[SRU][J][PATCH v2 0/3] Fix failing net selftests

[Magali Lemes]

BugLink: https://bugs.launchpad.net/bugs/2019868
BugLink: https://bugs.launchpad.net/bugs/2019880

[Impact]
Due to the introduction of net tests that rely on cryptographic
functions to work, some test cases from net/tls and net/vrf-xfrm-tests
that use non-compliant FIPS algorithms fail when fips=1.

[Fix]
To fix these failures in FIPS mode, we can, on a case-by-case basis,
  1) skip the tests that require non-compliant FIPS algorithms or
  2) change the algorithms to FIPS-compliant ones.
For net/tls, we skip the test variants that use the ChaCha20-Poly1305
algorithm.
For net/net:vrf-xfrm-tests, we can simply replace the algorithms that
are not FIPS-compliant with compliant ones.

[Test Plan]
With a fips kernel installed, pass fips=1 as a kernel parameter, run the
net/tls and net/vrf-xfrm-tests tests with these patches applied, and
check that they are all passing.

[Where problems could occur]
Regression risk is very low and would hardly affect any user, since the
changes only touch the selftests.

[Other Info]
I'm sending this to be applied on the generic kernel, as Jammy FIPS
derivative kernels will easily inherit these changes.

Changes in v2:
- Target generic kernel.
- fcnal-test.sh: dropped as it will be picked from upstream stable.
- tls.c: skip tests right at setup if in FIPS mode, this requires commit
  372b304c ("selftests/harness: allow tests to be skipped during setup").

Magali Lemes (3):
  selftests/harness: allow tests to be skipped during setup
  selftests: net: tls: check if FIPS mode is enabled
  selftests: net: vrf-xfrm-tests: change authentication and encryption
    algos

 tools/testing/selftests/kselftest_harness.h   |  6 ++--
 tools/testing/selftests/net/tls.c             | 21 ++++++++++++
 tools/testing/selftests/net/vrf-xfrm-tests.sh | 32 +++++++++----------
 3 files changed, 40 insertions(+), 19 deletions(-)

-- 
2.34.1