From: Petr Vorel <pvorel@suse.cz>
To: Ashwin Dayanand Kamat <kashwindayan@vmware.com>
Cc: Tapas Kundu <tkundu@vmware.com>, Ajay Kaher <akaher@vmware.com>,
Vasavi Sirnapalli <vsirnapalli@vmware.com>,
"ltp@lists.linux.it" <ltp@lists.linux.it>
Subject: Re: [LTP] [PATCH] sctp_big_chunk: Do not use md5 hmac algo if fips is enabled
Date: Wed, 21 Jun 2023 10:17:11 +0200 [thread overview]
Message-ID: <20230621081711.GA361973@pevik> (raw)
In-Reply-To: <01C96D39-2B2E-44EB-A5D7-41BF26D2C2AC@vmware.com>
Hi Ashwin,
> > Out of curiosity, which errno is reported on listen?
> > In our case in FIPS ENOSYS is returned, thus handled as TCONF.
> I am seeing the ENOSYS (38) error and it’s true that it is handled as TCONF. The intention of the patch is to fix the same.
TCONF means skipped, i.e. OK. I suppose your patch allows to do testing, which
is an enhancement. But, at least on one FIPS system I get failure due missing
proc file:
tst_fips.c:22: TINFO: FIPS: on
sctp_big_chunk.c:153: TBROK: Failed to open FILE '/proc/sys/net/sctp/cookie_hmac_alg' for reading: ENOENT (2)
The system has CONFIG_IP_SCTP=m, I don't know why module is not loaded.
Maybe it's not installed on the system (would require package with extra
modules), but still this would be a regression, we should check for presence of
the file.
NOTE We have .save_restore [1] helper, generally we'd use it with
TST_SR_TCONF_MISSING, but in this case I'd use access() to check,
because whole SAFE_FILE_SCANF() should be applied only when needed
(in tst_fips_enabled()).
Kind regards,
Petr
[1] https://github.com/linux-test-project/ltp/wiki/C-Test-API#127-saving--restoring-procsys-values
> Thanks,
> Ashwin
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2023-06-21 8:17 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-20 17:03 [LTP] [PATCH] sctp_big_chunk: Do not use md5 hmac algo if fips is enabled Ashwin Dayanand Kamat via ltp
2023-06-20 22:24 ` Petr Vorel
2023-06-20 22:26 ` Petr Vorel
2023-06-21 5:53 ` Ashwin Dayanand Kamat via ltp
2023-06-21 8:17 ` Petr Vorel [this message]
2023-06-21 12:48 ` Petr Vorel
2023-06-21 14:15 ` Ashwin Dayanand Kamat via ltp
[not found] ` <442F1FEF-AA44-4CC8-9809-6D99912CD063@vmware.com>
[not found] ` <B4BE4EDF-B94F-49F0-A624-CF2810A4E112@vmware.com>
2023-06-21 14:22 ` Ashwin Dayanand Kamat via ltp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230621081711.GA361973@pevik \
--to=pvorel@suse.cz \
--cc=akaher@vmware.com \
--cc=kashwindayan@vmware.com \
--cc=ltp@lists.linux.it \
--cc=tkundu@vmware.com \
--cc=vsirnapalli@vmware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.