Commit bb68815067 for openssl.org
commit bb6881506742d0d64836021f3ca9e571d5252f21
Author: Jakub Zelenka <jakub.zelenka@openssl.foundation>
Date: Mon Jun 22 23:42:08 2026 +0200
apps: cover the pkcs8 -inform/-outform DER options
Only PEM input/output was exercised. Add a subtest that round trips a
key through DER, for both unencrypted and encrypted PKCS#8.
Assisted-by: Claude:claude-opus-4-8
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
MergeDate: Thu Jun 25 07:24:30 2026
(Merged from https://github.com/openssl/openssl/pull/31653)
diff --git a/test/recipes/25-test_pkcs8.t b/test/recipes/25-test_pkcs8.t
index 50cb01a407..bd7224459b 100644
--- a/test/recipes/25-test_pkcs8.t
+++ b/test/recipes/25-test_pkcs8.t
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips is_nofips/;
setup("test_pkcs8");
-plan tests => 18;
+plan tests => 19;
my $pc5_key = srctop_file('test', 'certs', 'pc5-key.pem');
@@ -128,6 +128,38 @@ ok(run(app(([ 'openssl', 'asn1parse',
"Check the size of the PBKDF2 PARAM 'salt length' is 8");
+subtest 'PKCS#8 DER inform/outform round trip' => sub {
+ plan tests => 6;
+
+ # PEM -> DER, unencrypted PKCS#8 (exercises -outform DER)
+ ok(run(app(['openssl', 'pkcs8', '-topk8', '-nocrypt',
+ '-in', $pc5_key, '-outform', 'DER',
+ '-out', 'p8-nocrypt.der'])),
+ "write unencrypted PKCS#8 in DER form");
+ # DER -> PEM (exercises -inform DER)
+ ok(run(app(['openssl', 'pkcs8', '-nocrypt',
+ '-inform', 'DER', '-in', 'p8-nocrypt.der',
+ '-out', 'p8-roundtrip.pem'])),
+ "read unencrypted PKCS#8 from DER form");
+ # PEM -> DER again, the result must match the original DER output
+ ok(run(app(['openssl', 'pkcs8', '-topk8', '-nocrypt',
+ '-in', 'p8-roundtrip.pem', '-outform', 'DER',
+ '-out', 'p8-roundtrip.der'])),
+ "re-encode the round-tripped key to DER");
+ is(compare('p8-nocrypt.der', 'p8-roundtrip.der'), 0,
+ "DER output is identical after a PEM/DER round trip");
+
+ # The same for an encrypted PKCS#8 structure
+ ok(run(app(['openssl', 'pkcs8', '-topk8',
+ '-in', $pc5_key, '-outform', 'DER',
+ '-out', 'p8-enc.der', '-passout', 'pass:password'])),
+ "write encrypted PKCS#8 in DER form");
+ ok(run(app(['openssl', 'pkcs8',
+ '-inform', 'DER', '-in', 'p8-enc.der',
+ '-out', 'p8-dec.pem', '-passin', 'pass:password'])),
+ "read encrypted PKCS#8 from DER form");
+};
+
SKIP: {
skip "SM2, SM3 or SM4 is not supported by this OpenSSL build", 3
if disabled("sm2") || disabled("sm3") || disabled("sm4");