[LTP] [PATCH v2] sctp_big_chunk: Do not use md5 hmac algo if fips is enabled

[Ashwin Dayanand Kamat]

MD5 is not FIPS compliant. But still md5 is used as the default algorithm for sctp
even when fips is enabled. Due to this, sctp_big_chunk testcase is failing because listen()
system call in setup_server() is failing in fips environment.

Fix is to not use md5 algorithm while setting up server, instead set it to none

Signed-Off by: Ashwin Dayanand Kamat <kashwindayan@vmware.com>
----
v2:
As per the review comments given by Petr, did below changes in v2,
        * Moved the logic to sctp_server() function
        * Setting none as the default algo
        * make sure cookie_hmac_alg file is present before accessing it
---
 testcases/network/sctp/sctp_big_chunk.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/testcases/network/sctp/sctp_big_chunk.c b/testcases/network/sctp/sctp_big_chunk.c
index a6a326ea2..31786dd39 100644
--- a/testcases/network/sctp/sctp_big_chunk.c
+++ b/testcases/network/sctp/sctp_big_chunk.c
@@ -34,6 +34,24 @@ static int addr_num = 3273;
 
 static void setup_server(void)
 {
+	const char *const cmd_modprobe[] = {"modprobe", "sctp", NULL};
+	const char hmac_algo_path[] = "/proc/sys/net/sctp/cookie_hmac_alg";
+	char hmac_algo[CHAR_MAX];
+	int hmac_algo_changed = 0;
+
+	/* Disable md5 if fips is enabled. Set it to none */
+	if (tst_fips_enabled()) {
+		if (access(hmac_algo_path, F_OK) < 0) {
+			SAFE_CMD(cmd_modprobe, NULL, NULL);
+		}
+
+		if (!access(hmac_algo_path, F_OK)) {
+			SAFE_FILE_SCANF(hmac_algo_path, "%s", hmac_algo);
+			SAFE_FILE_PRINTF(hmac_algo_path, "%s", "none");
+			hmac_algo_changed = 1;
+		}
+	}
+
 	loc.sin6_family = AF_INET6;
 	loc.sin6_addr = in6addr_loopback;
 
@@ -46,6 +64,9 @@ static void setup_server(void)
 	SAFE_LISTEN(sfd, 1);
 
 	srand(port);
+
+	if (hmac_algo_changed)
+		SAFE_FILE_PRINTF(hmac_algo_path, "%s", hmac_algo);
 }
 
 static void update_packet_field(size_t *off, void *buf, size_t buf_len)
-- 
2.39.0