From: Matt Caswell Date: Wed, 10 Feb 2021 12:29:36 +0000 (+0000) Subject: Fix the dhparam_check test X-Git-Tag: openssl-3.0.0-alpha12~37 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0217e53e33a9561c6d911df9ec7e99195be7de62;p=thirdparty%2Fopenssl.git Fix the dhparam_check test genpkey can sometimes create files that fail "openssl dhparam -check". See issue #14145. We had some instances of such invalid files in the dhparam_check test. Now that "openssl dhparam -check" has been fixed to work the same way as it did in 1.1.1 these tests were failing. We move the invalid files inot the "invalid" directory. A future PR will have to fix genpkey to not generate invalid files. We also remove a "SKIP" block that was skipping tests in a no deprecated build unnecessarily. Nothing being tested is deprecated. Reviewed-by: Paul Dale Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14146) --- diff --git a/test/recipes/20-test_dhparam_check.t b/test/recipes/20-test_dhparam_check.t index 97e1506d8ac..086e9de938d 100644 --- a/test/recipes/20-test_dhparam_check.t +++ b/test/recipes/20-test_dhparam_check.t @@ -28,10 +28,12 @@ TESTDIR=test/recipes/20-test_dhparam_check_data/valid rm -rf $TESTDIR mkdir -p $TESTDIR +#TODO(3.0): These 3 currently create invalid output - see issue #14145 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:1 -out $TESTDIR/dh5114_1.pem ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:2 -out $TESTDIR/dh5114_2.pem ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:3 -out $TESTDIR/dh5114_3.pem +#TODO(3.0): These 4 currently create invalid output - see issue #14145 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:1024 -pkeyopt type:fips186_2 -out $TESTDIR/dh_p1024_t1862.pem ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:2048 -pkeyopt type:fips186_2 -out $TESTDIR/dh_p2048_t1862.pem ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:2048 -pkeyopt type:fips186_4 -out $TESTDIR/dh_p2048_t1864.pem @@ -57,28 +59,17 @@ mkdir -p $TESTDIR =cut my @valid = glob(data_file("valid", "*.pem")); -#my @invalid = glob(data_file("invalid", "*.pem")); +my @invalid = glob(data_file("invalid", "*.pem")); -my $num_tests = scalar @valid;# + scalar @invalid; +my $num_tests = scalar @valid + scalar @invalid; plan tests => 2 * $num_tests; - SKIP: { - skip "Skipping DH tests", $num_tests - if disabled('deprecated-3.0'); - - foreach (@valid) { - ok(run(app([qw{openssl dhparam -noout -check -in}, $_]))); - } - -# foreach (@invalid) { -# ok(!run(app([qw{openssl dhparam -noout -check -in}, $_]))); -# } -} - foreach (@valid) { + ok(run(app([qw{openssl dhparam -noout -check -in}, $_]))); ok(run(app([qw{openssl pkeyparam -noout -check -in}, $_]))); } -#foreach (@invalid) { -# ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_]))); -#} +foreach (@invalid) { + ok(!run(app([qw{openssl dhparam -noout -check -in}, $_]))); + ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_]))); +} diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh5114_1.pem b/test/recipes/20-test_dhparam_check_data/invalid/dh5114_1_pkcs3.pem similarity index 100% rename from test/recipes/20-test_dhparam_check_data/valid/dh5114_1.pem rename to test/recipes/20-test_dhparam_check_data/invalid/dh5114_1_pkcs3.pem diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh5114_2.pem b/test/recipes/20-test_dhparam_check_data/invalid/dh5114_2_pkcs3.pem similarity index 100% rename from test/recipes/20-test_dhparam_check_data/valid/dh5114_2.pem rename to test/recipes/20-test_dhparam_check_data/invalid/dh5114_2_pkcs3.pem diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh5114_3.pem b/test/recipes/20-test_dhparam_check_data/invalid/dh5114_3_pkcs3.pem similarity index 100% rename from test/recipes/20-test_dhparam_check_data/valid/dh5114_3.pem rename to test/recipes/20-test_dhparam_check_data/invalid/dh5114_3_pkcs3.pem diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh_p1024_t1862.pem b/test/recipes/20-test_dhparam_check_data/invalid/dh_p1024_t1862_pkcs3.pem similarity index 100% rename from test/recipes/20-test_dhparam_check_data/valid/dh_p1024_t1862.pem rename to test/recipes/20-test_dhparam_check_data/invalid/dh_p1024_t1862_pkcs3.pem diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh_p2048_t1862.pem b/test/recipes/20-test_dhparam_check_data/invalid/dh_p2048_t1862_pkcs3.pem similarity index 100% rename from test/recipes/20-test_dhparam_check_data/valid/dh_p2048_t1862.pem rename to test/recipes/20-test_dhparam_check_data/invalid/dh_p2048_t1862_pkcs3.pem diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh_p2048_t1864.pem b/test/recipes/20-test_dhparam_check_data/invalid/dh_p2048_t1864_pkcs3.pem similarity index 100% rename from test/recipes/20-test_dhparam_check_data/valid/dh_p2048_t1864.pem rename to test/recipes/20-test_dhparam_check_data/invalid/dh_p2048_t1864_pkcs3.pem diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh_p3072_t1862.pem b/test/recipes/20-test_dhparam_check_data/invalid/dh_p3072_t1862_pkcs3.pem similarity index 100% rename from test/recipes/20-test_dhparam_check_data/valid/dh_p3072_t1862.pem rename to test/recipes/20-test_dhparam_check_data/invalid/dh_p3072_t1862_pkcs3.pem