linux/net
Ard Biesheuvel e33d2a7b30 SUNRPC: remove RC4-HMAC-MD5 support from KerberosV
The RC4-HMAC-MD5 KerberosV algorithm is based on RFC 4757 [0], which
was specifically issued for interoperability with Windows 2000, but was
never intended to receive the same level of support. The RFC says

  The IETF Kerberos community supports publishing this specification as
  an informational document in order to describe this widely
  implemented technology.  However, while these encryption types
  provide the operations necessary to implement the base Kerberos
  specification [RFC4120], they do not provide all the required
  operations in the Kerberos cryptography framework [RFC3961].  As a
  result, it is not generally possible to implement potential
  extensions to Kerberos using these encryption types.  The Kerberos
  encryption type negotiation mechanism [RFC4537] provides one approach
  for using such extensions even when a Kerberos infrastructure uses
  long-term RC4 keys.  Because this specification does not implement
  operations required by RFC 3961 and because of security concerns with
  the use of RC4 and MD4 discussed in Section 8, this specification is
  not appropriate for publication on the standards track.

  The RC4-HMAC encryption types are used to ease upgrade of existing
  Windows NT environments, provide strong cryptography (128-bit key
  lengths), and provide exportable (meet United States government
  export restriction requirements) encryption.  This document describes
  the implementation of those encryption types.

Furthermore, this RFC was re-classified as 'historic' by RFC 8429 [1] in
2018, stating that 'none of the encryption types it specifies should be
used'

Note that other outdated algorithms are left in place (some of which are
guarded by CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES), so this should only
adversely affect interoperability with Windows NT/2000 systems that have
not received any updates since 2008 (but are connected to a network
nonetheless)

[0] https://tools.ietf.org/html/rfc4757
[1] https://tools.ietf.org/html/rfc8429

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-09-11 14:39:15 +10:00
..
6lowpan treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
9p 9p pull request for inclusion in 5.9 2020-08-15 08:34:36 -07:00
802
8021q net: get rid of lockdep_set_class_and_subclass() 2020-06-28 21:37:23 -07:00
appletalk appletalk: Fix atalk_proc_init() return path 2020-08-03 15:48:32 -07:00
atm mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-07-25 17:49:04 -07:00
batman-adv batman-adv: Introduce a configurable per interface hop penalty 2020-06-26 10:37:11 +02:00
bluetooth mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
bpf bpf: Allow to specify ifindex for skb in bpf_prog_test_run_skb 2020-08-03 23:32:23 +02:00
bpfilter Merge branch 'exec-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2020-08-04 14:27:25 -07:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-08-05 20:13:21 -07:00
caif net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
can net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
ceph libceph: replace HTTP links with HTTPS ones 2020-08-03 11:05:26 +02:00
core Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-08-13 20:03:11 -07:00
dcb dcb_doit: remove redundant skb check 2020-06-23 20:27:09 -07:00
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-08-05 20:13:21 -07:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2020-08-03 16:03:18 -07:00
dns_resolver
dsa net: dsa: stop overriding master's ndo_get_phys_port_name 2020-07-23 15:14:58 -07:00
ethernet
ethtool mlx5-updates-2020-08-03 2020-08-03 18:24:30 -07:00
hsr hsr: Use %pM format specifier for MAC addresses 2020-07-31 16:46:26 -07:00
ieee802154 net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
ife
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-08-13 20:03:11 -07:00
ipv6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-08-05 20:13:21 -07:00
iucv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-08-05 20:13:21 -07:00
kcm net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
key Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-08-02 01:02:12 -07:00
l2tp l2tp: improve API documentation in l2tp_core.h 2020-07-30 16:45:31 -07:00
l3mdev l3mdev: add infrastructure for table to VRF mapping 2020-06-20 17:22:22 -07:00
lapb treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
llc net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
mac80211 mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
mac802154 mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
mpls net: Removed the device type check to add mpls support for devices 2020-07-27 11:40:47 -07:00
mptcp mptcp: fix warn at shutdown time for unaccepted msk sockets 2020-08-07 17:26:16 -07:00
ncsi net/ncsi: use eth_zero_addr() to clear mac address 2020-07-23 11:49:41 -07:00
netfilter A set of locking fixes and updates: 2020-08-10 19:07:44 -07:00
netlabel net: netlabel: kerneldoc fixes 2020-07-13 17:20:40 -07:00
netlink - Add support to enable/disable the thermal zones resulting on core code and 2020-08-06 18:10:55 -07:00
netrom net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
nfc net/nfc/rawsock.c: add CAP_NET_RAW check. 2020-08-11 10:34:30 -07:00
nsh treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
openvswitch net: openvswitch: introduce common code for flushing flows 2020-08-13 15:53:30 -07:00
packet af_packet: TPACKET_V3: fix fill status rwlock imbalance 2020-08-13 15:37:30 -07:00
phonet net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
psample
qrtr Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-07-25 17:49:04 -07:00
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-08-02 01:02:12 -07:00
rfkill
rose net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-08-02 01:02:12 -07:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-08-05 20:13:21 -07:00
sctp mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
smc net/smc: unique reason code for exceeded max dmb count 2020-07-27 10:30:01 -07:00
strparser
sunrpc SUNRPC: remove RC4-HMAC-MD5 support from KerberosV 2020-09-11 14:39:15 +10:00
switchdev net: switchdev: kerneldoc fixes 2020-07-13 17:20:40 -07:00
tipc mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
tls net/tls: Fix kmap usage 2020-08-11 10:20:34 -07:00
unix net: make ->{get,set}sockopt in proto_ops optional 2020-07-19 18:16:41 -07:00
vmw_vsock vsock: fix potential null pointer dereference in vsock_poll() 2020-08-12 12:56:06 -07:00
wimax
wireless mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
x25 net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
xdp xdp: Prevent kernel-infoleak in xsk_getsockopt() 2020-07-28 12:50:15 +02:00
xfrm A set of locking fixes and updates: 2020-08-10 19:07:44 -07:00
compat.c net/scm: Fix typo in SCM_RIGHTS compat refactoring 2020-08-07 12:43:25 -07:00
devres.c net: devres: rename the release callback of devm_register_netdev() 2020-06-30 15:57:34 -07:00
Kconfig net: ethtool: Remove PHYLIB direct dependency 2020-07-07 15:41:05 -07:00
Makefile
socket.c net: Revert "net: optimize the sockptr_t for unified kernel/user address spaces" 2020-08-10 12:06:44 -07:00
sysctl_net.c