From: Petr Vorel <pvorel@suse.cz>
To: Ashwin Dayanand Kamat <kashwindayan@vmware.com>,
Tapas Kundu <tkundu@vmware.com>, Ajay Kaher <akaher@vmware.com>,
Vasavi Sirnapalli <vsirnapalli@vmware.com>,
"ltp@lists.linux.it" <ltp@lists.linux.it>
Subject: Re: [LTP] [PATCH] sctp_big_chunk: Do not use md5 hmac algo if fips is enabled
Date: Wed, 21 Jun 2023 14:48:20 +0200 [thread overview]
Message-ID: <20230621124820.GA464557@pevik> (raw)
In-Reply-To: <20230621081711.GA361973@pevik>
> Hi Ashwin,
> > > Out of curiosity, which errno is reported on listen?
> > > In our case in FIPS ENOSYS is returned, thus handled as TCONF.
> > I am seeing the ENOSYS (38) error and it’s true that it is handled as TCONF. The intention of the patch is to fix the same.
> TCONF means skipped, i.e. OK. I suppose your patch allows to do testing, which
> is an enhancement. But, at least on one FIPS system I get failure due missing
> proc file:
> tst_fips.c:22: TINFO: FIPS: on
> sctp_big_chunk.c:153: TBROK: Failed to open FILE '/proc/sys/net/sctp/cookie_hmac_alg' for reading: ENOENT (2)
OK, this problem is on all systems which haven't used sctp so far. We really
need to somehow modprobe sctp before reading /proc/sys/net/sctp/cookie_hmac_alg.
Maybe using .needs_drivers?
Kind regards,
Petr
> The system has CONFIG_IP_SCTP=m, I don't know why module is not loaded.
> Maybe it's not installed on the system (would require package with extra
> modules), but still this would be a regression, we should check for presence of
> the file.
> NOTE We have .save_restore [1] helper, generally we'd use it with
> TST_SR_TCONF_MISSING, but in this case I'd use access() to check,
> because whole SAFE_FILE_SCANF() should be applied only when needed
> (in tst_fips_enabled()).
> Kind regards,
> Petr
> [1] https://github.com/linux-test-project/ltp/wiki/C-Test-API#127-saving--restoring-procsys-values
> > Thanks,
> > Ashwin
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2023-06-21 12:48 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-20 17:03 [LTP] [PATCH] sctp_big_chunk: Do not use md5 hmac algo if fips is enabled Ashwin Dayanand Kamat via ltp
2023-06-20 22:24 ` Petr Vorel
2023-06-20 22:26 ` Petr Vorel
2023-06-21 5:53 ` Ashwin Dayanand Kamat via ltp
2023-06-21 8:17 ` Petr Vorel
2023-06-21 12:48 ` Petr Vorel [this message]
2023-06-21 14:15 ` Ashwin Dayanand Kamat via ltp
[not found] ` <442F1FEF-AA44-4CC8-9809-6D99912CD063@vmware.com>
[not found] ` <B4BE4EDF-B94F-49F0-A624-CF2810A4E112@vmware.com>
2023-06-21 14:22 ` Ashwin Dayanand Kamat via ltp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230621124820.GA464557@pevik \
--to=pvorel@suse.cz \
--cc=akaher@vmware.com \
--cc=kashwindayan@vmware.com \
--cc=ltp@lists.linux.it \
--cc=tkundu@vmware.com \
--cc=vsirnapalli@vmware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.