Matthieu Baerts <matttbe@xxxxxxxxxx> wrote: > I don't know if it can help, but did you try to reproduce it on top of > the branch used by the CI? > > https://github.com/linux-netdev/testing/tree/net-next-2025-08-12--06-00 > > This branch is on top of net-next, where 'net' has been merged, all > pending patches listed on Patchwork have been applied, plus a few > additional patches are there to either fix some temp issues or improve > the CI somehow. Maybe one of these patches caused the removal of > CONFIG_CRYPTO_SHA1. Yes: sctp: Use HMAC-SHA1 and HMAC-SHA256 library for chunk authentication removes it. > I guess that's the case, because when looking at the diff [1] when the > issue got introduced, I see some patches [2] from Eric Biggers modifying > some sctp's Kconfig file. They probably cause the issue, but the fix > should be to add CONFIG_CRYPTO_SHA1 in the ST config as mentioned by Paolo. seems like these two are the only ones that need it. at least xfrm_policy.sh passes again after this change. diff --git a/tools/testing/selftests/net/config b/tools/testing/selftests/net/config --- a/tools/testing/selftests/net/config +++ b/tools/testing/selftests/net/config @@ -115,6 +115,7 @@ CONFIG_VXLAN=m CONFIG_IP_SCTP=m CONFIG_NETFILTER_XT_MATCH_POLICY=m CONFIG_CRYPTO_ARIA=y +CONFIG_CRYPTO_SHA1=y CONFIG_XFRM_INTERFACE=m CONFIG_XFRM_USER=m CONFIG_IP_NF_MATCH_RPFILTER=m diff --git a/tools/testing/selftests/net/netfilter/config b/tools/testing/selftests/net/netfilter/config --- a/tools/testing/selftests/net/netfilter/config +++ b/tools/testing/selftests/net/netfilter/config @@ -98,3 +98,4 @@ CONFIG_NET_PKTGEN=m CONFIG_TUN=m CONFIG_INET_DIAG=m CONFIG_INET_SCTP_DIAG=m +CONFIG_CRYPTO_SHA1=y
