Fix the dhparam_check test

genpkey can sometimes create files that fail "openssl dhparam -check". See issue #14145. We had some instances of such invalid files in the dhparam_check test. Now that "openssl dhparam -check" has been fixed to work the same way as it did in 1.1.1 these tests were failing. We move the invalid files inot the "invalid" directory. A future PR will have to fix genpkey to not generate invalid files. We also remove a "SKIP" block that was skipping tests in a no deprecated build unnecessarily. Nothing being tested is deprecated. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14146)
2025-02-05 14:10:53 +08:00 · 2021-02-10 12:29:36 +00:00 · 2021-02-10 12:29:36 +00:00 · 0217e53e33
commit 0217e53e33
parent 899e25643d
8 changed files with 9 additions and 18 deletions
--- a/test/recipes/20-test_dhparam_check.t
+++ b/test/recipes/20-test_dhparam_check.t
@ -28,10 +28,12 @@ TESTDIR=test/recipes/20-test_dhparam_check_data/valid
 rm -rf $TESTDIR
 mkdir -p $TESTDIR

+#TODO(3.0): These 3 currently create invalid output - see issue #14145
 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:1 -out $TESTDIR/dh5114_1.pem
 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:2 -out $TESTDIR/dh5114_2.pem
 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:3 -out $TESTDIR/dh5114_3.pem

+#TODO(3.0): These 4 currently create invalid output - see issue #14145
 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:1024 -pkeyopt type:fips186_2 -out $TESTDIR/dh_p1024_t1862.pem
 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:2048 -pkeyopt type:fips186_2 -out $TESTDIR/dh_p2048_t1862.pem
 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:2048 -pkeyopt type:fips186_4 -out $TESTDIR/dh_p2048_t1864.pem
@ -57,28 +59,17 @@ mkdir -p $TESTDIR
 =cut

 my @valid = glob(data_file("valid", "*.pem"));
-#my @invalid = glob(data_file("invalid", "*.pem"));
+my @invalid = glob(data_file("invalid", "*.pem"));

-my $num_tests = scalar @valid;# + scalar @invalid;
+my $num_tests = scalar @valid + scalar @invalid;
 plan tests => 2 * $num_tests;

- SKIP: {
-    skip "Skipping DH tests", $num_tests
-        if disabled('deprecated-3.0');
-
-    foreach (@valid) {
-        ok(run(app([qw{openssl dhparam -noout -check -in}, $_])));
-    }
-
-#    foreach (@invalid) {
-#        ok(!run(app([qw{openssl dhparam -noout -check -in}, $_])));
-#    }
-}
-
 foreach (@valid) {
+    ok(run(app([qw{openssl dhparam -noout -check -in}, $_])));
    ok(run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
 }

-#foreach (@invalid) {
-#    ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
-#}
+foreach (@invalid) {
+    ok(!run(app([qw{openssl dhparam -noout -check -in}, $_])));
+    ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
+}
--- a/test/recipes/20-test_dhparam_check_data/invalid/dh5114_1_pkcs3.pem
+++ b/test/recipes/20-test_dhparam_check_data/invalid/dh5114_1_pkcs3.pem
--- a/test/recipes/20-test_dhparam_check_data/invalid/dh5114_2_pkcs3.pem
+++ b/test/recipes/20-test_dhparam_check_data/invalid/dh5114_2_pkcs3.pem
--- a/test/recipes/20-test_dhparam_check_data/invalid/dh5114_3_pkcs3.pem
+++ b/test/recipes/20-test_dhparam_check_data/invalid/dh5114_3_pkcs3.pem
--- a/test/recipes/20-test_dhparam_check_data/invalid/dh_p1024_t1862_pkcs3.pem
+++ b/test/recipes/20-test_dhparam_check_data/invalid/dh_p1024_t1862_pkcs3.pem
--- a/test/recipes/20-test_dhparam_check_data/invalid/dh_p2048_t1862_pkcs3.pem
+++ b/test/recipes/20-test_dhparam_check_data/invalid/dh_p2048_t1862_pkcs3.pem
--- a/test/recipes/20-test_dhparam_check_data/invalid/dh_p2048_t1864_pkcs3.pem
+++ b/test/recipes/20-test_dhparam_check_data/invalid/dh_p2048_t1864_pkcs3.pem
--- a/test/recipes/20-test_dhparam_check_data/invalid/dh_p3072_t1862_pkcs3.pem
+++ b/test/recipes/20-test_dhparam_check_data/invalid/dh_p3072_t1862_pkcs3.pem