diff options
author | Nicola Tuveri <nic.tuv@gmail.com> | 2020-11-09 22:34:18 +0200 |
---|---|---|
committer | Nicola Tuveri <nic.tuv@gmail.com> | 2021-01-08 23:50:42 +0200 |
commit | c5bc5ec849273ae0c3f8b32f1d23c33d93be3203 (patch) | |
tree | ae0c7bb13fd19601972d1ec719cf9065852a8535 /test | |
parent | becbacd705170952725571ae4404846b0ecee86a (diff) |
[test] Add `pkey -check` validation tests
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13359)
Diffstat (limited to 'test')
-rw-r--r-- | test/recipes/91-test_pkey_check.t | 54 | ||||
-rw-r--r-- | test/recipes/91-test_pkey_check_data/ec_p256_bad_0.pem | 4 | ||||
-rw-r--r-- | test/recipes/91-test_pkey_check_data/ec_p256_bad_1.pem | 4 |
3 files changed, 62 insertions, 0 deletions
diff --git a/test/recipes/91-test_pkey_check.t b/test/recipes/91-test_pkey_check.t new file mode 100644 index 0000000000..f06f3bd22a --- /dev/null +++ b/test/recipes/91-test_pkey_check.t @@ -0,0 +1,54 @@ +#! /usr/bin/env perl +# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw/:DEFAULT data_file/; +use OpenSSL::Test::Utils; + +sub check_key { + my $f = shift; + + return run(app(['openssl', 'pkey', '-check', '-text', + '-in', $f])); +} + +sub check_key_notok { + my $f = shift; + my $str = "$f should fail validation"; + + $f = data_file($f); + + if ( -s $f ) { + ok(!check_key($f), $str); + } else { + fail("Missing file $f"); + } +} + +setup("test_pkey_check"); + +my @tests = (); + +push(@tests, ( + # For EC keys the range for the secret scalar `k` is `1 <= k <= n-1` + "ec_p256_bad_0.pem", # `k` set to `n` (equivalent to `0 mod n`, invalid) + "ec_p256_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid) + )) unless disabled("ec"); + +plan skip_all => "No tests within the current enabled feature set" + unless @tests; + +plan tests => scalar(@tests); + +foreach my $t (@tests) { + check_key_notok($t); +} diff --git a/test/recipes/91-test_pkey_check_data/ec_p256_bad_0.pem b/test/recipes/91-test_pkey_check_data/ec_p256_bad_0.pem new file mode 100644 index 0000000000..64c273901f --- /dev/null +++ b/test/recipes/91-test_pkey_check_data/ec_p256_bad_0.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCD/////AAAAAP////// +////vOb6racXnoTzucrC/GMlUQ== +-----END PRIVATE KEY----- diff --git a/test/recipes/91-test_pkey_check_data/ec_p256_bad_1.pem b/test/recipes/91-test_pkey_check_data/ec_p256_bad_1.pem new file mode 100644 index 0000000000..5171958a27 --- /dev/null +++ b/test/recipes/91-test_pkey_check_data/ec_p256_bad_1.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCD/////AAAAAP////// +////vOb6racXnoTzucrC/GMlUg== +-----END PRIVATE KEY----- |