[Openvpn-devel,v3,13/21,OSSL,3.0] Remove dependency on BF-CBC existance from test_ncp

Message ID 20211019183127.614175-14-arne@rfc2549.org
State Accepted
Headers show
Series
  • OpenSSL 3.0 improvements for OpenVPN
Related show

Commit Message

Arne Schwabe Oct. 19, 2021, 6:31 p.m.
The test_check_ncp_ciphers_list test assumed that BF-CBC is always
available, which is no longer the case with OpenSSL 3.0. Rewrite the
test to not rely on BF-CBC to be available.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 tests/unit_tests/openvpn/test_ncp.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

Comments

Maximilian Fillinger Oct. 26, 2021, 12:21 p.m. | #1
On 19/10/2021 20:31, Arne Schwabe wrote:
> The test_check_ncp_ciphers_list test assumed that BF-CBC is always
> available, which is no longer the case with OpenSSL 3.0. Rewrite the
> test to not rely on BF-CBC to be available.

Unit tests are working now. I've got some style nitpicks that I think 
can be fixed during commit:

>       bool have_chacha = cipher_kt_get("CHACHA20-POLY1305");
> +    bool have_blowfish= cipher_kt_get("BF-CBC");

Add space before =


> -    if (have_chacha)
> +    if(have_chacha)
> +    {
> +        assert_string_equal(mutate_ncp_cipher_list(aes_chacha, &gc), aes_chacha);
> +    }

Add space before (

Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Gert Doering Nov. 1, 2021, 8:10 p.m. | #2
I can confirm that this fixes ncp_testdriver for 3.0.0 builds,
which is what it says :-) (and 1.1.1 builds still succeed).

Took me a bit to understand the new if/else clauses, but after a while
it started making sense :-)

Your patch has been applied to the master branch.

commit c07f95f3cacdf7c877762db8d1a3f7cf0a4a4675
Author: Arne Schwabe
Date:   Tue Oct 19 20:31:19 2021 +0200

     Remove dependency on BF-CBC existance from test_ncp

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
     Message-Id: <20211019183127.614175-14-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23003.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/tests/unit_tests/openvpn/test_ncp.c b/tests/unit_tests/openvpn/test_ncp.c
index 613b5f1ba..a77afde17 100644
--- a/tests/unit_tests/openvpn/test_ncp.c
+++ b/tests/unit_tests/openvpn/test_ncp.c
@@ -41,6 +41,7 @@ 
 /* Defines for use in the tests and the mock parse_line() */
 
 const char *bf_chacha = "BF-CBC:CHACHA20-POLY1305";
+const char *aes_chacha = "AES-128-CBC:CHACHA20-POLY1305";
 const char *aes_ciphers = "AES-256-GCM:AES-128-GCM";
 
 
@@ -59,6 +60,7 @@  test_check_ncp_ciphers_list(void **state)
 {
     struct gc_arena gc = gc_new();
     bool have_chacha = cipher_kt_get("CHACHA20-POLY1305");
+    bool have_blowfish= cipher_kt_get("BF-CBC");
 
     assert_string_equal(mutate_ncp_cipher_list("none", &gc), "none");
     assert_string_equal(mutate_ncp_cipher_list("AES-256-GCM:none", &gc),
@@ -66,7 +68,12 @@  test_check_ncp_ciphers_list(void **state)
 
     assert_string_equal(mutate_ncp_cipher_list(aes_ciphers, &gc), aes_ciphers);
 
-    if (have_chacha)
+    if(have_chacha)
+    {
+        assert_string_equal(mutate_ncp_cipher_list(aes_chacha, &gc), aes_chacha);
+    }
+
+    if (have_chacha && have_blowfish)
     {
         assert_string_equal(mutate_ncp_cipher_list(bf_chacha, &gc), bf_chacha);
         assert_string_equal(mutate_ncp_cipher_list("BF-CBC:CHACHA20-POLY1305", &gc),
@@ -82,8 +89,8 @@  test_check_ncp_ciphers_list(void **state)
     bool have_chacha_mixed_case = cipher_kt_get("ChaCha20-Poly1305");
     if (have_chacha_mixed_case)
     {
-        assert_string_equal(mutate_ncp_cipher_list("BF-CBC:ChaCha20-Poly1305", &gc),
-                            bf_chacha);
+        assert_string_equal(mutate_ncp_cipher_list("AES-128-CBC:ChaCha20-Poly1305", &gc),
+                            aes_chacha);
     }
 
     assert_ptr_equal(mutate_ncp_cipher_list("vollbit", &gc), NULL);