From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 13 Jul 2022 14:04:09 +0000 (+0200)
Subject: Test that we generate a short private key for known DH prime
X-Git-Tag: openssl-3.2.0-alpha1~2371
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2266d1cad008ef03cb0791397b1cca9aaa6a4428;p=thirdparty%2Fopenssl.git

Test that we generate a short private key for known DH prime

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
---

diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c
index bdadc30a7e9..b2ffe1d7928 100644
--- a/test/evp_extra_test2.c
+++ b/test/evp_extra_test2.c
@@ -333,6 +333,10 @@ static int test_dh_tofrom_data_select(void)
     OSSL_PARAM params[2];
     EVP_PKEY *key = NULL;
     EVP_PKEY_CTX *gctx = NULL;
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+    const DH *dhkey;
+    const BIGNUM *privkey;
+# endif
 
     params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0);
     params[1] = OSSL_PARAM_construct_end();
@@ -341,6 +345,12 @@ static int test_dh_tofrom_data_select(void)
           && TEST_true(EVP_PKEY_CTX_set_params(gctx, params))
           && TEST_int_gt(EVP_PKEY_generate(gctx, &key), 0)
           && TEST_true(do_pkey_tofrom_data_select(key, "DHX"));
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+    dhkey = EVP_PKEY_get0_DH(key);
+    ret = ret && TEST_ptr(dhkey);
+    ret = ret && TEST_ptr(privkey = DH_get0_priv_key(dhkey))
+              && TEST_int_le(BN_num_bits(privkey), 225);
+# endif
     EVP_PKEY_free(key);
     EVP_PKEY_CTX_free(gctx);
     return ret;