test_pkey_check: Positive testcase for private key with unknown parameters

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18099)

diff --git a/test/recipes/91-test_pkey_check.t b/test/recipes/91-test_pkey_check.t
index a415fee24a5c5711ac460e1c80adaa2f086554ab..354e33575e1a7284aef773705554477ad959c08d 100644 (file)
--- a/test/recipes/91-test_pkey_check.t
+++ b/test/recipes/91-test_pkey_check.t
@@ -14,21 +14,30 @@ use File::Spec;
 use OpenSSL::Test qw/:DEFAULT data_file/;
 use OpenSSL::Test::Utils;
 
-sub check_key {
+sub pkey_check {
     my $f = shift;
 
     return run(app(['openssl', 'pkey', '-check', '-text',
                     '-in', $f]));
 }
 
-sub check_key_notok {
+sub check_key {
     my $f = shift;
-    my $str = "$f should fail validation";
+    my $should_fail = shift;
+    my $str;
+
+
+    $str = "$f should fail validation" if $should_fail;
+    $str = "$f should pass validation" unless $should_fail;
 
     $f = data_file($f);
 
     if ( -s $f ) {
-        ok(!check_key($f), $str);
+        if ($should_fail) {
+            ok(!pkey_check($f), $str);
+        } else {
+            ok(pkey_check($f), $str);
+        }
     } else {
         fail("Missing file $f");
     }
@@ -36,26 +45,36 @@ sub check_key_notok {
 
 setup("test_pkey_check");
 
-my @tests = ();
+my @negative_tests = ();
 
-push(@tests, (
+push(@negative_tests, (
     # For EC keys the range for the secret scalar `k` is `1 <= k <= n-1`
     "ec_p256_bad_0.pem", # `k` set to `n` (equivalent to `0 mod n`, invalid)
     "ec_p256_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid)
     )) unless disabled("ec");
 
-push(@tests, (
+push(@negative_tests, (
     # For SM2 keys the range for the secret scalar `k` is `1 <= k < n-1`
     "sm2_bad_neg1.pem", # `k` set to `n-1` (invalid, because SM2 range)
     "sm2_bad_0.pem", # `k` set to `n` (equivalent to `0 mod n`, invalid)
     "sm2_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid)
     )) unless disabled("sm2");
 
+my @positive_tests = ();
+
+push(@positive_tests, (
+    "dhpkey.pem"
+    )) unless disabled("dh");
+
 plan skip_all => "No tests within the current enabled feature set"
-    unless @tests;
+    unless @negative_tests && @positive_tests;
 
-plan tests => scalar(@tests);
+plan tests => scalar(@negative_tests) + scalar(@positive_tests);
+
+foreach my $t (@negative_tests) {
+    check_key($t, 1);
+}
 
-foreach my $t (@tests) {
-    check_key_notok($t);
+foreach my $t (@positive_tests) {
+    check_key($t, 0);
 }

diff --git a/test/recipes/91-test_pkey_check_data/dhpkey.pem b/test/recipes/91-test_pkey_check_data/dhpkey.pem
new file mode 100644 (file)
index 0000000..aa5b863
--- /dev/null
+++ b/test/recipes/91-test_pkey_check_data/dhpkey.pem
@@ -0,0 +1,14 @@
+-----BEGIN PRIVATE KEY-----
+MIICJgIBADCCARcGCSqGSIb3DQEDATCCAQgCggEBAMwWCRizXuSpEcD1rlHABvnQ
+NzZarWoOCGfuYe2NzM6b0BiR13l7zrcBocQLE401xxLUn6qkFfFMJOP3x6tbDx7w
+1DwsHjplqVSW8sLDipf37940aLjvcjhJ0ZSDOwkpUeO2WSJLZdNSxvygHG5bZ/e1
+V5c5BToWUzHsbx3It4EgddtRfgELgl0K6kY7YsxfeVKc+bNA40elhk8/gGr5xLko
+0fUSk4xPIqbHEkKVuusYvaxXrBXUmFdCuY/dokhhrahp3CFSEzxMCKrS75Kq+6Jx
+Xc4qJ1QsgHWxwO5C+KPRhWsePJ5zmGI/D++TAXKu70QgcQs8fnM61cXhUylnchsC
+AQIEggEEAoIBAGj8dNturd5CiUbDmzc/zMuSW+wIZFtH0XTlhie6Xap8ybXs53Dd
+vr2QwKbZpvbwpT+GrQM8K6lTYSW2AqeV29b23KstGGRDxyF9nrTM2a+la+m+YCuy
+XG3AeildriXHViJHe9BnpvqsArkv2kIMLsXwsrvJsbUU3ENJUGyTehOglmoiESW1
+kVq3PoYTuls7ynRDnZAcFZidMJmOynU182klgqjxy0Md0X1cX0SXdYVBtai+iwH8
+kNKnbs2nn0Dfprau/OlmLFL4JpiagOWBJCwZafELpXzLor4t0m0t1Mzy/XkxtmKT
+e6L4veD6kojaU7H8iCTjA6d7hPBWmXoslZI=
+-----END PRIVATE KEY-----