Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp2380949rwd; Fri, 2 Jun 2023 08:38:53 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ74C71cPfKOoOq9t2zyLEoYR3RcZFUdlLYrCKqvLbDnRcikhFi7tps1FMc8bYc4hQLLUM7s X-Received: by 2002:a05:6a21:6d84:b0:10f:6529:5442 with SMTP id wl4-20020a056a216d8400b0010f65295442mr9836437pzb.49.1685720333649; Fri, 02 Jun 2023 08:38:53 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1685720333; cv=pass; d=google.com; s=arc-20160816; b=opKXFNngiJwn51dkDzppIueXzKKw3zknsyprRhqcCq1RYxSZxnrRdB2DUNbTQFIixN Mj8b82nDely37m3Y9B3WrH3E4jaXKWQ9yvB3HdTEKndRz6ru886Nl/7B8dpXpHQQ6dRJ aKTMmCCc85Tg7bbifmXTi6fjg0yzMRXLI4JBefqOFJFyilZYy2MIhyzvg48N6W3N52qA 5BQXxzbKt4tpJQyM1Rwp19eghTa9bip3T310n9IcTtv+bvB9ELAH7F/+XXHr5dUFh+lD Jmf9LNN9tB7p0sBZywDKsX0fHkZIIi4KsSRfiq3EC7bhnS6meaQS6rEECxvpBw1tXMzz Q3UA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:in-reply-to:content-disposition :references:message-id:subject:cc:to:from:date:dkim-signature; bh=tAERUP7tWwE4MNECYCM5/ajFW/6s/EdqUivVr3TQOU8=; b=dQyESKJ1edT4+a4FsFlseEUapWAepBR7WjJ0ODO5zViAiFUUHfepE1Pr1XQ8zTRmNn LI0Av3A00lFvp0hBzgtVgwGIEWB9+Zk1NobPxZuM+yzrfs3oz9URxXKFh8244LX4hYdG 0xhVcsyzWCECkr8LBDhRdSq0lx4oen2RD4ASGStxSOWMxlR/a7f5aJu9Y4xtJith6457 Th0kan+rgmlQXhqoZeG1pFRX/43m8xlNDKjoKXPn8gFQs8+Ypvux/UfnlR/RN+MFeV0M nux8t7/7xJu/gPrrceAf+JpNU7QmduwxJEoHa2KM25xi/rAgHDz072KKJzwKNh2NK7ju zeYw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@corigine.onmicrosoft.com header.s=selector2-corigine-onmicrosoft-com header.b=Gy9LvfJi; arc=pass (i=1 spf=pass spfdomain=corigine.com dkim=pass dkdomain=corigine.com dmarc=pass fromdomain=corigine.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=corigine.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c5-20020a63ea05000000b005303c1de315si1088587pgi.853.2023.06.02.08.38.37; Fri, 02 Jun 2023 08:38:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@corigine.onmicrosoft.com header.s=selector2-corigine-onmicrosoft-com header.b=Gy9LvfJi; arc=pass (i=1 spf=pass spfdomain=corigine.com dkim=pass dkdomain=corigine.com dmarc=pass fromdomain=corigine.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=corigine.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236564AbjFBPPd (ORCPT + 99 others); Fri, 2 Jun 2023 11:15:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36172 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236394AbjFBPPX (ORCPT ); Fri, 2 Jun 2023 11:15:23 -0400 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2100.outbound.protection.outlook.com [40.107.236.