[LTP] [PATCH v2 1/1] tst_af_alg: Another fix for disabled weak cipher
Herbert Xu
herbert@gondor.apana.org.au
Tue Jan 11 06:29:00 CET 2022
On Tue, Jan 04, 2022 at 12:54:46PM +0100, Petr Vorel wrote:
> Hi all,
>
> [Cc Herbert and Eric ]
>
> FYI Herbert's view for using ELIBBAD instead of ENOENT (reply to Eric's question
> whether using ELIBBAD in kernel is a good approach or bug) [1]:
>
> "For the purpose of identifying FIPS-disabled algorithm (as opposed
> to an algorithm that's not enabled in the kernel at all), I think
> it is perfectly safe to use ELIBBAD instead of ENOENT in user-space."
>
> I suppose that's justify my proposed changes (i.e. testing also ELIBBAD when
> fips enabled).
>
> @Herbert if you care, you can post your Acked-by: tag.
Please hold the horses on this patch.
I'm about to post a series of patches that aims to disable algorithms
such as sha1 in FIPS mode while still allowing compound algorithms such
as hmac(sha1) to work.
As a result of this series, ENOENT will again be returned for FIPS-
disallowed algorithms when in FIPS mode.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the ltp
mailing list