[LTP] [PATCH] sctp_big_chunk: Do not use md5 hmac algo if fips is enabled

Ashwin Dayanand Kamat kashwindayan@vmware.com
Wed Jun 21 16:15:37 CEST 2023 


On 21-Jun-2023, at 6:18 PM, Petr Vorel <pvorel@suse.cz<mailto:pvorel@suse.cz>> wrote:

!! External Email

Hi Ashwin,

Out of curiosity, which errno is reported on listen?

In our case in FIPS ENOSYS is returned, thus handled as TCONF.

I am seeing the ENOSYS (38) error and it’s true that it is handled as TCONF. The intention of the patch is to fix the same.

TCONF means skipped, i.e. OK. I suppose your patch allows to do testing, which
is an enhancement. But, at least on one FIPS system I get failure due missing
proc file:

tst_fips.c:22: TINFO: FIPS: on
sctp_big_chunk.c:153: TBROK: Failed to open FILE '/proc/sys/net/sctp/cookie_hmac_alg' for reading: ENOENT (2)

OK, this problem is on all systems which haven't used sctp so far. We really
need to somehow modprobe sctp before reading /proc/sys/net/sctp/cookie_hmac_alg.
Maybe using .needs_drivers?

Thank you for your valuable input. I will look into these and handle it
accordingly in the next patch.

Kind regards,
Ashwin Kamat
Kind regards,
Petr

The system has CONFIG_IP_SCTP=m, I don't know why module is not loaded.
Maybe it's not installed on the system (would require package with extra
modules), but still this would be a regression, we should check for presence of
the file.

NOTE We have .save_restore [1] helper, generally we'd use it with
TST_SR_TCONF_MISSING, but in this case I'd use access() to check,
because whole SAFE_FILE_SCANF() should be applied only when needed
(in tst_fips_enabled()).

Kind regards,
Petr

[1] https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Flinux-test-project%2Fltp%2Fwiki%2FC-Test-API%23127-saving--restoring-procsys-values&data=05%7C01%7Ckashwindayan%40vmware.com%7C2db661163d9a47a4720308db7255ccb5%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C638229485080061558%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=KfYPwUd%2FyEyfHC0AN%2BHv32qWUGa3I3V%2BTnQ0KuGQoLQ%3D&reserved=0<https://github.com/linux-test-project/ltp/wiki/C-Test-API#127-saving--restoring-procsys-values>

Thanks,
Ashwin

!! External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender.

More information about the ltp mailing list