[LTP] [PATCH v3 2/2] tst_af_alg: TCONF on ciphers disabled by FIPS
Eric Biggers
ebiggers@kernel.org
Wed Jan 5 16:04:07 CET 2022
On Wed, Dec 22, 2021 at 08:26:04PM +0100, Petr Vorel wrote:
> Similar fix to 4fa302ef9d. It fixes:
>
> ./af_alg01
> tst_af_alg.c:84: TBROK: unexpected error binding AF_ALG socket to hash algorithm 'md5': ELIBBAD (80)
> become
> tst_fips.c:22: TINFO: FIPS: on
> tst_af_alg.c:111: TCONF: FIPS enabled => hash algorithm 'md5' disabled
> tst_fips.c:22: TINFO: FIPS: on
> tst_af_alg.c:111: TCONF: FIPS enabled => hash algorithm 'md5-generic' disabled
>
> ./af_alg02
> tst_af_alg.c:37: TBROK: unexpected error binding AF_ALG socket to skcipher algorithm 'salsa20': ELIBBAD (80)
> become
> tst_fips.c:22: TINFO: FIPS: on
> tst_af_alg.c:36: TCONF: FIPS enabled => skcipher algorithm 'salsa20' disabled
>
> ./af_alg04
> tst_af_alg.c:81: TBROK: unexpected error binding AF_ALG socket to hash algorithm 'vmac64(aes)': ELIBBAD (80)
> become
> tst_fips.c:22: TINFO: FIPS: on
> tst_af_alg.c:111: TCONF: FIPS enabled => hash algorithm 'vmac64(aes)' disabled
>
> Tested on Debian stable bullseye and SLES 15-SP4.
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> NOTE: I asked Herbert Xu for confirmation that my code understanding is
> correct and ELIBBAD is expected for ciphers disabled by FIPS.
Can you link to the mailing list thread where it was established that ELIBBAD is
the "expected" behavior? Otherwise I guess this is fine.
Reviewed-by: Eric Biggers <ebiggers@google.com>
- Eric
More information about the ltp
mailing list