Message ID | 20210202130441.17861-2-pvorel@suse.cz |
---|---|
State | Accepted |
Headers | show |
Series | [1/2] lib: Add function to detect FIPS mode | expand |
Hi! > + int is_asymmetric = !strcmp(type, "asymmetric"); > + > TEST(add_key(type, "desc", payload, plen, KEY_SPEC_SESSION_KEYRING)); > if (TST_RET < 0) { > + if (TST_ERR == EINVAL && is_asymmetric && tst_fips_enabled()) { ^ I guess that we can save the value in test setup instead of re-reading it on every iteration. Other than that it looks good to me. Reviewed-by: Cyril Hrubis <chrubis@suse.cz> > + tst_res(TCONF, "key size not allowed in FIPS mode"); > + return; > + } > if (TST_ERR == ENODEV) { > tst_res(TCONF, "kernel doesn't support key type '%s'", > type); > return; > } > - if (TST_ERR == EBADMSG && !strcmp(type, "asymmetric")) { > + if (TST_ERR == EBADMSG && is_asymmetric) { > tst_res(TCONF, "kernel is missing x509 cert parser " > "(CONFIG_X509_CERTIFICATE_PARSER)"); > return; > } > - if (TST_ERR == ENOENT && !strcmp(type, "asymmetric")) { > + if (TST_ERR == ENOENT && is_asymmetric) { > tst_res(TCONF, "kernel is missing crypto algorithms " > "needed to parse x509 cert (CONFIG_CRYPTO_RSA " > "and/or CONFIG_CRYPTO_SHA256)"); > -- > 2.30.0 > > > -- > Mailing list info: https://lists.linux.it/listinfo/ltp
Hi Cyril, > Hi! > > + int is_asymmetric = !strcmp(type, "asymmetric"); > > + > > TEST(add_key(type, "desc", payload, plen, KEY_SPEC_SESSION_KEYRING)); > > if (TST_RET < 0) { > > + if (TST_ERR == EINVAL && is_asymmetric && tst_fips_enabled()) { > ^ > I guess that > we can save > the value in > test setup > instead of > re-reading it > on every > iteration. > Other than that it looks good to me. Good point, thanks! Moved to variable set at setup and merged. > Reviewed-by: Cyril Hrubis <chrubis@suse.cz> Kind regards, Petr
diff --git a/testcases/kernel/syscalls/keyctl/keyctl05.c b/testcases/kernel/syscalls/keyctl/keyctl05.c index 55ce852b8..1cd665ba4 100644 --- a/testcases/kernel/syscalls/keyctl/keyctl05.c +++ b/testcases/kernel/syscalls/keyctl/keyctl05.c @@ -85,19 +85,25 @@ static void test_update_nonupdatable(const char *type, new_session_keyring(); + int is_asymmetric = !strcmp(type, "asymmetric"); + TEST(add_key(type, "desc", payload, plen, KEY_SPEC_SESSION_KEYRING)); if (TST_RET < 0) { + if (TST_ERR == EINVAL && is_asymmetric && tst_fips_enabled()) { + tst_res(TCONF, "key size not allowed in FIPS mode"); + return; + } if (TST_ERR == ENODEV) { tst_res(TCONF, "kernel doesn't support key type '%s'", type); return; } - if (TST_ERR == EBADMSG && !strcmp(type, "asymmetric")) { + if (TST_ERR == EBADMSG && is_asymmetric) { tst_res(TCONF, "kernel is missing x509 cert parser " "(CONFIG_X509_CERTIFICATE_PARSER)"); return; } - if (TST_ERR == ENOENT && !strcmp(type, "asymmetric")) { + if (TST_ERR == ENOENT && is_asymmetric) { tst_res(TCONF, "kernel is missing crypto algorithms " "needed to parse x509 cert (CONFIG_CRYPTO_RSA " "and/or CONFIG_CRYPTO_SHA256)");
asymmetric key test fails on FIPS with dmesg: RSA: key size not allowed in FIPS mode Signed-off-by: Petr Vorel <pvorel@suse.cz> --- testcases/kernel/syscalls/keyctl/keyctl05.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)