From: Neil Horman <nhorman@xxxxxxxxxxxxx> Date: Fri, 19 Oct 2012 11:52:06 -0400 > Currently sctp allows for the optional use of md5 of sha1 hmac algorithms to > generate cookie values when establishing new connections via two build time > config options. Theres no real reason to make this a static selection. We can > add a sysctl that allows for the dynamic selection of these algorithms at run > time, with the default value determined by the corresponding crypto library > config options. It saves us two needless configuration settings and enables the > freedom for administrators to select which algorithm a particular system uses. > This comes in handy when, for example running a system in FIPS mode, where use > of md5 is disallowed, but SHA1 is permitted. > > Note: This new sysctl has no corresponding socket option to select the cookie > hmac algorithm. I chose not to implement that intentionally, as RFC 6458 > contains no option for this value, and I opted not to pollute the socket option > namespace. > > Signed-off-by: Neil Horman <nhorman@xxxxxxxxxxxxx> Neil, please use appropriate subject prefixes in your patch submissions. In this case "sctp: " would have been appropriate. Vlad, this patch looks fine to me, but I'd like you to review it too before I apply it. Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-sctp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
