Home Esplora Aiuto
Accedi
OWEALs
/
openssl
mirror da git://git.openssl.org/openssl.git
2
0
Forka 0
File Problemi 1 Wiki
Albero (Tree): c2bd8d2783
Rami (Branch) Tag
openssl
/
test
/
recipes
/
15-test_genrsa.t

15-test_genrsa.t 5.0 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140 
  1. #! /usr/bin/env perl
    2. 

  2. # Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3. #
    4. 

  4. # Licensed under the Apache License 2.0 (the "License").  You may not use
    5. 

  5. # this file except in compliance with the License.  You can obtain a copy
    6. 

  6. # in the file LICENSE in the source distribution or at
    7. 

  7. # https://www.openssl.org/source/license.html
    8. 

  8. 

  9. 

  10. use strict;
    11. 

  11. use warnings;
    12. 

  12. 

  13. use File::Spec;
    14. 

  14. use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file/;
    15. 

  15. use OpenSSL::Test::Utils;
    16. 

  16. 

  17. BEGIN {
    18. 

  18.     setup("test_genrsa");
    19. 

  19. }
    20. 

  20. 

  21. use lib srctop_dir('Configurations');
    22. 

  22. use lib bldtop_dir('.');
    23. 

  23. use platform;
    24. 

  24. 

  25. my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
    26. 

  26. 

  27. plan tests =>
    28. 

  28.     ($no_fips ? 0 : 2)          # FIPS install test + fips related test
    29. 

  29.     + 12;
    30. 

  30. 

  31. # We want to know that an absurdly small number of bits isn't support
    32. 

  32. if (disabled("deprecated-3.0")) {
    33. 

  33.     is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
    34. 

  34.                  '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_bits:8',
    35. 

  35.                  '-pkeyopt', 'rsa_keygen_pubexp:3'])),
    36. 

  36.                0, "genrsa -3 8");
    37. 

  37. } else {
    38. 

  38.     is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])),
    39. 

  39.                0, "genrsa -3 8");
    40. 

  40. }
    41. 

  41. 

  42. # Depending on the shared library, we might have different lower limits.
    43. 

  43. # Let's find it!  This is a simple binary search
    44. 

  44. # ------------------------------------------------------------
    45. 

  45. # NOTE: $good may need an update in the future
    46. 

  46. # ------------------------------------------------------------
    47. 

  47. note "Looking for lowest amount of bits";
    48. 

  48. my $bad = 3;                    # Log2 of number of bits (2 << 3  == 8)
    49. 

  49. my $good = 11;                  # Log2 of number of bits (2 << 11 == 2048)
    50. 

  50. my $fin;
    51. 

  51. while ($good > $bad + 1) {
    52. 

  52.     my $checked = int(($good + $bad + 1) / 2);
    53. 

  53.     my $bits = 2 ** $checked;
    54. 

  54.     if (disabled("deprecated-3.0")) {
    55. 

  55.         $fin = run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
    56. 

  56.                          '-algorithm', 'RSA', '-pkeyopt', 'rsa_keygen_pubexp:65537',
    57. 

  57.                          '-pkeyopt', "rsa_keygen_bits:$bits",
    58. 

  58.                        ], stderr => undef));
    59. 

  59.     } else {
    60. 

  60.         $fin = run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem',
    61. 

  61.                          $bits
    62. 

  62.                        ], stderr => undef));
    63. 

  63.     }
    64. 

  64.     if ($fin) {
    65. 

  65.         note 2 ** $checked, " bits is good";
    66. 

  66.         $good = $checked;
    67. 

  67.     } else {
    68. 

  68.         note 2 ** $checked, " bits is bad";
    69. 

  69.         $bad = $checked;
    70. 

  70.     }
    71. 

  71. }
    72. 

  72. $good++ if $good == $bad;
    73. 

  73. $good = 2 ** $good;
    74. 

  74. note "Found lowest allowed amount of bits to be $good";
    75. 

  75. 

  76. ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
    77. 

  77.              '-pkeyopt', 'rsa_keygen_pubexp:65537',
    78. 

  78.              '-pkeyopt', "rsa_keygen_bits:$good",
    79. 

  79.              '-out', 'genrsatest.pem' ])),
    80. 

  80.    "genpkey -3 $good");
    81. 

  81. ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest.pem', '-noout' ])),
    82. 

  82.    "pkey -check");
    83. 

  83. ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
    84. 

  84.              '-pkeyopt', 'rsa_keygen_pubexp:65537',
    85. 

  85.              '-pkeyopt', "rsa_keygen_bits:$good",
    86. 

  86.              '-out', 'genrsatest.pem' ])),
    87. 

  87.    "genpkey -f4 $good");
    88. 

  88. 

  89. ok(run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
    90. 

  90.              '-pkeyopt', 'rsa_keygen_bits:2048',
    91. 

  91.              '-out', 'genrsatest2048.pem' ])),
    92. 

  92.    "genpkey 2048 bits");
    93. 

  93. ok(run(app([ 'openssl', 'pkey', '-check', '-in', 'genrsatest2048.pem', '-noout' ])),
    94. 

  94.    "pkey -check");
    95. 

  95. 

  96. ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
    97. 

  97.              '-pkeyopt', 'hexe:02',
    98. 

  98.              '-out', 'genrsatest.pem' ])),
    99. 

  99.    "genpkey with a bad public exponent should fail");
    100. 

  100. ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'RSA',
    101. 

  101.              '-pkeyopt', 'e:65538',
    102. 

  102.              '-out', 'genrsatest.pem' ])),
    103. 

  103.    "genpkey with a even public exponent should fail");
    104. 

  104. 

  105. 

  106.  SKIP: {
    107. 

  107.     skip "Skipping rsa command line test", 4 if disabled("deprecated-3.0");
    108. 

  108. 

  109.     ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])),
    110. 

  110.        "genrsa -3 $good");
    111. 

  111.     ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
    112. 

  112.        "rsa -check");
    113. 

  113.     ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
    114. 

  114.        "genrsa -f4 $good");
    115. 

  115.     ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
    116. 

  116.        "rsa -check");
    117. 

  117. }
    118. 

  118. 

  119. unless ($no_fips) {
    120. 

  120.     my $provconf = srctop_file("test", "fips-and-base.cnf");
    121. 

  121.     my $provpath = bldtop_dir("providers");
    122. 

  122.     my @prov = ( "-provider-path", $provpath,
    123. 

  123.                  "-config", $provconf);
    124. 

  124.     my $infile = bldtop_file('providers', platform->dso('fips'));
    125. 

  125. 

  126.     ok(run(app(['openssl', 'fipsinstall',
    127. 

  127.                 '-out', bldtop_file('providers', 'fipsmodule.cnf'),
    128. 

  128.                 '-module', $infile,
    129. 

  129.                 '-provider_name', 'fips', '-mac_name', 'HMAC',
    130. 

  130.                 '-section_name', 'fips_sect'])),
    131. 

  131.        "fipsinstall");
    132. 

  132. 

  133.     $ENV{OPENSSL_TEST_LIBCTX} = "1";
    134. 

  134.     ok(run(app(['openssl', 'genpkey',
    135. 

  135.                 @prov,
    136. 

  136.                '-algorithm', 'RSA',
    137. 

  137.                '-pkeyopt', 'bits:2080',
    138. 

  138.                '-out', 'genrsatest2080.pem'])),
    139. 

  139.        "Generating RSA key with > 2048 bits and < 3072 bits");
    140. 

  140. }
    141.