MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2026-01-27 12:47:24 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,381,986 Commits 625 Branches 4,574 Tags 3.9 GiB
C 97.3%
Assembly 1%
Shell 0.6%
Python 0.4%
Makefile 0.3%
Other 0.2%
2f3dd6ec90
Go to file
Eric Biggers 2f3dd6ec90 sctp: Convert cookie authentication to use HMAC-SHA256 
Convert SCTP cookies to use HMAC-SHA256, instead of the previous choice
of the legacy algorithms HMAC-MD5 and HMAC-SHA1.  Simplify and optimize
the code by using the HMAC-SHA256 library instead of crypto_shash, and
by preparing the HMAC key when it is generated instead of per-operation.

This doesn't break compatibility, since the cookie format is an
implementation detail, not part of the SCTP protocol itself.

Note that the cookie size doesn't change either.  The HMAC field was
already 32 bytes, even though previously at most 20 bytes were actually
compared.  32 bytes exactly fits an untruncated HMAC-SHA256 value.  So,
although we could safely truncate the MAC to something slightly shorter,
for now just keep the cookie size the same.

I also considered SipHash, but that would generate only 8-byte MACs.  An
8-byte MAC *might* suffice here.  However, there's quite a lot of
information in the SCTP cookies: more than in TCP SYN cookies.  So
absent an analysis that occasional forgeries of all that information is
okay in SCTP, I errored on the side of caution.

Remove HMAC-MD5 and HMAC-SHA1 as options, since the new HMAC-SHA256
option is just better.  It's faster as well as more secure.  For
example, benchmarking on x86_64, cookie authentication is now nearly 3x
as fast as the previous default choice and implementation of HMAC-MD5.

Also just make the kernel always support cookie authentication if SCTP
is supported at all, rather than making it optional in the build.  (It
was sort of optional before, but it didn't really work properly.  E.g.,
a kernel with CONFIG_SCTP_COOKIE_HMAC_MD5=n still supported HMAC-MD5
cookie authentication if CONFIG_CRYPTO_HMAC and CONFIG_CRYPTO_MD5
happened to be enabled in the kconfig for other reasons.)

Acked-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Link: https://patch.msgid.link/20250818205426.30222-5-ebiggers@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-08-19 19:36:26 -07:00
arch Including fixes from Netfilter and IPsec. 2025-08-14 07:14:30 -07:00
block block-6.17-20250808 2025-08-09 08:47:28 +03:00
certs
crypto Significant patch series in this pull request: 2025-08-03 16:23:09 -07:00
Documentation sctp: Convert cookie authentication to use HMAC-SHA256 2025-08-19 19:36:26 -07:00
drivers net: stmmac: dwmac4: stop hardware from dropping checksum-error packets 2025-08-19 18:33:06 -07:00
fs Changes since last update: 2025-08-13 11:29:27 -07:00
include sctp: Convert cookie authentication to use HMAC-SHA256 2025-08-19 19:36:26 -07:00
init Significant patch series in this pull request: 2025-08-03 16:23:09 -07:00
io_uring io_uring/memmap: cast nr_pages to size_t before shifting 2025-08-08 06:35:14 -06:00
ipc vfs-6.17-rc1.mmap_prepare 2025-07-28 13:43:25 -07:00
kernel Including fixes from Netfilter and IPsec. 2025-08-14 07:14:30 -07:00
lib Including fixes from Netfilter and IPsec. 2025-08-14 07:14:30 -07:00
LICENSES LICENSES: Replace the obsolete address of the FSF in the GFDL-1.2 2025-07-24 11:15:39 +02:00
mm net-memcg: Pass struct sock to mem_cgroup_sk_(un)?charge(). 2025-08-19 19:20:59 -07:00
net sctp: Convert cookie authentication to use HMAC-SHA256 2025-08-19 19:36:26 -07:00
rust Rust changes for v6.17 2025-08-03 13:49:10 -07:00
samples Significant patch series in this pull request: 2025-08-03 16:23:09 -07:00
scripts Kbuild updates for v6.17 2025-08-06 07:32:52 +03:00
security + Features 2025-08-04 08:17:28 -07:00
sound gpio updates for v6.17-rc1 2025-08-09 08:15:43 +03:00
tools selftests: net: Explicitly enable CONFIG_CRYPTO_SHA1 for IPsec 2025-08-19 19:36:24 -07:00
usr usr/include: openrisc: don't HDRTEST bpf_perf_event.h 2025-05-12 15:03:17 +09:00
virt Merge tag 'kvm-x86-no_assignment-6.17' of https://github.com/kvm-x86/linux into HEAD 2025-07-29 08:36:42 -04:00
.clang-format Linux 6.15-rc5 2025-05-06 16:39:25 +10:00
.clippy.toml rust: clean Rust 1.88.0's warning about clippy::disallowed_macros configuration 2025-05-07 00:11:47 +02:00
.cocciconfig
.editorconfig
.get_maintainer.ignore
.gitattributes
.gitignore gitignore: allow .pylintrc to be tracked 2025-07-02 17:10:04 -06:00
.mailmap Significant patch series in this pull request: 2025-08-03 16:23:09 -07:00
.pylintrc docs: add a .pylintrc file with sys path for docs scripts 2025-04-09 12:10:33 -06:00
.rustfmt.toml
COPYING
CREDITS Kbuild updates for v6.17 2025-08-06 07:32:52 +03:00
Kbuild
Kconfig
MAINTAINERS [GIT PULL for v6.17-rc2] docs fixes 2025-08-14 17:26:38 -07:00
Makefile Linux 6.17-rc1 2025-08-10 19:41:16 +03:00
README

README

Linux kernel

There are several guides for kernel developers and users. These guides can be rendered in a number of formats, like HTML and PDF. Please read Documentation/admin-guide/README.rst first.

In order to build the documentation, use make htmldocs or make pdfdocs. The formatted documentation can also be read online at:

https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory, several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the requirements for building and running the kernel, and information about the problems which may result by upgrading your kernel.