On Tue, Aug 12, 2025 at 12:43:22PM +0200, Florian Westphal wrote: > Matthieu Baerts <matttbe@xxxxxxxxxx> wrote: > > I don't know if it can help, but did you try to reproduce it on top of > > the branch used by the CI? > > > > https://github.com/linux-netdev/testing/tree/net-next-2025-08-12--06-00 > > > > This branch is on top of net-next, where 'net' has been merged, all > > pending patches listed on Patchwork have been applied, plus a few > > additional patches are there to either fix some temp issues or improve > > the CI somehow. Maybe one of these patches caused the removal of > > CONFIG_CRYPTO_SHA1. > > Yes: > sctp: Use HMAC-SHA1 and HMAC-SHA256 library for chunk authentication > > removes it. > > > I guess that's the case, because when looking at the diff [1] when the > > issue got introduced, I see some patches [2] from Eric Biggers modifying > > some sctp's Kconfig file. They probably cause the issue, but the fix > > should be to add CONFIG_CRYPTO_SHA1 in the ST config as mentioned by Paolo. > > seems like these two are the only ones that need it. at least > xfrm_policy.sh passes again after this change. > > diff --git a/tools/testing/selftests/net/config b/tools/testing/selftests/net/config > --- a/tools/testing/selftests/net/config > +++ b/tools/testing/selftests/net/config > @@ -115,6 +115,7 @@ CONFIG_VXLAN=m > CONFIG_IP_SCTP=m > CONFIG_NETFILTER_XT_MATCH_POLICY=m > CONFIG_CRYPTO_ARIA=y > +CONFIG_CRYPTO_SHA1=y > CONFIG_XFRM_INTERFACE=m > CONFIG_XFRM_USER=m > CONFIG_IP_NF_MATCH_RPFILTER=m > diff --git a/tools/testing/selftests/net/netfilter/config b/tools/testing/selftests/net/netfilter/config > --- a/tools/testing/selftests/net/netfilter/config > +++ b/tools/testing/selftests/net/netfilter/config > @@ -98,3 +98,4 @@ CONFIG_NET_PKTGEN=m > CONFIG_TUN=m > CONFIG_INET_DIAG=m > CONFIG_INET_SCTP_DIAG=m > +CONFIG_CRYPTO_SHA1=y Yes that's correct. I've included a fix for this in v2 of the series (https://lore.kernel.org/netdev/20250813040121.90609-2-ebiggers@xxxxxxxxxx/). Thanks for finding this! - Eric
