[LTP] [PATCH] sctp_big_chunk: Do not use md5 hmac algo if fips is enabled

Ashwin Dayanand Kamat kashwindayan@vmware.com
Wed Jun 21 16:22:41 CEST 2023 

> On 21-Jun-2023, at 6:18 PM, Petr Vorel <pvorel@suse.cz> wrote:
>
> !! External Email
>
>> Hi Ashwin,
>
>>>> Out of curiosity, which errno is reported on listen?
>
>>>> In our case in FIPS ENOSYS is returned, thus handled as TCONF.
>
>>> I am seeing the ENOSYS (38) error and it’s true that it is handled as TCONF. The intention of the patch is to fix the same.
>
>> TCONF means skipped, i.e. OK. I suppose your patch allows to do testing, which
>> is an enhancement. But, at least on one FIPS system I get failure due missing
>> proc file:
>
>> tst_fips.c:22: TINFO: FIPS: on
>> sctp_big_chunk.c:153: TBROK: Failed to open FILE '/proc/sys/net/sctp/cookie_hmac_alg' for reading: ENOENT (2)
>
> OK, this problem is on all systems which haven't used sctp so far. We really
> need to somehow modprobe sctp before reading /proc/sys/net/sctp/cookie_hmac_alg.
> Maybe using .needs_drivers?
>
> Kind regards,
> Petr
>

Thank you for your valuable input. I will look into these and handle accordingly in next patchset.

Regards,
Ashwin

>> The system has CONFIG_IP_SCTP=m, I don't know why module is not loaded.
>> Maybe it's not installed on the system (would require package with extra
>> modules), but still this would be a regression, we should check for presence of
>> the file.
>
>> NOTE We have .save_restore [1] helper, generally we'd use it with
>> TST_SR_TCONF_MISSING, but in this case I'd use access() to check,
>> because whole SAFE_FILE_SCANF() should be applied only when needed
>> (in tst_fips_enabled()).
>
>> Kind regards,
>> Petr
>
>> [1] https://github.com/linux-test-project/ltp/wiki/C-Test-API#127-saving--restoring-procsys-values <https://github.com/linux-test-project/ltp/wiki/C-Test-API#127-saving--restoring-procsys-values> <https://github.com/linux-test-project/ltp/wiki/C-Test-API#127-saving--restoring-procsys-values> <https://github.com/linux-test-project/ltp/wiki/C-Test-API#127-saving--restoring-procsys-values>>
>
>>> Thanks,
>>> Ashwin
>
> !! External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender.

More information about the ltp mailing list