review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Eric Biggers <ebiggers@google.com>
	Wed, 10 Jun 2020 16:14:37 +0000 (09:14 -0700)
committer	Steffen Klassert <steffen.klassert@secunet.com>
	Mon, 15 Jun 2020 04:52:16 +0000 (06:52 +0200)
commit	be01369859b8aa07346e497381bb46d377da0d8c
tree	09d6de8bc19609c6849169fa495ef451e270d8bb	tree \| snapshot
parent	37ea0f18fb19e0646c166037043232915cd9e995	commit \| diff

esp, ah: modernize the crypto algorithm selections

The crypto algorithms selected by the ESP and AH kconfig options are
out-of-date with the guidance of RFC 8221, which lists the legacy
algorithms MD5 and DES as "MUST NOT" be implemented, and some more
modern algorithms like AES-GCM and HMAC-SHA256 as "MUST" be implemented.
But the options select the legacy algorithms, not the modern ones.

Therefore, modify these options to select the MUST algorithms --
and *only* the MUST algorithms.

Also improve the help text.

Note that other algorithms may still be explicitly enabled in the
kconfig, and the choice of which to actually use is still controlled by
userspace. This change only modifies the list of algorithms for which
kernel support is guaranteed to be present.

Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
Suggested-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Corentin Labbe <clabbe@baylibre.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

net/ipv4/Kconfig		diff \| blob \| history
net/ipv6/Kconfig		diff \| blob \| history
net/xfrm/Kconfig		diff \| blob \| history