[LTP] [PATCH v2 1/1] tst_af_alg: Another fix for disabled weak cipher
Petr Vorel
pvorel@suse.cz
Tue Jan 11 07:44:33 CET 2022
Hi Herbert,
> On Tue, Jan 04, 2022 at 12:54:46PM +0100, Petr Vorel wrote:
> > Hi all,
> > [Cc Herbert and Eric ]
> > FYI Herbert's view for using ELIBBAD instead of ENOENT (reply to Eric's question
> > whether using ELIBBAD in kernel is a good approach or bug) [1]:
> > "For the purpose of identifying FIPS-disabled algorithm (as opposed
> > to an algorithm that's not enabled in the kernel at all), I think
> > it is perfectly safe to use ELIBBAD instead of ENOENT in user-space."
> > I suppose that's justify my proposed changes (i.e. testing also ELIBBAD when
> > fips enabled).
> > @Herbert if you care, you can post your Acked-by: tag.
> Please hold the horses on this patch.
I'm sorry, too late, already merged. But never mind, LTP is not tight to
particular kernel version (we tried to cover also very old releases), thus the
old releases will be covered with this commit, never ones with the default check
for ENOENT (regardless FIPS).
> I'm about to post a series of patches that aims to disable algorithms
> such as sha1 in FIPS mode while still allowing compound algorithms such
> as hmac(sha1) to work.
Thanks for notifying.
> As a result of this series, ENOENT will again be returned for FIPS-
> disallowed algorithms when in FIPS mode.
Kind regards,
Petr
More information about the ltp
mailing list