wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test/recipes/test_genrsa.t : don't fail because of size limit changes

Browse source 
There is a test to check that 'genrsa' doesn't accept absurdly low
number of bits.  Apart from that, this test is designed to check the
working functionality of 'openssl genrsa', so instead of having a hard
coded lower limit on the size key, let's figure out what it is.

Partially fixes #5751

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/5754)
This commit is contained in:
Richard Levitte 2018-03-26 11:08:12 +02:00
parent 2a479a86bd
commit ec46830f8a
1 changed files with 33 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
test/recipes/15-test_genrsa.t
View file

@ -18,9 +18,38 @@ setup("test_genrsa");
plan tests => 5;
# We want to know that an absurdly small number of bits isn't support
is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8");
ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '16'])), "genrsa -3 16");
ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check");
ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', '16'])), "genrsa -f4 16");
ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check");
# Depending on the shared library, we might have different lower limits.
# Let's find it! This is a simple binary search
# ------------------------------------------------------------
# NOTE: $good may need an update in the future
# ------------------------------------------------------------
note "Looking for lowest amount of bits";
my $bad = 3; # Log2 of number of bits (2 << 3 == 8)
my $good = 11; # Log2 of number of bits (2 << 11 == 2048)
while ($good > $bad + 1) {
my $checked = int(($good + $bad + 1) / 2);
if (run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem',
2 ** $checked ], stderr => undef))) {
note 2 ** $checked, " bits is good";
$good = $checked;
} else {
note 2 ** $checked, " bits is bad";
$bad = $checked;
}
}
$good++ if $good == $bad;
$good = 2 ** $good;
note "Found lowest allowed amount of bits to be $good";
ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])),
"genrsa -3 $good");
ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
"rsa -check");
ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
"genrsa -f4 $good");
ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
"rsa -check");
unlink 'genrsatest.pem';