Some test cases from net/tls, net/fcnal-test and net/vrf-xfrm-tests that rely on cryptographic functions to work and use non-compliant FIPS algorithms fail in FIPS mode. In order to allow these tests to pass in a wider set of kernels, - for net/tls, skip the test variants that use the ChaCha20-Poly1305 and SM4 algorithms, when FIPS mode is enabled; - for net/fcnal-test, skip the MD5 tests, when FIPS mode is enabled; - for net/vrf-xfrm-tests, replace the algorithms that are not FIPS-compliant with compliant ones. Changes in v2: - Add R-b tags. - Put fips_non_compliant into the variants. - Turn fips_enabled into a static global variable. - Read /proc/sys/crypto/fips_enabled only once at main(). v1: https://lore.kernel.org/netdev/20230607174302.19542-1-magali.lemes@xxxxxxxxxxxxx/ Magali Lemes (3): selftests: net: tls: check if FIPS mode is enabled selftests: net: vrf-xfrm-tests: change authentication and encryption algos selftests: net: fcnal-test: check if FIPS mode is enabled tools/testing/selftests/net/fcnal-test.sh | 27 ++- tools/testing/selftests/net/tls.c | 175 +++++++++++++++++- tools/testing/selftests/net/vrf-xfrm-tests.sh | 32 ++-- 3 files changed, 209 insertions(+), 25 deletions(-) -- 2.34.1
