Handle inability to create AFALG socket

Some Linux platforms have a suitably recent kernel to support AFALG, but
apparently you still can't actually create an afalg socket. This extends
the afalg_chk_platform() function to additionally check whether we can
create an AFALG socket. We also amend the afalgtest to not report a
failure to load the engine as a test failure. A failure to load is almost
certainly due to platform environmental issues, and not an OpenSSL problem.

RT 4434

Reviewed-by: Andy Polyakov <appro@openssl.org>
This commit is contained in:
Matt Caswell 2016-06-01 23:15:12 +01:00
parent 74726750ef
commit 25b9d11c00
2 changed files with 16 additions and 2 deletions

View File

@ -731,6 +731,7 @@ static int afalg_chk_platform(void)
int ret; int ret;
int i; int i;
int kver[3] = { -1, -1, -1 }; int kver[3] = { -1, -1, -1 };
int sock;
char *str; char *str;
struct utsname ut; struct utsname ut;
@ -758,6 +759,14 @@ static int afalg_chk_platform(void)
return 0; return 0;
} }
/* Test if we can actually create an AF_ALG socket */
sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
if (sock == -1) {
AFALGerr(AFALG_F_AFALG_CHK_PLATFORM, AFALG_R_SOCKET_CREATE_FAILED);
return 0;
}
close(sock);
return 1; return 1;
} }

View File

@ -102,8 +102,13 @@ int main(int argc, char **argv)
e = ENGINE_by_id("afalg"); e = ENGINE_by_id("afalg");
if (e == NULL) { if (e == NULL) {
fprintf(stderr, "AFALG Test: Failed to load AFALG Engine\n"); /*
return 1; * A failure to load is probably a platform environment problem so we
* don't treat this as an OpenSSL test failure, i.e. we return 0
*/
fprintf(stderr,
"AFALG Test: Failed to load AFALG Engine - skipping test\n");
return 0;
} }
if (test_afalg_aes_128_cbc(e) == 0) { if (test_afalg_aes_128_cbc(e) == 0) {