Fix the dhparam_check test

genpkey can sometimes create files that fail "openssl dhparam -check". See
issue #14145. We had some instances of such invalid files in the
dhparam_check test. Now that "openssl dhparam -check" has been fixed to
work the same way as it did in 1.1.1 these tests were failing. We move the
invalid files inot the "invalid" directory. A future PR will have to fix
genpkey to not generate invalid files.

We also remove a "SKIP" block that was skipping tests in a no deprecated
build unnecessarily. Nothing being tested is deprecated.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)

diff --git a/test/recipes/20-test_dhparam_check.t b/test/recipes/20-test_dhparam_check.t
index 97e1506d8ac23228fbf111c167fd595e1607d832..086e9de938d696380d92fa66716c8e3c1c495ac7 100644 (file)
--- a/test/recipes/20-test_dhparam_check.t
+++ b/test/recipes/20-test_dhparam_check.t
@@ -28,10 +28,12 @@ TESTDIR=test/recipes/20-test_dhparam_check_data/valid
 rm -rf $TESTDIR
 mkdir -p $TESTDIR
 
+#TODO(3.0): These 3 currently create invalid output - see issue #14145
 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:1 -out $TESTDIR/dh5114_1.pem
 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:2 -out $TESTDIR/dh5114_2.pem
 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt dh_rfc5114:3 -out $TESTDIR/dh5114_3.pem
 
+#TODO(3.0): These 4 currently create invalid output - see issue #14145
 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:1024 -pkeyopt type:fips186_2 -out $TESTDIR/dh_p1024_t1862.pem
 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:2048 -pkeyopt type:fips186_2 -out $TESTDIR/dh_p2048_t1862.pem
 ./util/opensslwrap.sh genpkey -genparam -algorithm DH -pkeyopt pbits:2048 -pkeyopt type:fips186_4 -out $TESTDIR/dh_p2048_t1864.pem
@@ -57,28 +59,17 @@ mkdir -p $TESTDIR
 =cut
 
 my @valid = glob(data_file("valid", "*.pem"));
-#my @invalid = glob(data_file("invalid", "*.pem"));
+my @invalid = glob(data_file("invalid", "*.pem"));
 
-my $num_tests = scalar @valid;# + scalar @invalid;
+my $num_tests = scalar @valid + scalar @invalid;
 plan tests => 2 * $num_tests;
 
- SKIP: {
-    skip "Skipping DH tests", $num_tests
-        if disabled('deprecated-3.0');
-
-    foreach (@valid) {
-        ok(run(app([qw{openssl dhparam -noout -check -in}, $_])));
-    }
-
-#    foreach (@invalid) {
-#        ok(!run(app([qw{openssl dhparam -noout -check -in}, $_])));
-#    }
-}
-
 foreach (@valid) {
+    ok(run(app([qw{openssl dhparam -noout -check -in}, $_])));
     ok(run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
 }
 
-#foreach (@invalid) {
-#    ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
-#}
+foreach (@invalid) {
+    ok(!run(app([qw{openssl dhparam -noout -check -in}, $_])));
+    ok(!run(app([qw{openssl pkeyparam -noout -check -in}, $_])));
+}

diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh5114_1.pem b/test/recipes/20-test_dhparam_check_data/invalid/dh5114_1_pkcs3.pem
similarity index 100%
rename from test/recipes/20-test_dhparam_check_data/valid/dh5114_1.pem
rename to test/recipes/20-test_dhparam_check_data/invalid/dh5114_1_pkcs3.pem

diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh5114_2.pem b/test/recipes/20-test_dhparam_check_data/invalid/dh5114_2_pkcs3.pem
similarity index 100%
rename from test/recipes/20-test_dhparam_check_data/valid/dh5114_2.pem
rename to test/recipes/20-test_dhparam_check_data/invalid/dh5114_2_pkcs3.pem

diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh5114_3.pem b/test/recipes/20-test_dhparam_check_data/invalid/dh5114_3_pkcs3.pem
similarity index 100%
rename from test/recipes/20-test_dhparam_check_data/valid/dh5114_3.pem
rename to test/recipes/20-test_dhparam_check_data/invalid/dh5114_3_pkcs3.pem

diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh_p1024_t1862.pem b/test/recipes/20-test_dhparam_check_data/invalid/dh_p1024_t1862_pkcs3.pem
similarity index 100%
rename from test/recipes/20-test_dhparam_check_data/valid/dh_p1024_t1862.pem
rename to test/recipes/20-test_dhparam_check_data/invalid/dh_p1024_t1862_pkcs3.pem

diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh_p2048_t1862.pem b/test/recipes/20-test_dhparam_check_data/invalid/dh_p2048_t1862_pkcs3.pem
similarity index 100%
rename from test/recipes/20-test_dhparam_check_data/valid/dh_p2048_t1862.pem
rename to test/recipes/20-test_dhparam_check_data/invalid/dh_p2048_t1862_pkcs3.pem

diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh_p2048_t1864.pem b/test/recipes/20-test_dhparam_check_data/invalid/dh_p2048_t1864_pkcs3.pem
similarity index 100%
rename from test/recipes/20-test_dhparam_check_data/valid/dh_p2048_t1864.pem
rename to test/recipes/20-test_dhparam_check_data/invalid/dh_p2048_t1864_pkcs3.pem

diff --git a/test/recipes/20-test_dhparam_check_data/valid/dh_p3072_t1862.pem b/test/recipes/20-test_dhparam_check_data/invalid/dh_p3072_t1862_pkcs3.pem
similarity index 100%
rename from test/recipes/20-test_dhparam_check_data/valid/dh_p3072_t1862.pem
rename to test/recipes/20-test_dhparam_check_data/invalid/dh_p3072_t1862_pkcs3.pem