From: Tomas Mraz Date: Wed, 13 Apr 2022 10:44:34 +0000 (+0200) Subject: test_pkey_check: Positive testcase for private key with unknown parameters X-Git-Tag: openssl-3.2.0-alpha1~2532 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=08e0aad293f1c283dccf7e9065ec28af5e143304;p=thirdparty%2Fopenssl.git test_pkey_check: Positive testcase for private key with unknown parameters Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/18099) --- diff --git a/test/recipes/91-test_pkey_check.t b/test/recipes/91-test_pkey_check.t index a415fee24a5..354e33575e1 100644 --- a/test/recipes/91-test_pkey_check.t +++ b/test/recipes/91-test_pkey_check.t @@ -14,21 +14,30 @@ use File::Spec; use OpenSSL::Test qw/:DEFAULT data_file/; use OpenSSL::Test::Utils; -sub check_key { +sub pkey_check { my $f = shift; return run(app(['openssl', 'pkey', '-check', '-text', '-in', $f])); } -sub check_key_notok { +sub check_key { my $f = shift; - my $str = "$f should fail validation"; + my $should_fail = shift; + my $str; + + + $str = "$f should fail validation" if $should_fail; + $str = "$f should pass validation" unless $should_fail; $f = data_file($f); if ( -s $f ) { - ok(!check_key($f), $str); + if ($should_fail) { + ok(!pkey_check($f), $str); + } else { + ok(pkey_check($f), $str); + } } else { fail("Missing file $f"); } @@ -36,26 +45,36 @@ sub check_key_notok { setup("test_pkey_check"); -my @tests = (); +my @negative_tests = (); -push(@tests, ( +push(@negative_tests, ( # For EC keys the range for the secret scalar `k` is `1 <= k <= n-1` "ec_p256_bad_0.pem", # `k` set to `n` (equivalent to `0 mod n`, invalid) "ec_p256_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid) )) unless disabled("ec"); -push(@tests, ( +push(@negative_tests, ( # For SM2 keys the range for the secret scalar `k` is `1 <= k < n-1` "sm2_bad_neg1.pem", # `k` set to `n-1` (invalid, because SM2 range) "sm2_bad_0.pem", # `k` set to `n` (equivalent to `0 mod n`, invalid) "sm2_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid) )) unless disabled("sm2"); +my @positive_tests = (); + +push(@positive_tests, ( + "dhpkey.pem" + )) unless disabled("dh"); + plan skip_all => "No tests within the current enabled feature set" - unless @tests; + unless @negative_tests && @positive_tests; -plan tests => scalar(@tests); +plan tests => scalar(@negative_tests) + scalar(@positive_tests); + +foreach my $t (@negative_tests) { + check_key($t, 1); +} -foreach my $t (@tests) { - check_key_notok($t); +foreach my $t (@positive_tests) { + check_key($t, 0); } diff --git a/test/recipes/91-test_pkey_check_data/dhpkey.pem b/test/recipes/91-test_pkey_check_data/dhpkey.pem new file mode 100644 index 00000000000..aa5b8630a75 --- /dev/null +++ b/test/recipes/91-test_pkey_check_data/dhpkey.pem @@ -0,0 +1,14 @@ +-----BEGIN PRIVATE KEY----- +MIICJgIBADCCARcGCSqGSIb3DQEDATCCAQgCggEBAMwWCRizXuSpEcD1rlHABvnQ +NzZarWoOCGfuYe2NzM6b0BiR13l7zrcBocQLE401xxLUn6qkFfFMJOP3x6tbDx7w +1DwsHjplqVSW8sLDipf37940aLjvcjhJ0ZSDOwkpUeO2WSJLZdNSxvygHG5bZ/e1 +V5c5BToWUzHsbx3It4EgddtRfgELgl0K6kY7YsxfeVKc+bNA40elhk8/gGr5xLko +0fUSk4xPIqbHEkKVuusYvaxXrBXUmFdCuY/dokhhrahp3CFSEzxMCKrS75Kq+6Jx +Xc4qJ1QsgHWxwO5C+KPRhWsePJ5zmGI/D++TAXKu70QgcQs8fnM61cXhUylnchsC +AQIEggEEAoIBAGj8dNturd5CiUbDmzc/zMuSW+wIZFtH0XTlhie6Xap8ybXs53Dd +vr2QwKbZpvbwpT+GrQM8K6lTYSW2AqeV29b23KstGGRDxyF9nrTM2a+la+m+YCuy +XG3AeildriXHViJHe9BnpvqsArkv2kIMLsXwsrvJsbUU3ENJUGyTehOglmoiESW1 +kVq3PoYTuls7ynRDnZAcFZidMJmOynU182klgqjxy0Md0X1cX0SXdYVBtai+iwH8 +kNKnbs2nn0Dfprau/OlmLFL4JpiagOWBJCwZafELpXzLor4t0m0t1Mzy/XkxtmKT +e6L4veD6kojaU7H8iCTjA6d7hPBWmXoslZI= +-----END PRIVATE KEY-----