feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1749 from JacobBarthelmeh/UnitTests

Browse Source 
check max key size with ocsp stapling test
This commit is contained in:
toddouska
2018-08-15 10:18:12 -07:00
committed by GitHub
parent 2420af3cf2 373258a0c2
commit be0523b7cd
3 changed files with 45 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
examples/client/client.c
View File

@ -718,8 +718,28 @@ static void ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead)
static void Usage(void) static void Usage(void)
{ {
printf("client " LIBWOLFSSL_VERSION_STRING printf("wolfSSL client " LIBWOLFSSL_VERSION_STRING
" NOTE: All files relative to wolfSSL home dir\n"); " NOTE: All files relative to wolfSSL home dir\n");
/* print out so that scripts can know what the max supported key size is */
printf("Max RSA key size in bits for build is set at : ");
#ifdef NO_RSA
printf("RSA not supported\n");
#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */
#ifndef WOLFSSL_SP_NO_3072
printf("3072\n");
#elif !defined(WOLFSSL_SP_NO_2048)
printf("2048\n");
#else
printf("0\n");
#endif
#elif defined(USE_FAST_MATH)
printf("%d\n", FP_MAX_BITS/2);
#else
/* normal math has unlimited max size */
printf("INFINITE\n");
#endif
printf("-? Help, print this usage\n"); printf("-? Help, print this usage\n");
printf("-h <host> Host to connect to, default %s\n", wolfSSLIP); printf("-h <host> Host to connect to, default %s\n", wolfSSLIP);
printf("-p <num> Port to connect on, not 0, default %d\n", wolfSSLPort); printf("-p <num> Port to connect on, not 0, default %d\n", wolfSSLPort);

12
scripts/ocsp-stapling.test
View File

@ -157,6 +157,18 @@ if [ $? -eq 0 ]; then
exit 0 exit 0
fi fi
# check if supported key size is large enough to handle 4096 bit RSA
size=`./examples/client/client -? | grep "Max key"`
size=`echo ${size//[^0-9]/}`
if [ ! -z "$size" ]; then
printf 'check on max key size of %d ...' $size
if [ $size -lt 4096 ]; then
printf '%s\n' "4096 bit RSA keys not supported"
exit 0
fi
printf 'OK\n'
fi
# create a port 0 port to use with openssl ocsp responder # create a port 0 port to use with openssl ocsp responder
./examples/server/server -R $ready_file -p $resume_port & ./examples/server/server -R $ready_file -p $resume_port &
wait_for_readyFile $ready_file wait_for_readyFile $ready_file

12
scripts/ocsp-stapling2.test
View File

@ -167,6 +167,18 @@ trap cleanup EXIT INT TERM HUP
[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1
# check if supported key size is large enough to handle 4096 bit RSA
size=`./examples/client/client -? | grep "Max key"`
size=`echo ${size//[^0-9]/}`
if [ ! -z "$size" ]; then
printf 'check on max key size of %d ...' $size
if [ $size -lt 4096 ]; then
printf '%s\n' "4096 bit RSA keys not supported"
exit 0
fi
printf 'OK\n'
fi
#get four unique ports #get four unique ports
# 1: # 1:
./examples/server/server -R $ready_file1 -p $resume_port & ./examples/server/server -R $ready_file1 -p $resume_port &