From: Petr Vorel <pvorel@suse.cz>
To: Ashwin Dayanand Kamat <kashwindayan@vmware.com>,
Tapas Kundu <tkundu@vmware.com>, Ajay Kaher <akaher@vmware.com>,
Vasavi Sirnapalli <vsirnapalli@vmware.com>,
"ltp@lists.linux.it" <ltp@lists.linux.it>
Subject: Re: [LTP] [PATCH] sctp_big_chunk: Do not use md5 hmac algo if fips is enabled
Date: Wed, 21 Jun 2023 14:48:20 +0200 [thread overview]
Message-ID: <20230621124820.GA464557@pevik> (raw)
In-Reply-To: <20230621081711.GA361973@pevik>
> Hi Ashwin,
> > > Out of curiosity, which errno is reported on listen?
> > > In our case in FIPS ENOSYS is returned, thus handled as TCONF.
> > I am seeing the ENOSYS (38) error and it’s true that it is handled as TCONF. The intention of the patch is to fix the same.
> TCONF means skipped, i.e. OK. I suppose your patch allows to do testing, which
> is an enhancement. But, at least on one FIPS system I get failure due missing
> proc file:
> tst_fips.c:22: TINFO: FIPS: on
> sctp_big_chunk.c:153: TBROK: Failed to open FILE '/proc/sys/net/sctp/cookie_hmac_alg' for reading: ENOENT (2)
OK, this problem is on all systems which haven't used sctp so far. We really
need to somehow modprobe sctp before reading /proc/sys/net/sctp/cookie_hmac_alg.
Maybe using .needs_drivers?
Kind regards,
Petr
> The system has CONFIG_IP_SCTP=m, I don't know why module is not loaded.
> Maybe it's not installed on the system (would require package with extra
> modules), but still this would be a regression, we should check for presence of
> the file.
> NOTE We have .save_restore [1] helper, generally we'd use it with
> TST_SR_TCONF_MISSING, but in this case I'd use access() to check,
> because whole SAFE_FILE_SCANF() should be applied only when needed
> (in tst_fips_enabled()).
> Kind regards,
> Petr
> [1] https://github.com/linux-test-project/ltp/wiki/C-Test-API#127-saving--restoring-procsys-values
> > Thanks,
> > Ashwin
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2023-06-21 12:48 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-20 17:03 [LTP] [PATCH] sctp_big_chunk: Do not use md5 hmac algo if fips is enabled Ashwin Dayanand Kamat via ltp
2023-06-20 22:24 ` Petr Vorel
2023-06-20 22:26 ` Petr Vorel
2023-06-21 5:53 ` Ashwin Dayanand Kamat via ltp
2023-06-21 8:17 ` Petr Vorel
2023-06-21 12:48 ` Petr Vorel [this message]
2023-06-21 14:15 ` Ashwin Dayanand Kamat via ltp
[not found] ` <442F1FEF-AA44-4CC8-9809-6D99912CD063@vmware.com>
[not found] ` <B4BE4EDF-B94F-49F0-A624-CF2810A4E112@vmware.com>
2023-06-21 14:22 ` Ashwin Dayanand Kamat via ltp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230621124820.GA464557@pevik \
--to=pvorel@suse.cz \
--cc=akaher@vmware.com \
--cc=kashwindayan@vmware.com \
--cc=ltp@lists.linux.it \
--cc=tkundu@vmware.com \
--cc=vsirnapalli@vmware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox