From: Vlad Yasevich <vyasevich@xxxxxxxxx> Date: Thu, 25 Oct 2012 09:09:28 -0400 > On 10/24/2012 03:20 PM, Neil Horman wrote: >> Currently sctp allows for the optional use of md5 of sha1 hmac >> algorithms to >> generate cookie values when establishing new connections via two build >> time >> config options. Theres no real reason to make this a static >> selection. We can >> add a sysctl that allows for the dynamic selection of these algorithms >> at run >> time, with the default value determined by the corresponding crypto >> library >> availability. >> This comes in handy when, for example running a system in FIPS mode, >> where use >> of md5 is disallowed, but SHA1 is permitted. >> >> Note: This new sysctl has no corresponding socket option to select the >> cookie >> hmac algorithm. I chose not to implement that intentionally, as RFC >> 6458 >> contains no option for this value, and I opted not to pollute the >> socket option >> namespace. >> >> Change notes: >> v2) >> * Updated subject to have the proper sctp prefix as per Dave M. >> * Replaced deafult selection options with new options that allow >> developers to explicitly select available hmac algs at build time >> as per suggestion by Vlad Y. >> > > Thanks Neil. That's much better. > > Acked-by: Vlad Yasevich <vyasevich@xxxxxxxxx> Applied. -- To unsubscribe from this list: send the line "unsubscribe linux-sctp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
