[LTP] [PATCH] sctp_big_chunk: Do not use md5 hmac algo if fips is enabled
Petr Vorel
pvorel@suse.cz
Wed Jun 21 14:48:20 CEST 2023
> Hi Ashwin,
> > > Out of curiosity, which errno is reported on listen?
> > > In our case in FIPS ENOSYS is returned, thus handled as TCONF.
> > I am seeing the ENOSYS (38) error and it’s true that it is handled as TCONF. The intention of the patch is to fix the same.
> TCONF means skipped, i.e. OK. I suppose your patch allows to do testing, which
> is an enhancement. But, at least on one FIPS system I get failure due missing
> proc file:
> tst_fips.c:22: TINFO: FIPS: on
> sctp_big_chunk.c:153: TBROK: Failed to open FILE '/proc/sys/net/sctp/cookie_hmac_alg' for reading: ENOENT (2)
OK, this problem is on all systems which haven't used sctp so far. We really
need to somehow modprobe sctp before reading /proc/sys/net/sctp/cookie_hmac_alg.
Maybe using .needs_drivers?
Kind regards,
Petr
> The system has CONFIG_IP_SCTP=m, I don't know why module is not loaded.
> Maybe it's not installed on the system (would require package with extra
> modules), but still this would be a regression, we should check for presence of
> the file.
> NOTE We have .save_restore [1] helper, generally we'd use it with
> TST_SR_TCONF_MISSING, but in this case I'd use access() to check,
> because whole SAFE_FILE_SCANF() should be applied only when needed
> (in tst_fips_enabled()).
> Kind regards,
> Petr
> [1] https://github.com/linux-test-project/ltp/wiki/C-Test-API#127-saving--restoring-procsys-values
> > Thanks,
> > Ashwin
More information about the ltp
mailing list