* [LTP] [PATCH 1/1] tst_af_alg: Another fix for disabled weak cyphers
@ 2021-12-16 12:54 Petr Vorel
2021-12-16 12:56 ` Petr Vorel
2021-12-16 13:07 ` Cyril Hrubis
0 siblings, 2 replies; 4+ messages in thread
From: Petr Vorel @ 2021-12-16 12:54 UTC (permalink / raw)
To: ltp
e.g. md5 and sm3 on enabled FIPS (fips=1 on cmdline) on SLES 15-SP4.
Similar fix to 4fa302ef9d. It fixes:
tst_af_alg.c:84: TBROK: unexpected error binding AF_ALG socket to hash algorithm 'md5': ELIBBAD (80)
become
af_alg01.c:26: TCONF: kernel doesn't have hash algorithm 'md5'
af_alg01.c:26: TCONF: kernel doesn't have hash algorithm 'md5-generic'
...
af_alg01.c:26: TCONF: kernel doesn't have hash algorithm 'sm3'
af_alg01.c:26: TCONF: kernel doesn't have hash algorithm 'sm3-generic'
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
lib/tst_af_alg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/tst_af_alg.c b/lib/tst_af_alg.c
index 05caa63016..e1cb480f77 100644
--- a/lib/tst_af_alg.c
+++ b/lib/tst_af_alg.c
@@ -77,7 +77,7 @@ bool tst_have_alg(const char *algtype, const char *algname)
ret = bind(algfd, (const struct sockaddr *)&addr, sizeof(addr));
if (ret != 0) {
- if (errno != ENOENT) {
+ if (errno != ENOENT && errno != ELIBBAD) {
tst_brk(TBROK | TERRNO,
"unexpected error binding AF_ALG socket to %s algorithm '%s'",
algtype, algname);
--
2.34.1
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [LTP] [PATCH 1/1] tst_af_alg: Another fix for disabled weak cyphers
2021-12-16 12:54 [LTP] [PATCH 1/1] tst_af_alg: Another fix for disabled weak cyphers Petr Vorel
@ 2021-12-16 12:56 ` Petr Vorel
2021-12-16 13:07 ` Cyril Hrubis
1 sibling, 0 replies; 4+ messages in thread
From: Petr Vorel @ 2021-12-16 12:56 UTC (permalink / raw)
To: ltp
Ah, bad grammar: s/cypher/cipher/
Kind regards,
Petr
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LTP] [PATCH 1/1] tst_af_alg: Another fix for disabled weak cyphers
2021-12-16 12:54 [LTP] [PATCH 1/1] tst_af_alg: Another fix for disabled weak cyphers Petr Vorel
2021-12-16 12:56 ` Petr Vorel
@ 2021-12-16 13:07 ` Cyril Hrubis
2021-12-16 13:24 ` [LTP] [PATCH 1/1] tst_af_alg: Another fix for disabled weak ciphers Petr Vorel
1 sibling, 1 reply; 4+ messages in thread
From: Cyril Hrubis @ 2021-12-16 13:07 UTC (permalink / raw)
To: Petr Vorel; +Cc: ltp
Hi!
> e.g. md5 and sm3 on enabled FIPS (fips=1 on cmdline) on SLES 15-SP4.
> Similar fix to 4fa302ef9d. It fixes:
>
> tst_af_alg.c:84: TBROK: unexpected error binding AF_ALG socket to hash algorithm 'md5': ELIBBAD (80)
That's strange choice of errno, ELIBBAD usually means corrupted ELF
file, it looks like this comes from kernel fucntion crypto_alg_lookup()
if the __crypto_alg_lookup() returns alg structure but the
CRYPTO_ALG_LARVAL bit is not set. Unfortunatelly I have no idea what
that really means. Have you confirmed with someone who understands the
code that these cipers are intentionally disabled and that this errno is
to be expected? And even if that is so we should skip the test on fips
mode only...
> become
> af_alg01.c:26: TCONF: kernel doesn't have hash algorithm 'md5'
> af_alg01.c:26: TCONF: kernel doesn't have hash algorithm 'md5-generic'
> ...
> af_alg01.c:26: TCONF: kernel doesn't have hash algorithm 'sm3'
> af_alg01.c:26: TCONF: kernel doesn't have hash algorithm 'sm3-generic'
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> lib/tst_af_alg.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/tst_af_alg.c b/lib/tst_af_alg.c
> index 05caa63016..e1cb480f77 100644
> --- a/lib/tst_af_alg.c
> +++ b/lib/tst_af_alg.c
> @@ -77,7 +77,7 @@ bool tst_have_alg(const char *algtype, const char *algname)
>
> ret = bind(algfd, (const struct sockaddr *)&addr, sizeof(addr));
> if (ret != 0) {
> - if (errno != ENOENT) {
> + if (errno != ENOENT && errno != ELIBBAD) {
> tst_brk(TBROK | TERRNO,
> "unexpected error binding AF_ALG socket to %s algorithm '%s'",
> algtype, algname);
> --
> 2.34.1
>
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LTP] [PATCH 1/1] tst_af_alg: Another fix for disabled weak ciphers
2021-12-16 13:07 ` Cyril Hrubis
@ 2021-12-16 13:24 ` Petr Vorel
0 siblings, 0 replies; 4+ messages in thread
From: Petr Vorel @ 2021-12-16 13:24 UTC (permalink / raw)
To: Cyril Hrubis; +Cc: ltp
Hi Cyril,
> Hi!
> > e.g. md5 and sm3 on enabled FIPS (fips=1 on cmdline) on SLES 15-SP4.
> > Similar fix to 4fa302ef9d. It fixes:
> > tst_af_alg.c:84: TBROK: unexpected error binding AF_ALG socket to hash algorithm 'md5': ELIBBAD (80)
> That's strange choice of errno, ELIBBAD usually means corrupted ELF
> file, it looks like this comes from kernel fucntion crypto_alg_lookup()
> if the __crypto_alg_lookup() returns alg structure but the
> CRYPTO_ALG_LARVAL bit is not set. Unfortunatelly I have no idea what
> that really means. Have you confirmed with someone who understands the
> code that these cipers are intentionally disabled and that this errno is
> to be expected? And even if that is so we should skip the test on fips
> mode only...
Yes, is the first time I saw ELIBBAD, thus I'll check with developers.
Showing only on md5 and sm3 was "proof" for me it's correct on correctly
configured system with fips=1, but you're right it's better to double check.
Kind regards,
Petr
--
Mailing list info: https://lists.linux.it/listinfo/ltp
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-12-16 13:25 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-16 12:54 [LTP] [PATCH 1/1] tst_af_alg: Another fix for disabled weak cyphers Petr Vorel
2021-12-16 12:56 ` Petr Vorel
2021-12-16 13:07 ` Cyril Hrubis
2021-12-16 13:24 ` [LTP] [PATCH 1/1] tst_af_alg: Another fix for disabled weak ciphers Petr Vorel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).