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0599CE43; Fri, 2 Jun 2023 08:15:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E2fKISemOoUpStM4T3ibnKvZzkH6I2Ol/3BN+9cur8ccaFaJ2rQy6pKLbjuaXWULetjXO77kkdC9/x+QtWrrYO5GiyIIW93YNT45WHwRSjk17KBBCJyaeEt2kvuEvsxPYbFCnsb0Dh1TFCSaB2zLvGQw8exg3PtSaBHD5tptl6STWc/uejUtQQiUbkvEkeEAZybghg7tjGfZpTxGKCv/7l0ugbwSnQgQQOryM8zheYvEfEWvcFx4firA/CSRdz0Oh+1zeIlAS8JWS0KdPyfuXnHCw1/k+uzNfQ8IeLRBmBf1Q/URNZES3UkjrbMxA6LkFkKWr+fD5Tn/gojNLkACsQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tAERUP7tWwE4MNECYCM5/ajFW/6s/EdqUivVr3TQOU8=; b=PPAa6jX7TLdQXeVSykTMTQUopqiLOzWW4/xgsdbbvTHXUkx65eqqImge3+rj1Rca+KBhmAvkOgrukvSazMN3ahGkZLtaM7d6N8Mx/WoJr5U8KaDuRgofRAmoQfxb/Qf9tigcLfbebRNfCMRZ0+SRAYizRxUu1N4hR1onN3BkOdkqbyzBUd3H7+E7MFsmBHAxwHCNIPamc6war9b/L9dy/2adr6zaZkJ/OQANf63mGm95h8/R62fEZ11aFAOHL3r6ZLHrXmRdrLtwiqauQbFoU8FQ39NYEiFsVVCGapq66EhTeT5VJFDdfxo9cHNRdDgIEO/tFFEkfF7lYjYNVPaIYA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=corigine.com; dmarc=pass action=none header.from=corigine.com; dkim=pass header.d=corigine.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=corigine.onmicrosoft.com; s=selector2-corigine-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tAERUP7tWwE4MNECYCM5/ajFW/6s/EdqUivVr3TQOU8=; b=Gy9LvfJiuNS2cAtxM+YzL/AwZ+KKxES/EQOReLY/tj7Vl0gLa8vGl+kc60jLZFJyGfkEv3tDHpCDXOji4qywIezXSrTC/oeD0vJD56b7iaJaao6waMNBt+51vL8zIL24l20CWuqKd9+/N0qFmuhdLxU0EOruuq6qr7XxBRJJ4ug= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=corigine.com; Received: from PH0PR13MB4842.namprd13.prod.outlook.com (2603:10b6:510:78::6) by PH7PR13MB6220.namprd13.prod.outlook.com (2603:10b6:510:24b::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.22; Fri, 2 Jun 2023 15:15:17 +0000 Received: from PH0PR13MB4842.namprd13.prod.outlook.com ([fe80::5e55:9a39:751f:55f6]) by PH0PR13MB4842.namprd13.prod.outlook.com ([fe80::5e55:9a39:751f:55f6%3]) with mapi id 15.20.6455.026; Fri, 2 Jun 2023 15:15:17 +0000 Date: Fri, 2 Jun 2023 17:15:09 +0200 From: Simon Horman To: Ashwin Dayanand Kamat Cc: Vlad Yasevich , Neil Horman , Marcelo Ricardo Leitner , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , linux-sctp@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, amakhalov@vmware.com, vsirnapalli@vmware.com, akaher@vmware.com, tkundu@vmware.com, keerthanak@vmware.com, Xin Long Subject: Re: [PATCH v3] net/sctp: Make sha1 as default algorithm if fips is enabled Message-ID: References: <1685643474-18654-1-git-send-email-kashwindayan@vmware.com> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1685643474-18654-1-git-send-email-kashwindayan@vmware.com> X-ClientProxiedBy: