[PATCH net-next v3 1/5] selftests: net: Explicitly enable CONFIG_CRYPTO_SHA1 for IPsec

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eric Biggers <ebiggers@kernel.org>
To: linux-sctp@vger.kernel.org, netdev@vger.kernel.org,
	Xin Long <lucien.xin@gmail.com>,
	Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Cc: linux-crypto@vger.kernel.org, Eric Biggers <ebiggers@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>, Florian Westphal <fw@strlen.de>
Subject: [PATCH net-next v3 1/5] selftests: net: Explicitly enable CONFIG_CRYPTO_SHA1 for IPsec
Date: Mon, 18 Aug 2025 13:54:22 -0700	[thread overview]
Message-ID: <20250818205426.30222-2-ebiggers@kernel.org> (raw)
In-Reply-To: <20250818205426.30222-1-ebiggers@kernel.org>

xfrm_policy.sh, nft_flowtable.sh, and vrf-xfrm-tests.sh use 'ip xfrm'
with SHA-1, either 'auth sha1' or 'auth-trunc hmac(sha1)'.  That
requires CONFIG_CRYPTO_SHA1, which CONFIG_INET_ESP intentionally doesn't
select (as per its help text).  Previously, the config for these tests
relied on CONFIG_CRYPTO_SHA1 being selected by the unrelated option
CONFIG_IP_SCTP.  Since CONFIG_IP_SCTP is being changed to no longer do
that, instead add CONFIG_CRYPTO_SHA1 to the configs explicitly.

Reported-by: Paolo Abeni <pabeni@redhat.com>
Closes: https://lore.kernel.org/r/766e4508-aaba-4cdc-92b4-e116e52ae13b@redhat.com
Suggested-by: Florian Westphal <fw@strlen.de>
Acked-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
---
 tools/testing/selftests/net/config           | 1 +
 tools/testing/selftests/net/netfilter/config | 1 +
 2 files changed, 2 insertions(+)

diff --git a/tools/testing/selftests/net/config b/tools/testing/selftests/net/config
index c24417d0047bb..d548611e2698e 100644
--- a/tools/testing/selftests/net/config
+++ b/tools/testing/selftests/net/config
@@ -24,10 +24,11 @@ CONFIG_VLAN_8021Q=y
 CONFIG_GENEVE=m
 CONFIG_IFB=y
 CONFIG_INET_DIAG=y
 CONFIG_INET_ESP=y
 CONFIG_INET_ESP_OFFLOAD=y
+CONFIG_CRYPTO_SHA1=y
 CONFIG_NET_FOU=y
 CONFIG_NET_FOU_IP_TUNNELS=y
 CONFIG_NETFILTER=y
 CONFIG_NETFILTER_ADVANCED=y
 CONFIG_NETFILTER_XTABLES_LEGACY=y
diff --git a/tools/testing/selftests/net/netfilter/config b/tools/testing/selftests/net/netfilter/config
index 79d5b33966ba1..305e46b819cbe 100644
--- a/tools/testing/selftests/net/netfilter/config
+++ b/tools/testing/selftests/net/netfilter/config
@@ -11,10 +11,11 @@ CONFIG_BRIDGE_NETFILTER=m
 CONFIG_BRIDGE_NF_EBTABLES=m
 CONFIG_BRIDGE_VLAN_FILTERING=y
 CONFIG_CGROUP_BPF=y
 CONFIG_DUMMY=m
 CONFIG_INET_ESP=m
+CONFIG_CRYPTO_SHA1=m
 CONFIG_IP_NF_MATCH_RPFILTER=m
 CONFIG_IP6_NF_MATCH_RPFILTER=m
 CONFIG_IP_NF_IPTABLES=m
 CONFIG_IP_NF_IPTABLES_LEGACY=m
 CONFIG_IP6_NF_IPTABLES=m
-- 
2.50.1

next prev parent reply	other threads:[~2025-08-18 20:57 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-08-18 20:54 [PATCH net-next v3 0/5] sctp: Convert to use crypto lib, and upgrade cookie auth Eric Biggers
2025-08-18 20:54 ` Eric Biggers [this message]
2025-08-18 20:54 ` [PATCH net-next v3 2/5] sctp: Fix MAC comparison to be constant-time Eric Biggers
2025-08-18 20:54 ` [PATCH net-next v3 3/5] sctp: Use HMAC-SHA1 and HMAC-SHA256 library for chunk authentication Eric Biggers
2025-08-18 20:54 ` [PATCH net-next v3 4/5] sctp: Convert cookie authentication to use HMAC-SHA256 Eric Biggers
2025-08-18 20:54 ` [PATCH net-next v3 5/5] sctp: Stop accepting md5 and sha1 for net.sctp.cookie_hmac_alg Eric Biggers
2025-08-20 15:00 ` [PATCH net-next v3 0/5] sctp: Convert to use crypto lib, and upgrade cookie auth patchwork-bot+netdevbpf

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c24417d0047b dfblob:d548611e2698 dfblob:79d5b33966ba
dfblob:305e46b819cb )
 OR (
bs:"[PATCH net-next v3 1/5] selftests: net: Explicitly enable CONFIG_CRYPTO_SHA1 for IPsec" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250818205426.30222-2-ebiggers@kernel.org \
    --to=ebiggers@kernel.org \
    --cc=fw@strlen.de \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-sctp@vger.kernel.org \
    --cc=lucien.xin@gmail.com \
    --cc=marcelo.leitner@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.