diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2021-02-17 13:13:51 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2021-02-19 19:25:24 +1000 |
commit | eabb3014165a1319ceb8a69cc135feb99f288293 (patch) | |
tree | 45827f8e564e26cfa4d4d799078260ec439748d7 /test | |
parent | 576892d78f80cf9a169e7f766319c843e430f378 (diff) |
Fix DH ASN1 decode so that it detects named groups.
The dh->nid was not being set if the loaded p,g matched an inbuilt named
group for "DH".
NOTE: The "DHX" related path already worked since it calls DH_set0_pqg()
(which does the name group check).
This bug was detected when new tests were added for dh5114 groups, combined
with the no-cache tests i.e. loading+import+export set the nid,
but just loading did not.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14207)
Diffstat (limited to 'test')
-rw-r--r-- | test/recipes/20-test_dhparam_check.t | 24 | ||||
-rw-r--r-- | test/recipes/20-test_dhparam_check_data/valid/dh_ffdhe2048.pem | 8 | ||||
-rw-r--r-- | test/recipes/20-test_dhparam_check_data/valid/dhx_ffdhe2048.pem | 13 |
3 files changed, 44 insertions, 1 deletions
diff --git a/test/recipes/20-test_dhparam_check.t b/test/recipes/20-test_dhparam_check.t index 2f1dec1f10..f3882ad2b3 100644 --- a/test/recipes/20-test_dhparam_check.t +++ b/test/recipes/20-test_dhparam_check.t @@ -56,13 +56,17 @@ mkdir -p $TESTDIR ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:224 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q224_t1862.pem ./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt pbits:3072 -pkeyopt qbits:256 -pkeyopt type:fips186_2 -out $TESTDIR/dhx_p3072_q256_t1862.pem +./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt group:ffdhe2048 -out $TESTDIR/dh_ffdhe2048.pem +./util/opensslwrap.sh genpkey -genparam -algorithm DHX -pkeyopt group:ffdhe2048 -out $TESTDIR/dhx_ffdhe2048.pem + + =cut my @valid = glob(data_file("valid", "*.pem")); my @invalid = glob(data_file("invalid", "*.pem")); my $num_tests = scalar @valid + scalar @invalid; -plan tests => 2 * $num_tests; +plan tests => 2 + 2 * $num_tests; foreach (@valid) { ok(run(app([qw{openssl dhparam -noout -check -in}, $_]))); @@ -73,3 +77,21 @@ foreach (@invalid) { ok(!run(app([qw{openssl dhparam -noout -check -in}, $_]))); ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_]))); } + +my $tmpfile = 'out.txt'; + +sub contains { + my $expected = shift; + my $found = 0; + open(my $in, '<', $tmpfile) or die "Could not open file $tmpfile"; + while(<$in>) { + $found = 1 if m/$expected/; # output must include $expected + } + close $in; + return $found; +} + +# Check that if we load dh params with only a 'p' and 'g' that it detects +# that this is actually a valid named group. +ok(run(app([qw{openssl pkeyparam -text -in}, data_file("valid/dh_ffdhe2048.pem")], stdout => $tmpfile))); +ok(contains("ffdhe2048")) diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh_ffdhe2048.pem b/test/recipes/20-test_dhparam_check_data/valid/dh_ffdhe2048.pem new file mode 100644 index 0000000000..24260bf846 --- /dev/null +++ b/test/recipes/20-test_dhparam_check_data/valid/dh_ffdhe2048.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBDAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz ++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a +87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 +YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi +7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD +ssbzSibBsu/6iGtCOGEoXJf//////////wIBAgICB/8= +-----END DH PARAMETERS----- diff --git a/test/recipes/20-test_dhparam_check_data/valid/dhx_ffdhe2048.pem b/test/recipes/20-test_dhparam_check_data/valid/dhx_ffdhe2048.pem new file mode 100644 index 0000000000..5a30fa003d --- /dev/null +++ b/test/recipes/20-test_dhparam_check_data/valid/dhx_ffdhe2048.pem @@ -0,0 +1,13 @@ +-----BEGIN X9.42 DH PARAMETERS----- +MIICDAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz ++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a +87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 +YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi +7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD +ssbzSibBsu/6iGtCOGEoXJf//////////wIBAgKCAQB//////////9b8KixRXaVN +V+4rEBOennjsXOLB5xabStTwmyCKMhn95knO5xJNn3y+l/GxsYY67HtA2QFXYjC9 +ae+Paur+srCSGfqPr4M3aEKxsqqe9o152quJrz+r5JrMJ4Y4cHNFu/FTRO159/Q5 +DvisUJtW85qYVmUnpB08vV4FWMFZkn2w6IRUpdlkcf3ctW1bsGv6NA6noVHvHKb6 +Vyt287G5XYyFg9PkdwU2uE8BfnDm+/F2YBoCZpQaF7DIuX9OdMLB/8cniRl3eUDB +4f8djaY31rmd2v5eF2EQAuLHeMG+i0HZY3mlE2DZd/1ENaEcMJQuS/////////// +-----END X9.42 DH PARAMETERS----- |