AS4P192CA0036.EURP192.PROD.OUTLOOK.COM (2603:10a6:20b:658::29) To PH0PR13MB4842.namprd13.prod.outlook.com (2603:10b6:510:78::6) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH0PR13MB4842:EE_|PH7PR13MB6220:EE_ X-MS-Office365-Filtering-Correlation-Id: ae704a03-8b8c-48e2-d673-08db637c2c1e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: llNwST21VM1nWJmYHFDD4E6Y5JUUGeAcBZqsUDTxV2FHJP2xYWVrao7B2Vxj82eTG4d6dCDDHXLYrk27tHOgWqXGpEYNASt5NFrC0KWRtdknx8NiUBnK+n7MLVbmm9Ru49EawveQ6fmwotCWJ0s2YxkvOC1339/GZ0kyBiZv7++wd3sfucWRC0p76ynzY2hjoA+2CtOHT2+fKjn2BRLLouQ3xEleyI2Mh5gCIjeiswfAsyMnMNW/nq/Y/q+BpZqtKbUJyhg9MCWi+mSxd3thusQlT1UM20l/49U2lc9QC9TDf3J6KM4GcBCefwxo3WNKBAWs/apmAOmxn4EQx2zadJSeQA9VMbh/owaSqvVXV1LMAr6m4WUlvvYW6OOiwaSd18zMx82kNE6ltgYMcCTGaI0zEb0OEF1QOWiYY/8aP3fUotoX4P85968xmus94EexfMHE9Mqgj2QynTemw+Ag/kg6GAhdhirF7eS79/0AgbcoQqYP1e58q86+tgwogfsASes2vFSYOo/Dlsxu31jCmx+qnc+LWpgaxk7VODLBHT/0d+zLZZDH8lVS3DKaxV6aUC89TIoV431kCcJ+SfWoOrZLaAU5sqskJpzEhykTKhQ= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR13MB4842.namprd13.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(396003)(39840400004)(376002)(136003)(366004)(346002)(451199021)(316002)(186003)(54906003)(6666004)(6486002)(86362001)(41300700001)(83380400001)(478600001)(2616005)(2906002)(26005)(44832011)(66476007)(66556008)(6916009)(66946007)(6512007)(5660300002)(7416002)(6506007)(36756003)(8676002)(38100700002)(4326008)(8936002);DIR:OUT;SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?R/NxoXN21GTc1zH5YEfN7JhEYk9wdq/dfYC8iIAJD08Wj19SEG6Duus1MmtQ?= =?us-ascii?Q?1m8SQJCxV043oa95+xsaDTcoAws4/t4n5jDpwJr+8mnOv8qQCkKuDpe/j46H?= =?us-ascii?Q?MeripAI/anaf5BBLFoEGLdhSD77v2b9akfk2DETXAIVeHcDXADra07WKDBHG?= =?us-ascii?Q?CgofPXFiMr7U/4wmsBxFE/13DI1To7frUkx23A8HLk3AYp2NjqlsprX8xfKK?= =?us-ascii?Q?TAT8IMabp3zerXclJq2KOoxnvBtOYtn60WjpPreSemvdDrrYPBfaJ65LrWNA?= =?us-ascii?Q?3TByAIk//fwvEosSeTSSPiF9Szq52XB9jEjE05ft3g6LS8L28CKbTW1Xp8HH?= =?us-ascii?Q?nxx1NbUU+THBN+Vzdl5m1l2ylqUsB6wzm0bk1iVTEdA6kir+7jf19gG70DyB?= =?us-ascii?Q?sq2r3725vmNK8QQSVLwdvqL3R9ibqPFXKFA/7Z0ZMs9GPxUSRU3w+yPAByfS?= =?us-ascii?Q?BZgXFG2JytJUVzH5gfv7CPGasglhN/tx/YI7XkmmXqHHilhN1/eiTe05jAgZ?= =?us-ascii?Q?F1H1ue4cWHCwq8xahmXPAgtOKTmISmGSUdCmh4RuHOnpvaL+hQMfj+oodySv?= =?us-ascii?Q?FuQ72ry/XXMjsIw74WsoGAJTsMjPhWsXiGhNmq/mEBzBiZXdvZLviP4L7e/6?= =?us-ascii?Q?x2c9LoAgyqPfidhjw0etMklWL6m+bnSvXPZvNIAFY4FOj+tQ96DcQjHtYYRh?= =?us-ascii?Q?FRj5YlqM930T8XP8NNic8rDMca06woKenEol8CQlxLBrGRFj1YtcewetsGVi?= =?us-ascii?Q?RfRpfyOCEPAidhQ+k260rM9MJw0JkqaGP58WjsgJSTM2h+2jydfU//Sgx24E?= =?us-ascii?Q?K5dVu7gZqTGeszCIq1Qg2fcyZG3oZTeXbupqg+6rXNNYugYYR3XSoonc3MZ5?