From 6f11aaffb420bbf58f631cb4a210e7fdc9a218c7 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 17 Jan 2020 21:34:45 +0100 Subject: gnutls-cli-debug: ignore tests when algorithms are unavailable When gnutls-cli-debug is run on systems where a particular algorithm is disabled, ensure that we don't stop the testing; in that case we ignore the test. Signed-off-by: Nikos Mavrogiannopoulos --- src/tests.c | 15 +++++++++++++-- tests/gnutls-cli-debug.sh | 30 ++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 2 deletions(-) diff --git a/src/tests.c b/src/tests.c index 9b608119f5..82474b0995 100644 --- a/src/tests.c +++ b/src/tests.c @@ -134,20 +134,31 @@ char prio_str[768] = ""; #define INIT_STR "NONE:" char rest[384] = "%UNSAFE_RENEGOTIATION:+SIGN-ALL:+GROUP-ALL" GOST_REST; -#define _gnutls_priority_set_direct(s, str) __gnutls_priority_set_direct(s, str, __LINE__) +#define _gnutls_priority_set_direct(s, str) { \ + int _ret; \ + if ((_ret=__gnutls_priority_set_direct(s, str, __LINE__)) != TEST_SUCCEED) { \ + return _ret; \ + } \ + } -static inline void +static inline int __gnutls_priority_set_direct(gnutls_session_t session, const char *str, int line) { const char *err; int ret = gnutls_priority_set_direct(session, str, &err); if (ret < 0) { + /* this can happen when some cipher is disabled system-wide */ + if (ret == GNUTLS_E_NO_PRIORITIES_WERE_SET) + return TEST_IGNORE; + fprintf(stderr, "Error at %d with string %s\n", line, str); fprintf(stderr, "Error at %s: %s\n", err, gnutls_strerror(ret)); exit(1); } + + return TEST_SUCCEED; } test_code_t test_server(gnutls_session_t session) diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh index 51f77bb565..0ab6069b8f 100755 --- a/tests/gnutls-cli-debug.sh +++ b/tests/gnutls-cli-debug.sh @@ -24,6 +24,7 @@ srcdir="${srcdir:-.}" SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" DCLI="${DCLI:-../src/gnutls-cli-debug${EXEEXT}}" OUTFILE=cli-debug.$$.tmp +TMPFILE=config.$$.tmp unset RETCODE if ! test -x "${SERV}"; then @@ -169,7 +170,36 @@ check_text "whether the server accepts default record size (512 bytes)... no" check_text "whether %ALLOW_SMALL_RECORDS is required... yes" check_text "for RSA key exchange support... no" +echo "" +echo "Checking output of gnutls-cli-debug when algorithms are disabled" +eval "${GETPORT}" +launch_server $$ --echo --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" --x509keyfile ${KEY1} --x509certfile ${CERT1} \ + --x509keyfile ${KEY2} --x509certfile ${CERT2} --x509keyfile ${KEY3} --x509certfile ${CERT3} >/dev/null 2>&1 +PID=$! +wait_server ${PID} + +cat <<_EOF_ > ${TMPFILE} +[overrides] + +tls-disabled-cipher = CAMELLIA-128-CBC +tls-disabled-cipher = CAMELLIA-256-CBC +_EOF_ +export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" + +timeout 1800 datefudge "2017-08-9" \ +"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!" + +unset GNUTLS_SYSTEM_PRIORITY_FILE + +kill ${PID} +wait + +check_text "for AES-GCM cipher (RFC5288) support... yes" +check_text "for RSA key exchange support... yes" +check_text "for SHA1 MAC support... yes" + rm -f ${OUTFILE} +rm -f ${TMPFILE} if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != 1 ; then # GOST_CNT test -- cgit v1.2.1