From 3c68198e75111a905ac2412be12bf7b29099729b Mon Sep 17 00:00:00 2001 From: Neil Horman Date: Wed, 24 Oct 2012 09:20:03 +0000 Subject: sctp: Make hmac algorithm selection for cookie generation dynamic Currently sctp allows for the optional use of md5 of sha1 hmac algorithms to generate cookie values when establishing new connections via two build time config options. Theres no real reason to make this a static selection. We can add a sysctl that allows for the dynamic selection of these algorithms at run time, with the default value determined by the corresponding crypto library availability. This comes in handy when, for example running a system in FIPS mode, where use of md5 is disallowed, but SHA1 is permitted. Note: This new sysctl has no corresponding socket option to select the cookie hmac algorithm. I chose not to implement that intentionally, as RFC 6458 contains no option for this value, and I opted not to pollute the socket option namespace. Change notes: v2) * Updated subject to have the proper sctp prefix as per Dave M. * Replaced deafult selection options with new options that allow developers to explicitly select available hmac algs at build time as per suggestion by Vlad Y. Signed-off-by: Neil Horman CC: Vlad Yasevich CC: "David S. Miller" CC: netdev@vger.kernel.org Acked-by: Vlad Yasevich Signed-off-by: David S. Miller --- net/sctp/protocol.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'net/sctp/protocol.c') diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c index 2d518425d598..456bc3dbdd51 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -1190,6 +1190,15 @@ static int sctp_net_init(struct net *net) /* Whether Cookie Preservative is enabled(1) or not(0) */ net->sctp.cookie_preserve_enable = 1; + /* Default sctp sockets to use md5 as their hmac alg */ +#if defined (CONFIG_CRYPTO_MD5) + net->sctp.sctp_hmac_alg = "md5"; +#elif defined (CONFIG_CRYPTO_SHA1) + net->sctp.sctp_hmac_alg = "sha1"; +#else + net->sctp.sctp_hmac_alg = NULL; +#endif + /* Max.Burst - 4 */ net->sctp.max_burst = SCTP_DEFAULT_MAX_BURST; -- cgit v1.2.3 From f5f417c063b83ca3de493e79e7d8c9144d9e7368 Mon Sep 17 00:00:00 2001 From: Christoph Paasch Date: Thu, 6 Dec 2012 03:03:12 +0000 Subject: sctp: Fix compiler warning when CONFIG_DEBUG_SECTION_MISMATCH=y WARNING: net/sctp/sctp.o(.text+0x72f1): Section mismatch in reference from the function sctp_net_init() to the function .init.text:sctp_proc_init() The function sctp_net_init() references the function __init sctp_proc_init(). This is often because sctp_net_init lacks a __init annotation or the annotation of sctp_proc_init is wrong. And put __net_init after 'int' for sctp_proc_init - as it is done everywhere else in the sctp-stack. Signed-off-by: Christoph Paasch Acked-by: Neil Horman Acked-by: Vlad Yasevich Signed-off-by: David S. Miller --- net/sctp/protocol.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'net/sctp/protocol.c') diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c index 456bc3dbdd51..2c7785bacf74 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -86,7 +86,7 @@ int sysctl_sctp_rmem[3]; int sysctl_sctp_wmem[3]; /* Set up the proc fs entry for the SCTP protocol. */ -static __net_init int sctp_proc_init(struct net *net) +static int __net_init sctp_proc_init(struct net *net) { #ifdef CONFIG_PROC_FS net->sctp.proc_net_sctp = proc_net_mkdir(net, "sctp", net->proc_net); @@ -1165,7 +1165,7 @@ static void sctp_v4_del_protocol(void) unregister_inetaddr_notifier(&sctp_inetaddr_notifier); } -static int sctp_net_init(struct net *net) +static int __net_init sctp_net_init(struct net *net) { int status; @@ -1290,7 +1290,7 @@ err_sysctl_register: return status; } -static void sctp_net_exit(struct net *net) +static void __net_exit sctp_net_exit(struct net *net) { /* Free the local address list */ sctp_free_addr_wq(net); -- cgit v1.2.3