[LTP] [PATCH v2 1/1] tst_af_alg: Another fix for disabled weak cipher
Petr Vorel
pvorel@suse.cz
Wed Dec 22 17:49:38 CET 2021
Hi Eric,
> Hi!
> > OK, this would not work for af_alg03.c, where false positive TCONF would be
> > printed:
> > tst_test.c:1426: TINFO: Timeout per run is 0h 05m 00s
> > tst_af_alg.c:81: TCONF: kernel doesn't have aead algorithm 'rfc7539(chacha20,sha256)'
> > af_alg03.c:24: TPASS: couldn't instantiate rfc7539 template with wrong digest size
> Hmm, so af_alg actually passes wrong data to the tst_have_alg() on
> purpose.
> I guess that if we want to move the TCONF to the library we either have
> to add a flag to the function or split it into a two. Not sure which one
> is actually better.
I was thinking of both (preferred split), but wasn't sure if it's worth of just
just to filter out "tst_fips.c:22: TINFO: FIPS: on" output.
> Maybe we should split it into two functions, one that wouldn't do
> anything but return the errno and one that would switch over that errno
> and print messages as well. Something as:
> int tst_try_alg(const char *algtype, const char *algname)
> {
> ...
> int retval = 0;
> if (ret != 0)
> retval = errno;
> close(algfd);
> return retval;
> }
> bool tst_have_alg(const char *algtype, const char *algname)
> {
> ret = tst_try_alg(algtype, algname);
> switch (ret) {
> case 0:
> return true;
> case ENOENT:
> tst_res(TCONF, ...);
> return false;
> case ELIBBAD:
> if (tst_fips_enabled())
> return false;
> /* fallthrough */
> default:
> errno = ret;
> tst_brk(TBROK | TERRNO, ...);
> break;
> }
> }
> The the af_alg03 can call tst_try_alg() and check if the retval is
> ENOENT.
This looks good, thx! Simple enough to merge directly, but I'll send v3.
Kind regards,
Petr
More information about the ltp
mailing list