From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 10 Jun 2022 08:06:24 +0000 (+0200)
Subject: dhparam_test: Test that we add private key length on generation and print it
X-Git-Tag: openssl-3.2.0-alpha1~2373
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2b11a8ecc8ed1355b99a6d88b8e7e7a75a67bd0a;p=thirdparty%2Fopenssl.git

dhparam_test: Test that we add private key length on generation and print it

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18480)
---

diff --git a/test/recipes/20-test_dhparam.t b/test/recipes/20-test_dhparam.t
index 78a63508b3f..9688b10dbbc 100644
--- a/test/recipes/20-test_dhparam.t
+++ b/test/recipes/20-test_dhparam.t
@@ -27,6 +27,7 @@ sub checkdhparams {
     my $gen = shift; #2, 5 or something else (0 is "something else")?
     my $format = shift; #DER or PEM?
     my $bits = shift; #Number of bits in p
+    my $keybits = shift; #Recommended private key bits
     my $pemtype;
     my $readtype;
     my $readbits = 0;
@@ -82,6 +83,13 @@ sub checkdhparams {
 
     ok((grep { (index($_, $genline) + length ($genline)) == length ($_)} @textdata),
        "Checking generator is correct");
+
+    if ($keybits) {
+        my $keybits_line = "recommended-private-length: $keybits bits";
+        ok((grep { (index($_, $keybits_line) + length($keybits_line))
+                   == length($_) } @textdata),
+           "Checking recommended private key bits is correct");
+    }
 }
 
 #Test some "known good" parameter files to check that we can read them
@@ -120,28 +128,28 @@ subtest "Read: 1024 bit X9.42 params, DER file" => sub {
 #Test that generating parameters of different types creates what we expect. We
 #use 512 for the size for speed reasons. Don't use this in real applications!
 subtest "Generate: 512 bit PKCS3 params, generator 2, PEM file" => sub {
-    plan tests => 5;
+    plan tests => 6;
     ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-2-512.pem',
                  '512' ])));
-    checkdhparams("gen-pkcs3-2-512.pem", "PKCS3", 2, "PEM", 512);
+    checkdhparams("gen-pkcs3-2-512.pem", "PKCS3", 2, "PEM", 512, 125);
 };
 subtest "Generate: 512 bit PKCS3 params, explicit generator 2, PEM file" => sub {
-    plan tests => 5;
+    plan tests => 6;
     ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-exp2-512.pem', '-2',
                  '512' ])));
-    checkdhparams("gen-pkcs3-exp2-512.pem", "PKCS3", 2, "PEM", 512);
+    checkdhparams("gen-pkcs3-exp2-512.pem", "PKCS3", 2, "PEM", 512, 125);
 };
 subtest "Generate: 512 bit PKCS3 params, generator 5, PEM file" => sub {
-    plan tests => 5;
+    plan tests => 6;
     ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-5-512.pem', '-5',
                  '512' ])));
-    checkdhparams("gen-pkcs3-5-512.pem", "PKCS3", 5, "PEM", 512);
+    checkdhparams("gen-pkcs3-5-512.pem", "PKCS3", 5, "PEM", 512, 125);
 };
 subtest "Generate: 512 bit PKCS3 params, generator 2, explicit PEM file" => sub {
-    plan tests => 5;
+    plan tests => 6;
     ok(run(app([ 'openssl', 'dhparam', '-out', 'gen-pkcs3-2-512.exp.pem',
                  '-outform', 'PEM', '512' ])));
-    checkdhparams("gen-pkcs3-2-512.exp.pem", "PKCS3", 2, "PEM", 512);
+    checkdhparams("gen-pkcs3-2-512.exp.pem", "PKCS3", 2, "PEM", 512, 125);
 };
 SKIP: {
     skip "Skipping tests that require DSA", 4 if disabled("dsa");