From f74406d2c9379cd3006cd44248e7a386394c2498 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 8 Aug 2018 15:16:32 -0600 Subject: [PATCH 1/3] check max key size with ocsp stapling test --- examples/client/client.c | 12 +++++++++++- scripts/ocsp-stapling.test | 12 ++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/examples/client/client.c b/examples/client/client.c index a76379622..9188f09ab 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -718,8 +718,18 @@ static void ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead) static void Usage(void) { - printf("client " LIBWOLFSSL_VERSION_STRING + printf("wolfSSL client " LIBWOLFSSL_VERSION_STRING " NOTE: All files relative to wolfSSL home dir\n"); + + /* print out so that scripts can know what the max supported key size is */ + printf("Max key size in bits for build is set at : "); +#ifdef USE_FAST_MATH + printf("%d\n", FP_MAX_BITS/2); +#else + /* normal math has unlimited max size */ + printf("INFINITE\n"); +#endif + printf("-? Help, print this usage\n"); printf("-h Host to connect to, default %s\n", wolfSSLIP); printf("-p Port to connect on, not 0, default %d\n", wolfSSLPort); diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 031fdfe40..7d7b93cab 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -157,6 +157,18 @@ if [ $? -eq 0 ]; then exit 0 fi +# check if supported key size is large enough to handle 4096 bit RSA +size=`./examples/client/client -? | grep "Max key"` +size=`echo ${size//[^0-9]/}` +if [ ! -z "$size" ]; then + printf 'check on max key size of %d ...' $size + if [ $size -lt 4096 ]; then + printf '%s\n' "4096 bit RSA keys not supported" + exit 0 + fi + printf 'OK\n' +fi + # create a port 0 port to use with openssl ocsp responder ./examples/server/server -R $ready_file -p $resume_port & wait_for_readyFile $ready_file From c3ab52ed44878541386e56897801d84981d94157 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 8 Aug 2018 15:34:45 -0600 Subject: [PATCH 2/3] key size check on ocsp-stapling2 test --- scripts/ocsp-stapling2.test | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test index 2076af40a..7fa4b1092 100755 --- a/scripts/ocsp-stapling2.test +++ b/scripts/ocsp-stapling2.test @@ -167,6 +167,18 @@ trap cleanup EXIT INT TERM HUP [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 +# check if supported key size is large enough to handle 4096 bit RSA +size=`./examples/client/client -? | grep "Max key"` +size=`echo ${size//[^0-9]/}` +if [ ! -z "$size" ]; then + printf 'check on max key size of %d ...' $size + if [ $size -lt 4096 ]; then + printf '%s\n' "4096 bit RSA keys not supported" + exit 0 + fi + printf 'OK\n' +fi + #get four unique ports # 1: ./examples/server/server -R $ready_file1 -p $resume_port & From 373258a0c280dfb3401ca8e4a6444d3b655274ec Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 15 Aug 2018 09:50:50 -0600 Subject: [PATCH 3/3] account for NO_RSA and SP math when printing max RSA key size --- examples/client/client.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/examples/client/client.c b/examples/client/client.c index 9188f09ab..be6367d84 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -722,8 +722,18 @@ static void Usage(void) " NOTE: All files relative to wolfSSL home dir\n"); /* print out so that scripts can know what the max supported key size is */ - printf("Max key size in bits for build is set at : "); -#ifdef USE_FAST_MATH + printf("Max RSA key size in bits for build is set at : "); +#ifdef NO_RSA + printf("RSA not supported\n"); +#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */ + #ifndef WOLFSSL_SP_NO_3072 + printf("3072\n"); + #elif !defined(WOLFSSL_SP_NO_2048) + printf("2048\n"); + #else + printf("0\n"); + #endif +#elif defined(USE_FAST_MATH) printf("%d\n", FP_MAX_BITS/2); #else /* normal math has unlimited max size */