| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Jun 2023 19:17:12 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Magali Lemes <magali.lemes@...onical.com>
Cc: davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com,
shuah@...nel.org, vfedorenko@...ek.ru, tianjia.zhang@...ux.alibaba.com,
andrei.gherzan@...onical.com, netdev@...r.kernel.org,
linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net 1/3] selftests: net: tls: check if FIPS mode is
enabled
On Wed, 7 Jun 2023 14:43:00 -0300 Magali Lemes wrote:
> FIXTURE(tls)
> {
> - int fd, cfd;
> + int fd, cfd, fips_enabled;
put bool fips_non_compliant into the variant, and mark down
the cases which need to be skipped. There is fewer variants
than tests
> bool notls;
> };
>
> @@ -309,7 +309,22 @@ FIXTURE_SETUP(tls)
> {
> struct tls_crypto_info_keys tls12;
> int one = 1;
> - int ret;
> + int ret, res;
> + FILE *f;
> +
> + self->fips_enabled = 0;
> + f = fopen("/proc/sys/crypto/fips_enabled", "r");
> + if (f) {
> + res = fscanf(f, "%d", &self->fips_enabled);
> + if (res != 1)
> + ksft_print_msg("ERROR: Couldn't read /proc/sys/crypto/fips_enabled\n");
> + fclose(f);
> + }
Cache the fips_enabled in a static global variable, no point reading
it every time.
--
pw-bot: cr
Powered by blists - more mailing lists