Instead of failing the test with an unclear error, print that the a
required crypto primitive is not supported and skip the test.
This is for example the case when using the system-supplied openssl on
SLES11, which does not support AES-256-CTR.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1494859483-16466-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14657.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -58,11 +58,22 @@ struct test_context { |
58 | 58 |
|
59 | 59 |
static int |
60 | 60 |
setup(void **state) { |
61 |
- struct test_context *ctx = calloc(1, sizeof(*ctx)); |
|
61 |
+ struct test_context *ctx = calloc(1, sizeof(*ctx)); |
|
62 |
+ *state = ctx; |
|
62 | 63 |
|
63 | 64 |
ctx->kt.cipher = cipher_kt_get("AES-256-CTR"); |
64 |
- ctx->kt.cipher_length = cipher_kt_key_size(ctx->kt.cipher); |
|
65 | 65 |
ctx->kt.digest = md_kt_get("SHA256"); |
66 |
+ if (!ctx->kt.cipher) |
|
67 |
+ { |
|
68 |
+ printf("No AES-256-CTR support, skipping test.\n"); |
|
69 |
+ return 0; |
|
70 |
+ } |
|
71 |
+ if (!ctx->kt.digest) |
|
72 |
+ { |
|
73 |
+ printf("No HMAC-SHA256 support, skipping test.\n"); |
|
74 |
+ return 0; |
|
75 |
+ } |
|
76 |
+ ctx->kt.cipher_length = cipher_kt_key_size(ctx->kt.cipher); |
|
66 | 77 |
ctx->kt.hmac_length = md_kt_size(ctx->kt.digest); |
67 | 78 |
|
68 | 79 |
struct key key = { 0 }; |
... | ... |
@@ -82,8 +93,6 @@ setup(void **state) { |
82 | 82 |
/* Write dummy opcode and session id */ |
83 | 83 |
buf_write(&ctx->ciphertext, "012345678", 1 + 8); |
84 | 84 |
|
85 |
- *state = ctx; |
|
86 |
- |
|
87 | 85 |
return 0; |
88 | 86 |
} |
89 | 87 |
|
... | ... |
@@ -102,6 +111,14 @@ teardown(void **state) { |
102 | 102 |
return 0; |
103 | 103 |
} |
104 | 104 |
|
105 |
+static void skip_if_tls_crypt_not_supported(struct test_context *ctx) |
|
106 |
+{ |
|
107 |
+ if (!ctx->kt.cipher || !ctx->kt.digest) |
|
108 |
+ { |
|
109 |
+ skip(); |
|
110 |
+ } |
|
111 |
+} |
|
112 |
+ |
|
105 | 113 |
/** |
106 | 114 |
* Check that short messages are successfully wrapped-and-unwrapped. |
107 | 115 |
*/ |
... | ... |
@@ -109,6 +126,8 @@ static void |
109 | 109 |
tls_crypt_loopback(void **state) { |
110 | 110 |
struct test_context *ctx = (struct test_context *) *state; |
111 | 111 |
|
112 |
+ skip_if_tls_crypt_not_supported(ctx); |
|
113 |
+ |
|
112 | 114 |
assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); |
113 | 115 |
assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext)); |
114 | 116 |
assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co)); |
... | ... |
@@ -124,6 +143,8 @@ static void |
124 | 124 |
tls_crypt_loopback_zero_len(void **state) { |
125 | 125 |
struct test_context *ctx = (struct test_context *) *state; |
126 | 126 |
|
127 |
+ skip_if_tls_crypt_not_supported(ctx); |
|
128 |
+ |
|
127 | 129 |
buf_clear(&ctx->source); |
128 | 130 |
|
129 | 131 |
assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); |
... | ... |
@@ -141,6 +162,8 @@ static void |
141 | 141 |
tls_crypt_loopback_max_len(void **state) { |
142 | 142 |
struct test_context *ctx = (struct test_context *) *state; |
143 | 143 |
|
144 |
+ skip_if_tls_crypt_not_supported(ctx); |
|
145 |
+ |
|
144 | 146 |
buf_clear(&ctx->source); |
145 | 147 |
assert_non_null(buf_write_alloc(&ctx->source, |
146 | 148 |
TESTBUF_SIZE - BLEN(&ctx->ciphertext) - tls_crypt_buf_overhead())); |
... | ... |
@@ -160,6 +183,8 @@ static void |
160 | 160 |
tls_crypt_fail_msg_too_long(void **state) { |
161 | 161 |
struct test_context *ctx = (struct test_context *) *state; |
162 | 162 |
|
163 |
+ skip_if_tls_crypt_not_supported(ctx); |
|
164 |
+ |
|
163 | 165 |
buf_clear(&ctx->source); |
164 | 166 |
assert_non_null(buf_write_alloc(&ctx->source, |
165 | 167 |
TESTBUF_SIZE - BLEN(&ctx->ciphertext) - tls_crypt_buf_overhead() + 1)); |
... | ... |
@@ -174,6 +199,8 @@ static void |
174 | 174 |
tls_crypt_fail_invalid_key(void **state) { |
175 | 175 |
struct test_context *ctx = (struct test_context *) *state; |
176 | 176 |
|
177 |
+ skip_if_tls_crypt_not_supported(ctx); |
|
178 |
+ |
|
177 | 179 |
/* Change decrypt key */ |
178 | 180 |
struct key key = { { 1 } }; |
179 | 181 |
free_key_ctx(&ctx->co.key_ctx_bi.decrypt); |
... | ... |
@@ -191,6 +218,8 @@ static void |
191 | 191 |
tls_crypt_fail_replay(void **state) { |
192 | 192 |
struct test_context *ctx = (struct test_context *) *state; |
193 | 193 |
|
194 |
+ skip_if_tls_crypt_not_supported(ctx); |
|
195 |
+ |
|
194 | 196 |
assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); |
195 | 197 |
assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext)); |
196 | 198 |
struct buffer tmp = ctx->ciphertext; |
... | ... |
@@ -208,6 +237,8 @@ static void |
208 | 208 |
tls_crypt_ignore_replay(void **state) { |
209 | 209 |
struct test_context *ctx = (struct test_context *) *state; |
210 | 210 |
|
211 |
+ skip_if_tls_crypt_not_supported(ctx); |
|
212 |
+ |
|
211 | 213 |
ctx->co.flags |= CO_IGNORE_PACKET_ID; |
212 | 214 |
|
213 | 215 |
assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); |