• Neil Horman's avatar
    sctp: Make hmac algorithm selection for cookie generation dynamic · 3c68198e
    Neil Horman authored
    Currently sctp allows for the optional use of md5 of sha1 hmac algorithms to
    generate cookie values when establishing new connections via two build time
    config options.  Theres no real reason to make this a static selection.  We can
    add a sysctl that allows for the dynamic selection of these algorithms at run
    time, with the default value determined by the corresponding crypto library
    availability.
    This comes in handy when, for example running a system in FIPS mode, where use
    of md5 is disallowed, but SHA1 is permitted.
    
    Note: This new sysctl has no corresponding socket option to select the cookie
    hmac algorithm.  I chose not to implement that intentionally, as RFC 6458
    contains no option for this value, and I opted not to pollute the socket option
    namespace.
    
    Change notes:
    v2)
    	* Updated subject to have the proper sctp prefix as per Dave M.
    	* Replaced deafult selection options with new options that allow
    	  developers to explicitly select available hmac algs at build time
    	  as per suggestion by Vlad Y.
    Signed-off-by: default avatarNeil Horman <nhorman@tuxdriver.com>
    CC: Vlad Yasevich <vyasevich@gmail.com>
    CC: "David S. Miller" <davem@davemloft.net>
    CC: netdev@vger.kernel.org
    Acked-by: default avatarVlad Yasevich <vyasevich@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    3c68198e
Kconfig 2.64 KB