edk2/0009-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch

From 6f3b1ae0a836880038787a1315b5b815f2951c8d Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 25 Jul 2023 15:23:43 +0200
Subject: [PATCH 7/9] dhtest.c: Add test of DH_check() with q = p + 1

This must fail with DH_CHECK_INVALID_Q_VALUE and
with DH_CHECK_Q_NOT_PRIME unset.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>

reference: https://github.com/openssl/openssl/pull/21550
Signed-off-by: yexiao <yexiao7@huawei.com>
---
 CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c b/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c
index f8dd8f3a..d02b3b7c 100644
--- a/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c
+++ b/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c
@@ -124,6 +124,15 @@ static int dh_test(void)
     /* We'll have a stale error on the queue from the above test so clear it */
     ERR_clear_error();
 
+    if (!TEST_ptr(BN_copy(q, p)) || !TEST_true(BN_add(q, q, BN_value_one())))
+        goto err3;
+
+    if (!TEST_true(DH_check(dh, &i)))
+        goto err3;
+    if (!TEST_true(i & DH_CHECK_INVALID_Q_VALUE)
+        || !TEST_false(i & DH_CHECK_Q_NOT_PRIME))
+        goto err3;
+
     /* Modulus of size: dh check max modulus bits + 1 */
     if (!TEST_true(BN_set_word(p, 1))
             || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
@@ -135,6 +144,9 @@ static int dh_test(void)
     if (!TEST_false(DH_check(dh, &i)))
         goto err3;
 
+    /* We'll have a stale error on the queue from the above test so clear it */
+    ERR_clear_error();
+
     /*
      * II) key generation
      */
-- 
2.33.0