Merge branch 'check-if-fips-mode-is-enabled-when-running-selftests'
authorJakub Kicinski <kuba@kernel.org>
Fri, 16 Jun 2023 05:24:03 +0000 (22:24 -0700)
committerJakub Kicinski <kuba@kernel.org>
Fri, 16 Jun 2023 05:24:03 +0000 (22:24 -0700)
commitd4e067287b41b9eba278533d32afda35b25fbdd5
tree3856dd4542fdefa094ef1ee7ff071aceed48fbc0
parent40f71e7cd3c6ac04293556ab0504a372393838ff
parentd7a2fc1437f71cb058c7b11bc33dfc19e4bf277a
Merge branch 'check-if-fips-mode-is-enabled-when-running-selftests'

Magali Lemes says:

====================
Check if FIPS mode is enabled when running selftests

Some test cases from net/tls, net/fcnal-test and net/vrf-xfrm-tests
that rely on cryptographic functions to work and use non-compliant FIPS
algorithms fail in FIPS mode.

In order to allow these tests to pass in a wider set of kernels,
 - for net/tls, skip the test variants that use the ChaCha20-Poly1305
and SM4 algorithms, when FIPS mode is enabled;
 - for net/fcnal-test, skip the MD5 tests, when FIPS mode is enabled;
 - for net/vrf-xfrm-tests, replace the algorithms that are not
FIPS-compliant with compliant ones.

v1: https://lore.kernel.org/netdev/20230607174302.19542-1-magali.lemes@canonical.com/
v2: https://lore.kernel.org/netdev/20230609164324.497813-1-magali.lemes@canonical.com/
v3: https://lore.kernel.org/netdev/20230612125107.73795-1-magali.lemes@canonical.com/
====================

Link: https://lore.kernel.org/r/20230613123222.631897-1-magali.lemes@canonical.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>