diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-22 22:50:19 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-24 14:44:08 +0200 |
commit | 6de1fe90860ddfe768864838637f681537f3f108 (patch) | |
tree | eb7dc66acc7eef6124922ad47edfdd168bd1eb19 /test/dhtest.c | |
parent | 8b84b075ff065554c0cdd1086950f1a8614d93a4 (diff) |
Enforce a minimum DH modulus size of 512 bits
[extended tests]
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9437)
Diffstat (limited to 'test/dhtest.c')
-rw-r--r-- | test/dhtest.c | 25 |
1 files changed, 6 insertions, 19 deletions
diff --git a/test/dhtest.c b/test/dhtest.c index f80d5b3f4d..662a4f32eb 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -103,25 +103,12 @@ static int dh_test(void) || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2)) goto err3; - /* now generate a key pair ... */ - if (!DH_generate_key(dh)) + /* now generate a key pair (expect failure since modulus is too small) */ + if (!TEST_false(DH_generate_key(dh))) goto err3; - /* ... and check whether the private key was reused: */ - - /* test it with the combined getter for pub_key and priv_key */ - DH_get0_key(dh, &pub_key2, &priv_key2); - if (!TEST_ptr(pub_key2) - || !TEST_ptr_eq(priv_key2, priv_key)) - goto err3; - - /* test it the simple getters for pub_key and priv_key */ - if (!TEST_ptr_eq(DH_get0_pub_key(dh), pub_key2) - || !TEST_ptr_eq(DH_get0_priv_key(dh), priv_key2)) - goto err3; - - /* check whether the public key was calculated correctly */ - TEST_uint_eq(BN_get_word(pub_key2), 3331L); + /* We'll have a stale error on the queue from the above test so clear it */ + ERR_clear_error(); /* * II) key generation @@ -132,7 +119,7 @@ static int dh_test(void) goto err3; BN_GENCB_set(_cb, &cb, NULL); if (!TEST_ptr(a = DH_new()) - || !TEST_true(DH_generate_parameters_ex(a, 64, + || !TEST_true(DH_generate_parameters_ex(a, 512, DH_GENERATOR_5, _cb))) goto err3; @@ -192,7 +179,7 @@ static int dh_test(void) || !TEST_true((cout = DH_compute_key(cbuf, apub_key, c)) != -1)) goto err3; - if (!TEST_true(aout >= 4) + if (!TEST_true(aout >= 20) || !TEST_mem_eq(abuf, aout, bbuf, bout) || !TEST_mem_eq(abuf, aout, cbuf, cout)) goto err3; |