This series converts SCTP chunk and cookie authentication to use the crypto library API instead of crypto_shash. This is much simpler (the diffstat should speak for itself), and also faster too. In addition, this series upgrades the cookie authentication to use HMAC-SHA256. I've tested that kernels with this series applied can continue to communicate using SCTP with older ones, in either direction, using any choice of None, HMAC-SHA1, or HMAC-SHA256 chunk authentication. Changed in v3: - Added patch that fixes both MAC comparisons to be constant-time - Added patch that stops accepting md5 and sha1 for cookie_hmac_alg Changed in v2: - Added patch which adds CONFIG_CRYPTO_SHA1 to some selftests configs Eric Biggers (5): selftests: net: Explicitly enable CONFIG_CRYPTO_SHA1 for IPsec sctp: Fix MAC comparison to be constant-time sctp: Use HMAC-SHA1 and HMAC-SHA256 library for chunk authentication sctp: Convert cookie authentication to use HMAC-SHA256 sctp: Stop accepting md5 and sha1 for net.sctp.cookie_hmac_alg Documentation/networking/ip-sysctl.rst | 10 +- include/net/netns/sctp.h | 4 +- include/net/sctp/auth.h | 17 +- include/net/sctp/constants.h | 9 +- include/net/sctp/structs.h | 35 +--- net/sctp/Kconfig | 47 ++---- net/sctp/auth.c | 166 ++++--------------- net/sctp/chunk.c | 3 +- net/sctp/endpointola.c | 23 +-- net/sctp/protocol.c | 11 +- net/sctp/sm_make_chunk.c | 60 +++---- net/sctp/sm_statefuns.c | 5 +- net/sctp/socket.c | 41 +---- net/sctp/sysctl.c | 49 +++--- tools/testing/selftests/net/config | 1 + tools/testing/selftests/net/netfilter/config | 1 + 16 files changed, 122 insertions(+), 360 deletions(-) base-commit: bab3ce404553de56242d7b09ad7ea5b70441ea41 -- 2.50.1
