[LTP] [PATCH 1/1] tst_af_alg: Another fix for disabled weak cyphers
Cyril Hrubis
chrubis@suse.cz
Thu Dec 16 14:07:59 CET 2021
Hi!
> e.g. md5 and sm3 on enabled FIPS (fips=1 on cmdline) on SLES 15-SP4.
> Similar fix to 4fa302ef9d. It fixes:
>
> tst_af_alg.c:84: TBROK: unexpected error binding AF_ALG socket to hash algorithm 'md5': ELIBBAD (80)
That's strange choice of errno, ELIBBAD usually means corrupted ELF
file, it looks like this comes from kernel fucntion crypto_alg_lookup()
if the __crypto_alg_lookup() returns alg structure but the
CRYPTO_ALG_LARVAL bit is not set. Unfortunatelly I have no idea what
that really means. Have you confirmed with someone who understands the
code that these cipers are intentionally disabled and that this errno is
to be expected? And even if that is so we should skip the test on fips
mode only...
> become
> af_alg01.c:26: TCONF: kernel doesn't have hash algorithm 'md5'
> af_alg01.c:26: TCONF: kernel doesn't have hash algorithm 'md5-generic'
> ...
> af_alg01.c:26: TCONF: kernel doesn't have hash algorithm 'sm3'
> af_alg01.c:26: TCONF: kernel doesn't have hash algorithm 'sm3-generic'
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> lib/tst_af_alg.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/tst_af_alg.c b/lib/tst_af_alg.c
> index 05caa63016..e1cb480f77 100644
> --- a/lib/tst_af_alg.c
> +++ b/lib/tst_af_alg.c
> @@ -77,7 +77,7 @@ bool tst_have_alg(const char *algtype, const char *algname)
>
> ret = bind(algfd, (const struct sockaddr *)&addr, sizeof(addr));
> if (ret != 0) {
> - if (errno != ENOENT) {
> + if (errno != ENOENT && errno != ELIBBAD) {
> tst_brk(TBROK | TERRNO,
> "unexpected error binding AF_ALG socket to %s algorithm '%s'",
> algtype, algname);
> --
> 2.34.1
>
--
Cyril Hrubis
chrubis@suse.cz
More information about the ltp
mailing list