[LTP] [PATCH] sctp_big_chunk: Do not use md5 hmac algo if fips is enabled
Petr Vorel
pvorel@suse.cz
Wed Jun 21 10:17:11 CEST 2023
Hi Ashwin,
> > Out of curiosity, which errno is reported on listen?
> > In our case in FIPS ENOSYS is returned, thus handled as TCONF.
> I am seeing the ENOSYS (38) error and it’s true that it is handled as TCONF. The intention of the patch is to fix the same.
TCONF means skipped, i.e. OK. I suppose your patch allows to do testing, which
is an enhancement. But, at least on one FIPS system I get failure due missing
proc file:
tst_fips.c:22: TINFO: FIPS: on
sctp_big_chunk.c:153: TBROK: Failed to open FILE '/proc/sys/net/sctp/cookie_hmac_alg' for reading: ENOENT (2)
The system has CONFIG_IP_SCTP=m, I don't know why module is not loaded.
Maybe it's not installed on the system (would require package with extra
modules), but still this would be a regression, we should check for presence of
the file.
NOTE We have .save_restore [1] helper, generally we'd use it with
TST_SR_TCONF_MISSING, but in this case I'd use access() to check,
because whole SAFE_FILE_SCANF() should be applied only when needed
(in tst_fips_enabled()).
Kind regards,
Petr
[1] https://github.com/linux-test-project/ltp/wiki/C-Test-API#127-saving--restoring-procsys-values
> Thanks,
> Ashwin
More information about the ltp
mailing list