Commit 25b9d11c authored by Matt Caswell's avatar Matt Caswell
Browse files

Handle inability to create AFALG socket 



Some Linux platforms have a suitably recent kernel to support AFALG, but
apparently you still can't actually create an afalg socket. This extends
the afalg_chk_platform() function to additionally check whether we can
create an AFALG socket. We also amend the afalgtest to not report a
failure to load the engine as a test failure. A failure to load is almost
certainly due to platform environmental issues, and not an OpenSSL problem.

RT 4434

Reviewed-by: default avatarAndy Polyakov <appro@openssl.org>
parent 74726750

engines/afalg/e_afalg.c

+9 −0
Original line number Diff line number Diff line
@@ -731,6 +731,7 @@ static int afalg_chk_platform(void) 
    int ret;

    int i;

    int kver[3] = { -1, -1, -1 };

    int sock;

    char *str;

    struct utsname ut;
@@ -758,6 +759,14 @@ static int afalg_chk_platform(void) 
        return 0;

    }



    /* Test if we can actually create an AF_ALG socket */

    sock = socket(AF_ALG, SOCK_SEQPACKET, 0);

    if (sock == -1) {

        AFALGerr(AFALG_F_AFALG_CHK_PLATFORM, AFALG_R_SOCKET_CREATE_FAILED);

        return 0;

    }

    close(sock);



    return 1;

}

test/afalgtest.c

+7 −2
Original line number Diff line number Diff line
@@ -102,8 +102,13 @@ int main(int argc, char **argv) 


    e = ENGINE_by_id("afalg");

    if (e == NULL) {

        fprintf(stderr, "AFALG Test: Failed to load AFALG Engine\n");

        return 1;

        /*

         * A failure to load is probably a platform environment problem so we

         * don't treat this as an OpenSSL test failure, i.e. we return 0

         */

        fprintf(stderr,

                "AFALG Test: Failed to load AFALG Engine - skipping test\n");

        return 0;

    }



    if (test_afalg_aes_128_cbc(e) == 0) {