Browse code
Skip tls-crypt unit tests if required crypto mode not supported
Instead of failing the test with an unclear error, print that the a
required crypto primitive is not supported and skip the test.
This is for example the case when using the system-supplied openssl on
SLES11, which does not support AES-256-CTR.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1494859483-16466-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14657.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Steffan Karger authored on 2017/05/15 23:44:43Showing 1 changed files
| ... | ... |
@@ -58,11 +58,22 @@ struct test_context {
|
| 58 | 58 |
|
| 59 | 59 |
static int |
| 60 | 60 |
setup(void **state) {
|
| 61 |
- struct test_context *ctx = calloc(1, sizeof(*ctx)); |
|
| 61 |
+ struct test_context *ctx = calloc(1, sizeof(*ctx)); |
|
| 62 |
+ *state = ctx; |
|
| 62 | 63 |
|
| 63 | 64 |
ctx->kt.cipher = cipher_kt_get("AES-256-CTR");
|
| 64 |
- ctx->kt.cipher_length = cipher_kt_key_size(ctx->kt.cipher); |
|
| 65 | 65 |
ctx->kt.digest = md_kt_get("SHA256");
|
| 66 |
+ if (!ctx->kt.cipher) |
|
| 67 |
+ {
|
|
| 68 |
+ printf("No AES-256-CTR support, skipping test.\n");
|
|
| 69 |
+ return 0; |
|
| 70 |
+ } |
|
| 71 |
+ if (!ctx->kt.digest) |
|
| 72 |
+ {
|
|
| 73 |
+ printf("No HMAC-SHA256 support, skipping test.\n");
|
|
| 74 |
+ return 0; |
|
| 75 |
+ } |
|
| 76 |
+ ctx->kt.cipher_length = cipher_kt_key_size(ctx->kt.cipher); |
|
| 66 | 77 |
ctx->kt.hmac_length = md_kt_size(ctx->kt.digest); |
| 67 | 78 |
|
| 68 | 79 |
struct key key = { 0 };
|
| ... | ... |
@@ -82,8 +93,6 @@ setup(void **state) {
|
| 82 | 82 |
/* Write dummy opcode and session id */ |
| 83 | 83 |
buf_write(&ctx->ciphertext, "012345678", 1 + 8); |
| 84 | 84 |
|
| 85 |
- *state = ctx; |
|
| 86 |
- |
|
| 87 | 85 |
return 0; |
| 88 | 86 |
} |
| 89 | 87 |
|
| ... | ... |
@@ -102,6 +111,14 @@ teardown(void **state) {
|
| 102 | 102 |
return 0; |
| 103 | 103 |
} |
| 104 | 104 |
|
| 105 |
+static void skip_if_tls_crypt_not_supported(struct test_context *ctx) |
|
| 106 |
+{
|
|
| 107 |
+ if (!ctx->kt.cipher || !ctx->kt.digest) |
|
| 108 |
+ {
|
|
| 109 |
+ skip(); |
|
| 110 |
+ } |
|
| 111 |
+} |
|
| 112 |
+ |
|
| 105 | 113 |
/** |
| 106 | 114 |
* Check that short messages are successfully wrapped-and-unwrapped. |
| 107 | 115 |
*/ |
| ... | ... |
@@ -109,6 +126,8 @@ static void |
| 109 | 109 |
tls_crypt_loopback(void **state) {
|
| 110 | 110 |
struct test_context *ctx = (struct test_context *) *state; |
| 111 | 111 |
|
| 112 |
+ skip_if_tls_crypt_not_supported(ctx); |
|
| 113 |
+ |
|
| 112 | 114 |
assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); |
| 113 | 115 |
assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext)); |
| 114 | 116 |
assert_true(tls_crypt_unwrap(&ctx->ciphertext, &ctx->unwrapped, &ctx->co)); |
| ... | ... |
@@ -124,6 +143,8 @@ static void |
| 124 | 124 |
tls_crypt_loopback_zero_len(void **state) {
|
| 125 | 125 |
struct test_context *ctx = (struct test_context *) *state; |
| 126 | 126 |
|
| 127 |
+ skip_if_tls_crypt_not_supported(ctx); |
|
| 128 |
+ |
|
| 127 | 129 |
buf_clear(&ctx->source); |
| 128 | 130 |
|
| 129 | 131 |
assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); |
| ... | ... |
@@ -141,6 +162,8 @@ static void |
| 141 | 141 |
tls_crypt_loopback_max_len(void **state) {
|
| 142 | 142 |
struct test_context *ctx = (struct test_context *) *state; |
| 143 | 143 |
|
| 144 |
+ skip_if_tls_crypt_not_supported(ctx); |
|
| 145 |
+ |
|
| 144 | 146 |
buf_clear(&ctx->source); |
| 145 | 147 |
assert_non_null(buf_write_alloc(&ctx->source, |
| 146 | 148 |
TESTBUF_SIZE - BLEN(&ctx->ciphertext) - tls_crypt_buf_overhead())); |
| ... | ... |
@@ -160,6 +183,8 @@ static void |
| 160 | 160 |
tls_crypt_fail_msg_too_long(void **state) {
|
| 161 | 161 |
struct test_context *ctx = (struct test_context *) *state; |
| 162 | 162 |
|
| 163 |
+ skip_if_tls_crypt_not_supported(ctx); |
|
| 164 |
+ |
|
| 163 | 165 |
buf_clear(&ctx->source); |
| 164 | 166 |
assert_non_null(buf_write_alloc(&ctx->source, |
| 165 | 167 |
TESTBUF_SIZE - BLEN(&ctx->ciphertext) - tls_crypt_buf_overhead() + 1)); |
| ... | ... |
@@ -174,6 +199,8 @@ static void |
| 174 | 174 |
tls_crypt_fail_invalid_key(void **state) {
|
| 175 | 175 |
struct test_context *ctx = (struct test_context *) *state; |
| 176 | 176 |
|
| 177 |
+ skip_if_tls_crypt_not_supported(ctx); |
|
| 178 |
+ |
|
| 177 | 179 |
/* Change decrypt key */ |
| 178 | 180 |
struct key key = { { 1 } };
|
| 179 | 181 |
free_key_ctx(&ctx->co.key_ctx_bi.decrypt); |
| ... | ... |
@@ -191,6 +218,8 @@ static void |
| 191 | 191 |
tls_crypt_fail_replay(void **state) {
|
| 192 | 192 |
struct test_context *ctx = (struct test_context *) *state; |
| 193 | 193 |
|
| 194 |
+ skip_if_tls_crypt_not_supported(ctx); |
|
| 195 |
+ |
|
| 194 | 196 |
assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); |
| 195 | 197 |
assert_true(BLEN(&ctx->source) < BLEN(&ctx->ciphertext)); |
| 196 | 198 |
struct buffer tmp = ctx->ciphertext; |
| ... | ... |
@@ -208,6 +237,8 @@ static void |
| 208 | 208 |
tls_crypt_ignore_replay(void **state) {
|
| 209 | 209 |
struct test_context *ctx = (struct test_context *) *state; |
| 210 | 210 |
|
| 211 |
+ skip_if_tls_crypt_not_supported(ctx); |
|
| 212 |
+ |
|
| 211 | 213 |
ctx->co.flags |= CO_IGNORE_PACKET_ID; |
| 212 | 214 |
|
| 213 | 215 |
assert_true(tls_crypt_wrap(&ctx->source, &ctx->ciphertext, &ctx->co)); |