diff options
| author | slontis <shane.lontis@oracle.com> | 2023-08-31 17:51:46 +1000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2023-09-04 14:15:34 +1000 |
| commit | e3994583a1e4bde9a589c379520d216bc0a0c515 (patch) | |
| tree | 740416411fe5f6b4c6fbead6c06d03de556d17cc /test | |
| parent | 9f679bdc71aac83e89cc5aacb42855f3657ace39 (diff) | |
Added 'saltlen' option to the OpenSSL enc command line app.
This allows PBKDF2 to change the saltlen to something other than the
new default value of 16. Previously this app hardwired the salt length
to a maximum of 8 bytes. Non PBKDF2 mode uses EVP_BytesToKey()
internally, which is documented to only allow 8 bytes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)
Diffstat (limited to 'test')
| -rw-r--r-- | test/recipes/20-test_enc.t | 20 | ||||
| -rw-r--r-- | test/recipes/25-test_pkcs8.t | 2 |
2 files changed, 20 insertions, 2 deletions
diff --git a/test/recipes/20-test_enc.t b/test/recipes/20-test_enc.t index c5391d53f2..d16d73e64a 100644 --- a/test/recipes/20-test_enc.t +++ b/test/recipes/20-test_enc.t @@ -41,7 +41,7 @@ my @ciphers = |rc2|rc4|seed)/x} @ciphers if disabled("legacy"); -plan tests => 2 + (scalar @ciphers)*2; +plan tests => 5 + (scalar @ciphers)*2; SKIP: { skip "Problems getting ciphers...", 1 + scalar(@ciphers) @@ -72,4 +72,22 @@ plan tests => 2 + (scalar @ciphers)*2; && compare_text($test,$clearfile) == 0, $t); } } + ok(run(app([$cmd, "enc", "-in", $test, "-aes256", "-pbkdf2", "-out", + "salted_default.cipher", "-pass", "pass:password"])) + && run(app([$cmd, "enc", "-d", "-in", "salted_default.cipher", "-aes256", "-pbkdf2", + "-saltlen", "8", "-out", "salted_default.clear", "-pass", "pass:password"])) + && compare_text($test,"salted_default.clear") == 0, + "Check that the default salt length of 8 bytes is used for PKDF2"); + + ok(!run(app([$cmd, "enc", "-d", "-in", "salted_default.cipher", "-aes256", "-pbkdf2", + "-saltlen", "16", "-out", "salted_fail.clear", "-pass", "pass:password"])), + "Check the decrypt fails if the saltlen is incorrect"); + + ok(run(app([$cmd, "enc", "-in", $test, "-aes256", "-pbkdf2", "-saltlen", "16", + "-out", "salted.cipher", "-pass", "pass:password"])) + && run(app([$cmd, "enc", "-d", "-in", "salted.cipher", "-aes256", "-pbkdf2", + "-saltlen", "16", "-out", "salted.clear", "-pass", "pass:password"])) + && compare_text($test,"salted.clear") == 0, + "Check that we can still use a salt length of 16 bytes for PKDF2"); + } diff --git a/test/recipes/25-test_pkcs8.t b/test/recipes/25-test_pkcs8.t index 2f7ea1e1ae..2db574bb69 100644 --- a/test/recipes/25-test_pkcs8.t +++ b/test/recipes/25-test_pkcs8.t @@ -81,7 +81,7 @@ SKIP: { '-in', 'pbe1.pem', '-offset', '19', '-length', '10']))), "Check the default size of the PBE PARAM 'salt length' = 8"); - + ok(run(app(([ 'openssl', 'pkcs8', '-topk8', '-in', srctop_file('test', 'certs', 'pc5-key.pem'), '-v1', "PBE-MD5-DES", |