: [PATCH net v3 3/3] esp, ah: modernize the crypto algorithm selections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 09, 2020 at 05:54:02PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@xxxxxxxxxx>
> 
> The crypto algorithms selected by the ESP and AH kconfig options are
> out-of-date with the guidance of RFC 8221, which lists the legacy
> algorithms MD5 and DES as "MUST NOT" be implemented, and some more
> modern algorithms like AES-GCM and HMAC-SHA256 as "MUST" be implemented.
> But the options select the legacy algorithms, not the modern ones.
> 
> Therefore, modify these options to select the MUST algorithms --
> and *only* the MUST algorithms.
> 
> Also improve the help text.
> 
> Suggested-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Suggested-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx>
> Cc: Corentin Labbe <clabbe@xxxxxxxxxxxx>
> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> ---
>  net/ipv4/Kconfig | 21 +++++++++++++++++++--
>  net/ipv6/Kconfig | 21 +++++++++++++++++++--
>  net/xfrm/Kconfig | 15 +++++++++------
>  3 files changed, 47 insertions(+), 10 deletions(-)

Acked-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux