From bfd036b31f2a47ae40e104b2ea1a0e095900cf52 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Tue, 25 Dec 2018 14:43:56 +0300 Subject: [PATCH] tests: cipher-openssl-compat: don't fail if OpenSSL doesn't provide cipher LibreSSL does not provide ChaCha20-Poly1305 through EVP_CIPHER interface, so let's skip the test if cipher is not available. Signed-off-by: Dmitry Eremin-Solenikov --- tests/slow/cipher-openssl-compat.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/tests/slow/cipher-openssl-compat.c b/tests/slow/cipher-openssl-compat.c index c9b39d026..a4cb3522d 100644 --- a/tests/slow/cipher-openssl-compat.c +++ b/tests/slow/cipher-openssl-compat.c @@ -38,6 +38,19 @@ static int cipher_test(const char *ocipher, gnutls_cipher_algorithm_t gcipher, success("cipher: %s\n", ocipher); + /* decrypt with openssl */ + evp_cipher = EVP_get_cipherbyname(ocipher); + if (!evp_cipher) { + /* XXX: fix version check later when LibreSSL fixes support for aes-ccm and chacha20-poly1305 */ +#ifdef LIBRESSL_VERSION_NUMBER + fprintf(stderr, "EVP_get_cipherbyname failed for %s\n", ocipher); + return -1; +#else + /* OpenSSL should always work! */ + fail("EVP_get_cipherbyname failed for %s\n", ocipher); +#endif + } + for (i = 0; i < 32; i++) { /* try with multiple keys and nonces */ assert(gnutls_rnd (GNUTLS_RND_NONCE, orig_plain_data, @@ -88,11 +101,6 @@ static int cipher_test(const char *ocipher, gnutls_cipher_algorithm_t gcipher, gnutls_aead_cipher_deinit(hd); - /* decrypt with openssl */ - evp_cipher = EVP_get_cipherbyname(ocipher); - if (!evp_cipher) - fail("EVP_get_cipherbyname failed for %s\n", ocipher); - ctx = EVP_CIPHER_CTX_new(); #if OPENSSL_VERSION_NUMBER >= 0x10100000L -- 2.19.2