= =?us-ascii?Q?cKA1Gw9uuCaK+q3jzxyPFBweUdPGIxzgfKPOyFh8+7NzoXubzCUrpmT9XMk2?= =?us-ascii?Q?HlWTUmI0WWd7iMfFqytWrMAHF4u7E9pHLDy3o1ywF4g2yv4qAWfEbrqLC6v+?= =?us-ascii?Q?jlhqYROysIq+WKicMePPEbhRWoCbxwschQPoulKa00oSt/sPlJM1pw2QvfvM?= =?us-ascii?Q?nXDVLWOb58oJ9ce1AKypiKgi1Qd7ppUxci2hKR9io0JpxW7/M6LvEXgroeRz?= =?us-ascii?Q?fLQy7SLCPDNpjlcdj9t/oI2P/GUdxhFdoRFz57jog5hYV7EiICbPDX/zxSex?= =?us-ascii?Q?yMd//LC7s53G8f7woXMb9i00lDAc/s0RukWFkUQKgP3yqMjZpvhV+xCKqj8L?= =?us-ascii?Q?kQNuMkzCudpyVUpH3yQHq6j3kRETDik8piAkpLeo0GQgLes2wHXvrPxmI/ND?= =?us-ascii?Q?YzAV0i7mulvTw1p1MROTf6MwCNsxCqsrsJyLxHdJLNcIvG5tHDeYkpU2/VxK?= =?us-ascii?Q?xh58BShXNALiwIZzjGlSiKFd/laSOMm+vj3AJEfx5xjXkkO0Z/XQwXviFgAj?= =?us-ascii?Q?bAx0yo366alItbY2kEUviRugTrSPCPdun+TBNKC7bXG0Bx/q6WTQjnFrQcCS?= =?us-ascii?Q?eHLbyHuGuWwS9/mRwlqqlQsGUlTa1+XMJPMLk/d2nqKu7+Ym68aqraeZgwFc?= =?us-ascii?Q?lx4269LSZJutSJmA2uy43VyrqaAbJu06qOOoKukhj4+q3OGxWbGu84n4HwH9?= =?us-ascii?Q?YQ=3D=3D?= X-OriginatorOrg: corigine.com X-MS-Exchange-CrossTenant-Network-Message-Id: ae704a03-8b8c-48e2-d673-08db637c2c1e X-MS-Exchange-CrossTenant-AuthSource: PH0PR13MB4842.namprd13.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jun 2023 15:15:17.2277 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: fe128f2c-073b-4c20-818e-7246a585940c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: eXvoIGFWYI6yz2X5ZMpJKuRYPm4m/B8nbq7M5WHAMgrvQB4+R8+nYwXyvp+tNMsJBkEC4Oh+vw1KAFXd6mE9JWzr5wODoThoZtyEkBXeBLg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR13MB6220 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org + Xin Long On Thu, Jun 01, 2023 at 11:47:54PM +0530, Ashwin Dayanand Kamat wrote: > MD5 is not FIPS compliant. But still md5 was used as the > default algorithm for sctp if fips was enabled. > Due to this, listen() system call in ltp tests was > failing for sctp in fips environment, with below error message. > > [ 6397.892677] sctp: failed to load transform for md5: -2 > > Fix is to not assign md5 as default algorithm for sctp > if fips_enabled is true. Instead make sha1 as default algorithm. > The issue fixes ltp testcase failure "cve-2018-5803 sctp_big_chunk" > > Signed-off-by: Ashwin Dayanand Kamat > --- > v3: > * Resolved hunk failures. > * Changed the ratelimited notice to be more meaningful. > * Used ternary condition for if/else condtion. > v2: > * The listener can still fail if fips mode is enabled after > that the netns is initialized. > * Fixed this in sctp_listen_start() as suggested by > Paolo Abeni FWIIW, this seems reasonable to me. Reviewed-by: Simon Horman