From f74406d2c9379cd3006cd44248e7a386394c2498 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 8 Aug 2018 15:16:32 -0600 Subject: [PATCH] check max key size with ocsp stapling test --- examples/client/client.c | 12 +++++++++++- scripts/ocsp-stapling.test | 12 ++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/examples/client/client.c b/examples/client/client.c index a76379622..9188f09ab 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -718,8 +718,18 @@ static void ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead) static void Usage(void) { - printf("client " LIBWOLFSSL_VERSION_STRING + printf("wolfSSL client " LIBWOLFSSL_VERSION_STRING " NOTE: All files relative to wolfSSL home dir\n"); + + /* print out so that scripts can know what the max supported key size is */ + printf("Max key size in bits for build is set at : "); +#ifdef USE_FAST_MATH + printf("%d\n", FP_MAX_BITS/2); +#else + /* normal math has unlimited max size */ + printf("INFINITE\n"); +#endif + printf("-? Help, print this usage\n"); printf("-h Host to connect to, default %s\n", wolfSSLIP); printf("-p Port to connect on, not 0, default %d\n", wolfSSLPort); diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 031fdfe40..7d7b93cab 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -157,6 +157,18 @@ if [ $? -eq 0 ]; then exit 0 fi +# check if supported key size is large enough to handle 4096 bit RSA +size=`./examples/client/client -? | grep "Max key"` +size=`echo ${size//[^0-9]/}` +if [ ! -z "$size" ]; then + printf 'check on max key size of %d ...' $size + if [ $size -lt 4096 ]; then + printf '%s\n' "4096 bit RSA keys not supported" + exit 0 + fi + printf 'OK\n' +fi + # create a port 0 port to use with openssl ocsp responder ./examples/server/server -R $ready_file -p $resume_port & wait_for_readyFile $ready_file