Hi,
On 12-08-17 06:36, Antonio Quartulli wrote:
> On 25/07/17 22:33, Steffan Karger wrote:
>> @@ -60,23 +60,9 @@ setup(void **state) {
>> struct test_context *ctx = calloc(1, sizeof(*ctx));
>> *state = ctx;
>>
>> - ctx->kt.cipher = cipher_kt_get("AES-256-CTR");
>> - ctx->kt.digest = md_kt_get("SHA256");
>> - if (!ctx->kt.cipher)
>> - {
>> - printf("No AES-256-CTR support, skipping test.\n");
>> - return 0;
>> - }
>> - if (!ctx->kt.digest)
>> - {
>> - printf("No HMAC-SHA256 support, skipping test.\n");
>> - return 0;
>> - }
>> - ctx->kt.cipher_length = cipher_kt_key_size(ctx->kt.cipher);
>> - ctx->kt.hmac_length = md_kt_size(ctx->kt.digest);
>> -
>> struct key key = { 0 };
>>
>> + ctx->kt = tls_crypt_kt();
>
> Now we don't have the NULL checks on ctx->kt.digest and ctx->kt.cipher
> anymore.
> I understand this there is no variable involved as we statically search
> for "AES-256-CTR" and "SHA256", however, shouldn't we at least assert
> for them being not NULL ? Somebody may mess up the main code and the
> unitest should properly detect the wrong condition instead of segfaulting.Actually, we do, because tls_crypt_kt() exits through msg(M_FATAL, ...) if kt.cipher or kt.cipher is NULL. But thanks to this remark, I realized that this will again break the unit tests on platform without AES-256-CTR or HMAC-SHA256 (like SLES11). So I'll send a v2 with improved error handling shortly. -Steffan
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
