Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp114594ybg; Tue, 9 Jun 2020 18:02:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxnOtRnaXd+BGWNCfsfCcUKM4iwC6OtYZEe5/59Jp8ZHFbObzu0KOyzOMbo2r+8BddFcaRZ X-Received: by 2002:a50:eacb:: with SMTP id u11mr398745edp.162.1591750943352; Tue, 09 Jun 2020 18:02:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591750943; cv=none; d=google.com; s=arc-20160816; b=HwrxaUzqlPKhYVcMX2EK5VdMr2Fhra5q+H8U3BvD+fivz58stRKE1SQuzHJcwkq5sN 11BinhMGVrU8hCnOI/OLvkEzSOxRgcvxhEEa35XO5eq8HcJj6IZUK3g6wQZrJnU5DlXB 5r5d8HLQ1h91Q5aSnA7M/VFgFy0EcxXOFwQveBBiWRQFQIDL+TFkGk3CPOGjP5xB7o95 f446XgErsgohW2Nu+GvvS1TqJSMDSDRdzNMFZOwYJJQ+o7qy2cVi8+4KryAErk42ul9E lvDm+ZCfmBCpRzsp3s1Bi8k63rRF2HQaONUNirV9xexp3CSkaNAOrQc5dUqrmuh5f0CD TYFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=ugqIFc63qo6dn35qpMhWXNYuJN1SyQ7E++C0nz25mys=; b=bJG3/1bF/xna2LwHMBYOI5O6a9CqsaH94AGhO9p9fdtvbnsCdZr9+I9RKnH4PkUX0O UwiyBT2kBi6PkY4V76a2q2JmU/Ru8IElc90j7S8VzEqNLxJjU5RDkSc4dsNiAZJZfmp3 Rzt2QuJfzKakGpmgRm9Me7QgV9IFK78IJoCU4oranEo+n6dEW6UUTs+rMGESWIQ/rdVq lDJnM8Sn+CPPyX5Ub0Pzu9NOmRUxDqiiLlMdYXXrF9StlBCqfzv6rZrTTHsuwmP5WR5G UmxGy9JlvfqruMQOi0EPpw0W6vIm1mfziyBWvJGUiMoy49Eu/ic5DvNHcc6pVbWsTo8J 5E4g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b14si11967865eju.419.2020.06.09.18.02.00; Tue, 09 Jun 2020 18:02:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725948AbgFJBBO (ORCPT + 99 others); Tue, 9 Jun 2020 21:01:14 -0400 Received: from helcar.hmeau.com ([216.24.177.18]:59176 "EHLO fornost.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725944AbgFJBBN (ORCPT ); Tue, 9 Jun 2020 21:01:13 -0400 Received: from gwarestrin.arnor.me.apana.org.au ([192.168.0.7]) by fornost.hmeau.com with smtp (Exim 4.92 #5 (Debian)) id 1jip78-0007ig-Iy; Wed, 10 Jun 2020 11:01:11 +1000 Received: by gwarestrin.arnor.me.apana.org.au (sSMTP sendmail emulation); Wed, 10 Jun 2020 11:01:10 +1000 Date: Wed, 10 Jun 2020 11:01:10 +1000 From: Herbert Xu To: Eric Biggers Cc: netdev@vger.kernel.org, linux-crypto@vger.kernel.org, Corentin Labbe , Greg Kroah-Hartman , Steffen Klassert Subject: Re: [PATCH net v3 3/3] esp, ah: modernize the crypto algorithm selections Message-ID: <20200610010110.GC6380@gondor.apana.org.au> References: <20200610005402.152495-1-ebiggers@kernel.org> <20200610005402.152495-4-ebiggers@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200610005402.152495-4-ebiggers@kernel.org> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, Jun 09, 2020 at 05:54:02PM -0700, Eric Biggers wrote: > From: Eric Biggers > > The crypto algorithms selected by the ESP and AH kconfig options are > out-of-date with the guidance of RFC 8221, which lists the legacy > algorithms MD5 and DES as "MUST NOT" be implemented, and some more > modern algorithms like AES-GCM and HMAC-SHA256 as "MUST" be implemented. > But the options select the legacy algorithms, not the modern ones. > > Therefore, modify these options to select the MUST algorithms -- > and *only* the MUST algorithms. > > Also improve the help text. > > Suggested-by: Herbert Xu > Suggested-by: Steffen Klassert > Cc: Corentin Labbe > Cc: Greg Kroah-Hartman > Signed-off-by: Eric Biggers > --- > net/ipv4/Kconfig | 21 +++++++++++++++++++-- > net/ipv6/Kconfig | 21 +++++++++++++++++++-- > net/xfrm/Kconfig | 15 +++++++++------ > 3 files changed, 47 insertions(+), 10 deletions(-) Acked-by: Herbert Xu -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt