Skip to content

We don't test DSA key generation enough #11306

New issue
New issue
Closed
Closed
We don't test DSA key generation enough#11306
Labels
branch: masterApplies to master branchhelp wantedtriaged: bugThe issue/pr is/fixes a bug
Milestone
3.0.0
@levitte

Description

@levitte
levitte
opened on Mar 11, 2020

I just tried #11303 with the faulty dsa_gen_set_template merged with the latest #10289, and was astonished how many tests succeed. With only test_ssl_old failing, that's not a lot of test coverage for DSA key generation, and when that recipe i gone, there will be none.

I just had a quick search, and this is what I found:

$ grep KeyGen test/recipes/30-test_evp_data/*
test/recipes/30-test_evp_data/evppkey.txt:KeyGen = rsaEncryption
test/recipes/30-test_evp_data/evppkey.txt:KeyGen = RSASSA-PSS
test/recipes/30-test_evp_data/evppkey.txt:KeyGen = dhKeyAgreement
$ git grep EVP_PKEY_keygen test
test/cmp_testlib.c:               && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
test/cmp_testlib.c:               && TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0));
test/evp_extra_test.c:    if (!TEST_true(EVP_PKEY_keygen_init(kctx)))
test/evp_extra_test.c:    if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
test/evp_test.c:    if (EVP_PKEY_keygen_init(genctx) <= 0) {
test/evp_test.c:    if (EVP_PKEY_keygen(keygen->genctx, &pkey) <= 0) {
$ git grep genpkey test
test/certs/mkcert.sh:            openssl genpkey "${args[@]}" -out "${key}.pem"
test/evp_pkey_provided_test.c:     * openssl genpkey -paramfile dhp.pem | openssl pkey -text
test/recipes/15-test_genrsa.t:    is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
test/recipes/15-test_genrsa.t:        $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
test/recipes/15-test_genrsa.t:ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
test/recipes/15-test_genrsa.t:   "genpkey -3 $good");
test/recipes/15-test_genrsa.t:ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
test/recipes/15-test_genrsa.t:   "genpkey -f4 $good");
test/recipes/15-test_mp_rsa.t:            ok(run(app([ 'openssl', 'genpkey', '-out', "rsamptest-$name.pem",
test/recipes/80-test_ssl_old.t:my @genpkeycmd = ("openssl", "genpkey");
test/recipes/80-test_ssl_old.t:                    ok(run(app([@genpkeycmd, "-out", $Dkey,
test/recipes/80-test_ssl_old.t:                    ok(run(app(["openssl", "genpkey", "-genparam",
test/smime-certs/mksmime-certs.sh:$OPENSSL genpkey -genparam -algorithm DH -pkeyopt dh_paramgen_type:2 \
test/smime-certs/mksmime-certs.sh:$OPENSSL genpkey -paramfile dhp.pem -out smdh.pem
$ git grep gendsa test
$

At the very least, I would have expected one or two KeyGen stanza for DSA among the files in test/recipes/30-test_evp_data/. That would be a good start.

Metadata

Metadata

Assignees

No one assigned

    Labels

    branch: masterApplies to master branchhelp wantedtriaged: bugThe issue/pr is/fixes a bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions