check max key size with ocsp stapling test

2018-08-08 15:16:32 -06:00
parent 2420af3cf2
commit f74406d2c9
2 changed files with 23 additions and 1 deletions
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -718,8 +718,18 @@ static void ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead)

 static void Usage(void)
 {
-    printf("client "    LIBWOLFSSL_VERSION_STRING
+    printf("wolfSSL client "    LIBWOLFSSL_VERSION_STRING
           " NOTE: All files relative to wolfSSL home dir\n");
+
+    /* print out so that scripts can know what the max supported key size is */
+    printf("Max key size in bits for build is set at : ");
+#ifdef USE_FAST_MATH
+    printf("%d\n", FP_MAX_BITS/2);
+#else
+    /* normal math has unlimited max size */
+    printf("INFINITE\n");
+#endif
+
    printf("-?          Help, print this usage\n");
    printf("-h <host>   Host to connect to, default %s\n", wolfSSLIP);
    printf("-p <num>    Port to connect on, not 0, default %d\n", wolfSSLPort);
--- a/scripts/ocsp-stapling.test
+++ b/scripts/ocsp-stapling.test
@@ -157,6 +157,18 @@ if [ $? -eq 0 ]; then
    exit 0
 fi

+# check if supported key size is large enough to handle 4096 bit RSA
+size=`./examples/client/client -? | grep "Max key"`
+size=`echo ${size//[^0-9]/}`
+if [ ! -z "$size" ]; then
+    printf 'check on max key size of %d ...' $size
+    if [ $size -lt 4096 ]; then
+        printf '%s\n' "4096 bit RSA keys not supported"
+        exit 0
+    fi
+    printf 'OK\n'
+fi
+
 # create a port 0 port to use with openssl ocsp responder
 ./examples/server/server -R $ready_file -p $resume_port &
 wait_for_readyFile $ready_file