From: Eric Biggers <ebiggers@kernel.org>
To: Petr Vorel <pvorel@suse.cz>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH v2 1/1] tst_af_alg: Another fix for disabled weak cipher
Date: Wed, 22 Dec 2021 09:31:37 -0600 [thread overview]
Message-ID: <YcNE2Yt4zLs4ayz7@quark> (raw)
In-Reply-To: <20211220212756.13510-1-pvorel@suse.cz>
On Mon, Dec 20, 2021 at 10:27:56PM +0100, Petr Vorel wrote:
> tst_af_alg.c:84: TBROK: unexpected error binding AF_ALG socket to hash algorithm 'md5': ELIBBAD (80)
This seems like a kernel bug; shouldn't the kernel report ENOENT for the
algorithms that fips_enabled isn't allowing, just like other algorithms that
aren't available? Have you checked with linux-crypto@vger.kernel.org that the
current behavior is actually intentional?
> @@ -77,11 +86,16 @@ bool tst_have_alg(const char *algtype, const char *algname)
>
> ret = bind(algfd, (const struct sockaddr *)&addr, sizeof(addr));
> if (ret != 0) {
> - if (errno != ENOENT) {
> + if (errno == ELIBBAD && tst_fips_enabled()) {
> + tst_res(TCONF,
> + "FIPS enabled => %s algorithm '%s' disabled",
> + algtype, algname);
> + } else if (errno != ENOENT) {
> tst_brk(TBROK | TERRNO,
> "unexpected error binding AF_ALG socket to %s algorithm '%s'",
> algtype, algname);
> }
> +
> have_alg = false;
> }
This function is supposed to return false if the algorithm isn't available; it
shouldn't be skipping the test.
> @@ -22,8 +23,9 @@ static void test_with_hash_alg(const char *hash_algname)
> char key[4096] = { 0 };
>
> if (!tst_have_alg("hash", hash_algname)) {
> - tst_res(TCONF, "kernel doesn't have hash algorithm '%s'",
> - hash_algname);
> + if (errno != ELIBBAD)
> + tst_res(TCONF, "kernel doesn't have hash algorithm '%s'",
> + hash_algname);
> return;
> }
> sprintf(hmac_algname, "hmac(%s)", hash_algname);
Why treat this case any differently from any other hash algorithm that isn't
available?
- Eric
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2021-12-22 15:31 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-20 21:27 [LTP] [PATCH v2 1/1] tst_af_alg: Another fix for disabled weak cipher Petr Vorel
2021-12-21 11:11 ` Cyril Hrubis
2021-12-21 12:03 ` Petr Vorel
2021-12-22 14:45 ` Petr Vorel
2021-12-22 16:01 ` Cyril Hrubis
2021-12-22 16:49 ` Petr Vorel
2021-12-22 15:31 ` Eric Biggers [this message]
2021-12-22 17:01 ` Petr Vorel
2021-12-22 17:58 ` Eric Biggers
2021-12-22 19:01 ` Petr Vorel
2022-01-04 11:54 ` Petr Vorel
2022-01-11 5:29 ` Herbert Xu
2022-01-11 6:44 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YcNE2Yt4zLs4ayz7@quark \
--to=ebiggers@kernel.org \
--cc=ltp@lists.linux.it \
--cc=pvorel@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox