[LTP] [PATCH v2 1/1] tst_af_alg: Another fix for disabled weak cipher

Cyril Hrubis chrubis@suse.cz
Wed Dec 22 17:01:03 CET 2021


Hi!
> OK, this would not work for af_alg03.c, where false positive TCONF would be
> printed:
> tst_test.c:1426: TINFO: Timeout per run is 0h 05m 00s
> tst_af_alg.c:81: TCONF: kernel doesn't have aead algorithm 'rfc7539(chacha20,sha256)'
> af_alg03.c:24: TPASS: couldn't instantiate rfc7539 template with wrong digest size

Hmm, so af_alg actually passes wrong data to the tst_have_alg() on
purpose.

I guess that if we want to move the TCONF to the library we either have
to add a flag to the function or split it into a two. Not sure which one
is actually better.

Maybe we should split it into two functions, one that wouldn't do
anything but return the errno and one that would switch over that errno
and print messages as well. Something as:


int tst_try_alg(const char *algtype, const char *algname)
{
	...
	int retval = 0;

	if (ret != 0)
		retval = errno;

	close(algfd);
	return retval;
}


bool tst_have_alg(const char *algtype, const char *algname)
{
	ret = tst_try_alg(algtype, algname);

	switch (ret) {
	case 0:
		return true;
	case ENOENT:
		tst_res(TCONF, ...);
		return false;
	case ELIBBAD:
		if (tst_fips_enabled())
			return false;
	/* fallthrough */
	default:
		errno = ret;
		tst_brk(TBROK | TERRNO, ...);
	break;
	}
}


The the af_alg03 can call tst_try_alg() and check if the retval is
ENOENT.

-- 
Cyril Hrubis
chrubis@suse.cz


More information about the ltp mailing list