Extend t_lpback tests to test all ciphers reported by --show-ciphers

... instead of just BF-CBC. Should catch more mistakes.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1402244175-31462-5-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8777
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit b2bff9fa15)

tests/t_lpback.sh

@@ -2,6 +2,7 @@
 #
 # t_lpback.sh - script to test OpenVPN's crypto loopback
 # Copyright (C) 2005  Matthias Andree
+# Copyright (C) 2014  Steffan Karger
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -18,15 +19,36 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 # 02110-1301, USA.
 
-set -e
+set -eu
 top_builddir="${top_builddir:-..}"
 trap "rm -f key.$$ log.$$ ; trap 0 ; exit 77" 1 2 15
 trap "rm -f key.$$ log.$$ ; exit 1" 0 3
+
+# Get list of supported ciphers from openvpn --show-ciphers output
+CIPHERS=$(${top_builddir}/src/openvpn/openvpn --show-ciphers | tail -n+7 | sed 's/ .*//' | sed '/^\s*$/d' | sort)
+
+# SK, 2014-06-04: currently the DES-EDE3-CFB1 implementation of OpenSSL is
+# broken (see http://rt.openssl.org/Ticket/Display.html?id=2867), so exclude
+# that cipher from this test.
+CIPHERS=$(echo "$CIPHERS" | sed '/.*DES-EDE3-CFB1.*/d')
+
 "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$
 set +e
-( "${top_builddir}/src/openvpn/openvpn" --test-crypto --secret key.$$ ) >log.$$ 2>&1
+
-e=$?
+e=0
-if [ $e != 0 ] ; then cat log.$$ ; fi
+for cipher in ${CIPHERS}
+do
+    echo -n "Testing cipher ${cipher}... "
+    ( "${top_builddir}/src/openvpn/openvpn" --test-crypto --secret key.$$ --cipher ${cipher} ) >log.$$ 2>&1
+    if [ $? != 0 ] ; then
+        echo "FAILED"
+        cat log.$$
+        e=1
+    else
+        echo "OK"
+    fi
+done
+
 rm key.$$ log.$$
 trap 0
 exit $e