This series converts SCTP chunk and cookie authentication to use the crypto library API instead of crypto_shash. This is much simpler (the diffstat should speak for itself), and also faster too. In addition, this series upgrades the cookie authentication to use HMAC-SHA256. I've tested that kernels with this series applied can continue to communicate using SCTP with older ones, in either direction, using any choice of None, HMAC-SHA1, or HMAC-SHA256 chunk authentication. Changed in v2: - Added patch which adds CONFIG_CRYPTO_SHA1 to some selftests configs Eric Biggers (3): selftests: net: Explicitly enable CONFIG_CRYPTO_SHA1 for IPsec sctp: Use HMAC-SHA1 and HMAC-SHA256 library for chunk authentication sctp: Convert cookie authentication to use HMAC-SHA256 Documentation/networking/ip-sysctl.rst | 11 +- include/net/netns/sctp.h | 4 +- include/net/sctp/auth.h | 17 +- include/net/sctp/constants.h | 9 +- include/net/sctp/structs.h | 35 +--- net/sctp/Kconfig | 47 ++---- net/sctp/auth.c | 166 ++++--------------- net/sctp/chunk.c | 3 +- net/sctp/endpointola.c | 23 +-- net/sctp/protocol.c | 11 +- net/sctp/sm_make_chunk.c | 60 +++---- net/sctp/sm_statefuns.c | 2 +- net/sctp/socket.c | 41 +---- net/sctp/sysctl.c | 51 +++--- tools/testing/selftests/net/config | 1 + tools/testing/selftests/net/netfilter/config | 1 + 16 files changed, 124 insertions(+), 358 deletions(-) base-commit: 8f5ae30d69d7543eee0d70083daf4de8fe15d585 -- 2.50.1
