test/recipes/test_genrsa.t : don't fail because of size limit changes

There is a test to check that 'genrsa' doesn't accept absurdly low number of bits. Apart from that, this test is designed to check the working functionality of 'openssl genrsa', so instead of having a hard coded lower limit on the size key, let's figure out what it is. Partially fixes #5751 Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5754) (cherry picked from commit ec46830f8a4ce62c0c8ee7677b1eb8e53ee16df1)

test/recipes/test_genrsa.t : don't fail because of size limit changes
There is a test to check that 'genrsa' doesn't accept absurdly low number of bits. Apart from that, this test is designed to check the working functionality of 'openssl genrsa', so instead of having a hard coded lower limit on the size key, let's figure out what it is. Partially fixes #5751 Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5754) (cherry picked from commit ec46830f8a4ce62c0c8ee7677b1eb8e53ee16df1)
1b9f41a0 · Richard Levitte · a8ca496d · 1b9f41a0
隐藏空白更改
内联并排

Showing with 34 addition and 6 deletion

test/recipes/15-test_genrsa.t test/recipes/15-test_genrsa.t +34 -6

未找到文件。
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -18,9 +18,37 @@ setup("test_genrsa");

 plan tests => 5;

-is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '256'])), 0, "genrsa -3 256");
-ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '512'])), "genrsa -3 512");
-ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check");
-ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', '512'])), "genrsa -f4 512");
-ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout'])), "rsa -check");
-unlink 'genrsatest.pem';
+# We want to know that an absurdly small number of bits isn't support
+is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8");
+
+# Depending on the shared library, we might have different lower limits.
+# Let's find it!  This is a simple binary search
+# ------------------------------------------------------------
+# NOTE: $good may need an update in the future
+# ------------------------------------------------------------
+note "Looking for lowest amount of bits";
+my $bad = 3;                    # Log2 of number of bits (2 << 3  == 8)
+my $good = 11;                  # Log2 of number of bits (2 << 11 == 2048)
+while ($good > $bad + 1) {
+    my $checked = int(($good + $bad + 1) / 2);
+    if (run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem',
+                  2 ** $checked ], stderr => undef))) {
+        note 2 ** $checked, " bits is good";
+        $good = $checked;
+    } else {
+        note 2 ** $checked, " bits is bad";
+        $bad = $checked;
+    }
+}
+$good++ if $good == $bad;
+$good = 2 ** $good;
+note "Found lowest allowed amount of bits to be $good";
+
+ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])),
+   "genrsa -3 $good");
+ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+   "rsa -check");
+ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
+   "genrsa -f4 $good");
+ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
+   "rsa -check");