Commit d7a2fc14 authored by Magali Lemes's avatar Magali Lemes Committed by Jakub Kicinski

selftests: net: fcnal-test: check if FIPS mode is enabled

There are some MD5 tests which fail when the kernel is in FIPS mode,
since MD5 is not FIPS compliant. Add a check and only run those tests
if FIPS mode is not enabled.

Fixes: f0bee1eb ("fcnal-test: Add TCP MD5 tests")
Fixes: 5cad8bce ("fcnal-test: Add TCP MD5 tests for VRF")
Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
Signed-off-by: default avatarMagali Lemes <magali.lemes@canonical.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent cb43c60e
......@@ -92,6 +92,13 @@ NSC_CMD="ip netns exec ${NSC}"
which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping)
# Check if FIPS mode is enabled
if [ -f /proc/sys/crypto/fips_enabled ]; then
fips_enabled=`cat /proc/sys/crypto/fips_enabled`
else
fips_enabled=0
fi
################################################################################
# utilities
......@@ -1216,7 +1223,7 @@ ipv4_tcp_novrf()
run_cmd nettest -d ${NSA_DEV} -r ${a}
log_test_addr ${a} $? 1 "No server, device client, local conn"
ipv4_tcp_md5_novrf
[ "$fips_enabled" = "1" ] || ipv4_tcp_md5_novrf
}
ipv4_tcp_vrf()
......@@ -1270,9 +1277,11 @@ ipv4_tcp_vrf()
log_test_addr ${a} $? 1 "Global server, local connection"
# run MD5 tests
setup_vrf_dup
ipv4_tcp_md5
cleanup_vrf_dup
if [ "$fips_enabled" = "0" ]; then
setup_vrf_dup
ipv4_tcp_md5
cleanup_vrf_dup
fi
#
# enable VRF global server
......@@ -2772,7 +2781,7 @@ ipv6_tcp_novrf()
log_test_addr ${a} $? 1 "No server, device client, local conn"
done
ipv6_tcp_md5_novrf
[ "$fips_enabled" = "1" ] || ipv6_tcp_md5_novrf
}
ipv6_tcp_vrf()
......@@ -2842,9 +2851,11 @@ ipv6_tcp_vrf()
log_test_addr ${a} $? 1 "Global server, local connection"
# run MD5 tests
setup_vrf_dup
ipv6_tcp_md5
cleanup_vrf_dup
if [ "$fips_enabled" = "0" ]; then
setup_vrf_dup
ipv6_tcp_md5
cleanup_vrf_dup
fi
#
# enable VRF global server
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment