From: Steffan Karger Date: Mon, 15 May 2017 14:44:43 +0000 (+0200) Subject: Skip tls-crypt unit tests if required crypto mode not supported X-Git-Tag: v2.4.3~25 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=84372cb6a67d1c088b01ed253697199995a8ab85;p=thirdparty%2Fopenvpn.git Skip tls-crypt unit tests if required crypto mode not supported Instead of failing the test with an unclear error, print that the a required crypto primitive is not supported and skip the test. This is for example the case when using the system-supplied openssl on SLES11, which does not support AES-256-CTR. Signed-off-by: Steffan Karger Acked-by: Gert Doering Message-Id: <1494859483-16466-1-git-send-email-steffan.karger@fox-it.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14657.html Signed-off-by: Gert Doering (cherry picked from commit 534c8f24bd8ceeaebb326f53363a4e40e970df1e) --- diff --git a/tests/unit_tests/openvpn/test_tls_crypt.c b/tests/unit_tests/openvpn/test_tls_crypt.c index 7b014e072..262b1984c 100644 --- a/tests/unit_tests/openvpn/test_tls_crypt.c +++ b/tests/unit_tests/openvpn/test_tls_crypt.c @@ -58,11 +58,22 @@ struct test_context { static int setup(void **state) { - struct test_context *ctx = calloc(1, sizeof(*ctx)); + struct test_context *ctx = calloc(1, sizeof(*ctx)); + *state = ctx; ctx->kt.cipher = cipher_kt_get("AES-256-CTR"); - ctx->kt.cipher_length = cipher_kt_key_size(ctx->kt.cipher); ctx->kt.digest = md_kt_get("SHA256"); + if (!ctx->kt.cipher) + { + printf("No AES-256-CTR support, skipping test.\n"); + return 0; + } + if (!ctx->kt.digest) + { + printf("No HMAC-SHA256 support, skipping test.\n"); + return 0; + } + ctx->kt.cipher_length = cipher_kt_key_size(ctx->kt.cipher); ctx->kt.hmac_length = md_kt_size(ctx->kt.digest); struct key key = { 0 }; @@ -82,8 +93,6 @@ setup(void **state) { /* Write dummy opcode and session id */ buf_write(&ctx->ciphertext, "012345678", 1 + 8); - *state = ctx; - return 0; } @@ -102,6 +111,14 @@ teardown(void **state) { return 0; } +static void skip_if_tls_crypt_not_supported(struct test_context *ctx) +{ + if (!ctx->kt.cipher || !ctx->kt.digest) + { + skip(); + } +} + /** * Check that short messages are successfully wrapped-and-unwrapped. */ @@ -109,6 +126,8 @@ static void tls_crypt_loopback(void **state) { struct test_context *ctx = (struct test_context *) *state; + skip_if_tls_crypt_not_supported(ctx); + assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext)); assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co)); @@ -124,6 +143,8 @@ static void tls_crypt_loopback_zero_len(void **state) { struct test_context *ctx = (struct test_context *) *state; + skip_if_tls_crypt_not_supported(ctx); + buf_clear(&ctx->source); assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); @@ -141,6 +162,8 @@ static void tls_crypt_loopback_max_len(void **state) { struct test_context *ctx = (struct test_context *) *state; + skip_if_tls_crypt_not_supported(ctx); + buf_clear(&ctx->source); assert_non_null(buf_write_alloc(&ctx->source, TESTBUF_SIZE - BLEN(&ctx->ciphertext) - tls_crypt_buf_overhead())); @@ -160,6 +183,8 @@ static void tls_crypt_fail_msg_too_long(void **state) { struct test_context *ctx = (struct test_context *) *state; + skip_if_tls_crypt_not_supported(ctx); + buf_clear(&ctx->source); assert_non_null(buf_write_alloc(&ctx->source, TESTBUF_SIZE - BLEN(&ctx->ciphertext) - tls_crypt_buf_overhead() + 1)); @@ -174,6 +199,8 @@ static void tls_crypt_fail_invalid_key(void **state) { struct test_context *ctx = (struct test_context *) *state; + skip_if_tls_crypt_not_supported(ctx); + /* Change decrypt key */ struct key key = { { 1 } }; free_key_ctx(&ctx->co.key_ctx_bi.decrypt); @@ -191,6 +218,8 @@ static void tls_crypt_fail_replay(void **state) { struct test_context *ctx = (struct test_context *) *state; + skip_if_tls_crypt_not_supported(ctx); + assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext)); struct buffer tmp = ctx->ciphertext; @@ -208,6 +237,8 @@ static void tls_crypt_ignore_replay(void **state) { struct test_context *ctx = (struct test_context *) *state; + skip_if_tls_crypt_not_supported(ctx); + ctx->co.flags |= CO_IGNORE_PACKET_ID; assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co));