Skip tests not supported by SymCrypt (#164)

* skip tests not supported by SymCrypt

* SymCryptProviderAvailable should always return false in OpenSSL 1

* Update openssl.go

fuller explanation

Co-authored-by: Davis Goodin <dagood@users.noreply.github.com>

---------

Co-authored-by: Martijn Verburg <martijnverburg@gmail.com>
Co-authored-by: Davis Goodin <dagood@users.noreply.github.com>

Author: 3 people

export_test.go

@@ -1,3 +1,12 @@
 package openssl
 
+import "sync"
+
 var ErrOpen = errOpen
+
+var SymCryptProviderAvailable = sync.OnceValue(func() bool {
+	if vMajor == 1 {
+		return false
+	}
+	return isProviderAvailable("symcryptprovider")
+})

openssl.go

@@ -111,6 +111,14 @@ func FIPS() bool {
 	}
 }
 
+// isProviderAvailable checks if the provider with the given name is available.
+// This function is used in export_test.go, but must be defined here as test files can't access C functions.
+func isProviderAvailable(name string) bool {
+	providerName := C.CString(name)
+	defer C.free(unsafe.Pointer(providerName))
+	return C.go_openssl_OSSL_PROVIDER_available(nil, providerName) == 1
+}
+
 // SetFIPS enables or disables FIPS mode.
 //
 // For OpenSSL 3, the `fips` provider is loaded if enabled is true,

rsa_test.go

@@ -81,6 +81,10 @@ func TestEncryptDecryptOAEP_EmptyLabel(t *testing.T) {
 }
 
 func TestEncryptDecryptOAEP_WithMGF1Hash(t *testing.T) {
+	if openssl.SymCryptProviderAvailable() {
+		t.Skip("SymCrypt provider does not support MGF1 hash")
+	}
+
 	sha1 := openssl.NewSHA1()
 	sha256 := openssl.NewSHA256()
 	msg := []byte("hi!")
@@ -148,6 +152,10 @@ func TestSignVerifyPKCS1v15(t *testing.T) {
 }
 
 func TestSignVerifyPKCS1v15_Unhashed(t *testing.T) {
+	if openssl.SymCryptProviderAvailable() {
+		t.Skip("SymCrypt provider does not support unhashed PKCS1v15")
+	}
+
 	msg := []byte("hi!")
 	priv, pub := newRSAKey(t, 2048)
 	signed, err := openssl.SignRSAPKCS1v15(priv, 0, msg)