From bfd036b31f2a47ae40e104b2ea1a0e095900cf52 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Tue, 25 Dec 2018 14:43:56 +0300 Subject: tests: cipher-openssl-compat: don't fail if OpenSSL doesn't provide cipher LibreSSL does not provide ChaCha20-Poly1305 through EVP_CIPHER interface, so let's skip the test if cipher is not available. Signed-off-by: Dmitry Eremin-Solenikov --- tests/slow/cipher-openssl-compat.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/tests/slow/cipher-openssl-compat.c b/tests/slow/cipher-openssl-compat.c index c9b39d0261..a4cb3522df 100644 --- a/tests/slow/cipher-openssl-compat.c +++ b/tests/slow/cipher-openssl-compat.c @@ -38,6 +38,19 @@ static int cipher_test(const char *ocipher, gnutls_cipher_algorithm_t gcipher, success("cipher: %s\n", ocipher); + /* decrypt with openssl */ + evp_cipher = EVP_get_cipherbyname(ocipher); + if (!evp_cipher) { + /* XXX: fix version check later when LibreSSL fixes support for aes-ccm and chacha20-poly1305 */ +#ifdef LIBRESSL_VERSION_NUMBER + fprintf(stderr, "EVP_get_cipherbyname failed for %s\n", ocipher); + return -1; +#else + /* OpenSSL should always work! */ + fail("EVP_get_cipherbyname failed for %s\n", ocipher); +#endif + } + for (i = 0; i < 32; i++) { /* try with multiple keys and nonces */ assert(gnutls_rnd (GNUTLS_RND_NONCE, orig_plain_data, @@ -88,11 +101,6 @@ static int cipher_test(const char *ocipher, gnutls_cipher_algorithm_t gcipher, gnutls_aead_cipher_deinit(hd); - /* decrypt with openssl */ - evp_cipher = EVP_get_cipherbyname(ocipher); - if (!evp_cipher) - fail("EVP_get_cipherbyname failed for %s\n", ocipher); - ctx = EVP_CIPHER_CTX_new(); #if OPENSSL_VERSION_NUMBER >= 0x10100000L -- cgit v1.2.1 From b7fdb4125e4eebc5af2155b6d36cf17339a3abf5 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Tue, 25 Dec 2018 14:44:11 +0300 Subject: tests: cipher-openssl-compat: don't call EVP_CIPHER_CTX_init() There is no need to call EVP_CIPHER_CTX_init() after EVP_CIPHER_CTX_new(). Fixes #658 Signed-off-by: Dmitry Eremin-Solenikov --- tests/slow/cipher-openssl-compat.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/slow/cipher-openssl-compat.c b/tests/slow/cipher-openssl-compat.c index a4cb3522df..64adf25a45 100644 --- a/tests/slow/cipher-openssl-compat.c +++ b/tests/slow/cipher-openssl-compat.c @@ -106,7 +106,6 @@ static int cipher_test(const char *ocipher, gnutls_cipher_algorithm_t gcipher, #if OPENSSL_VERSION_NUMBER >= 0x10100000L if (gcipher == GNUTLS_CIPHER_AES_128_CCM || gcipher == GNUTLS_CIPHER_AES_256_CCM) { - assert(EVP_CIPHER_CTX_init(ctx)==1); assert(EVP_CipherInit_ex(ctx, evp_cipher, 0, 0, 0, 0) > 0); -- cgit v1.2.1