[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Fri Apr 13 15:45:28 UTC 2018
The branch master has been updated
via 1b9f41a0df6ed2fac1c5303be909c2f70c404f20 (commit)
from a8ca496ddb532d7f7dc356fd2b026697388d2384 (commit)
- Log -----------------------------------------------------------------
commit 1b9f41a0df6ed2fac1c5303be909c2f70c404f20
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Mar 26 11:08:12 2018 +0200
test/recipes/test_genrsa.t : don't fail because of size limit changes
There is a test to check that 'genrsa' doesn't accept absurdly low
number of bits. Apart from that, this test is designed to check the
working functionality of 'openssl genrsa', so instead of having a hard
coded lower limit on the size key, let's figure out what it is.
Partially fixes #5751
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/5754)
(cherry picked from commit ec46830f8a4ce62c0c8ee7677b1eb8e53ee16df1)
-----------------------------------------------------------------------
Summary of changes:
test/recipes/15-test_genrsa.t | 40 ++++++++++++++++++++++++++++++++++------
1 file changed, 34 insertions(+), 6 deletions(-)
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index 72a58bc..c497533 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -18,9 +18,37 @@ setup("test_genrsa");
plan tests => 5;
-is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '256'])), 0, "genrsa -3 256");
-ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '512'])), "genrsa -3 512");
-ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check");
-ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', '512'])), "genrsa -f4 512");
-ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check");
-unlink 'genrsatest.pem';
+# We want to know that an absurdly small number of bits isn't support
+is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8");
+
+# Depending on the shared library, we might have different lower limits.
+# Let's find it! This is a simple binary search
+# ------------------------------------------------------------
+# NOTE: $good may need an update in the future
+# ------------------------------------------------------------
+note "Looking for lowest amount of bits";
+my $bad = 3; # Log2 of number of bits (2 << 3 == 8)
+my $good = 11; # Log2 of number of bits (2 << 11 == 2048)
+while ($good > $bad + 1) {
+ my $checked = int(($good + $bad + 1) / 2);
+ if (run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem',
+ 2 ** $checked ], stderr => undef))) {
+ note 2 ** $checked, " bits is good";
+ $good = $checked;
+ } else {
+ note 2 ** $checked, " bits is bad";
+ $bad = $checked;
+ }
+}
+$good++ if $good == $bad;
+$good = 2 ** $good;
+note "Found lowest allowed amount of bits to be $good";
+
+ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])),
+ "genrsa -3 $good");
+ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+ "rsa -check");
+ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
+ "genrsa -f4 $good");
+ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+ "rsa -check");
More information about the openssl-commits
mailing list