diff options
author | John M. Schanck <jschanck@mozilla.com> | 2023-03-02 14:38:29 -0800 |
---|---|---|
committer | John M. Schanck <jschanck@mozilla.com> | 2023-03-02 14:38:29 -0800 |
commit | fd8d15350f7560f35085b4b945eb3e34a0dfa708 (patch) | |
tree | c66b55dc65ee34047a03113a0e98c24266e57727 /gtests/ssl_gtest | |
parent | 65aef21637ba6551e24933a4903f6e3b5c2e77a6 (diff) | |
download | nss-hg-fd8d15350f7560f35085b4b945eb3e34a0dfa708.tar.gz |
Backed out changeset 761e7d215e0a for causing gtest failuresNSS_3_89_BETA1
Diffstat (limited to 'gtests/ssl_gtest')
-rw-r--r-- | gtests/ssl_gtest/tls_subcerts_unittest.cc | 26 |
1 files changed, 2 insertions, 24 deletions
diff --git a/gtests/ssl_gtest/tls_subcerts_unittest.cc b/gtests/ssl_gtest/tls_subcerts_unittest.cc index a1f7cac0a..77bb41a0b 100644 --- a/gtests/ssl_gtest/tls_subcerts_unittest.cc +++ b/gtests/ssl_gtest/tls_subcerts_unittest.cc @@ -9,8 +9,6 @@ #include "prtime.h" #include "secerr.h" #include "ssl.h" -#include "nss.h" -#include "blapit.h" #include "gtest_utils.h" #include "tls_agent.h" @@ -350,14 +348,9 @@ static void GenerateWeakRsaKey(ScopedSECKEYPrivateKey& priv, ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); ASSERT_TRUE(slot); PK11RSAGenParams rsaparams; -// The absolute minimum size of RSA key that we can use with SHA-256 is -// 256bit (hash) + 256bit (salt) + 8 (start byte) + 8 (end byte) = 528. -#define RSA_WEAK_KEY 528 -#if RSA_MIN_MODULUS_BITS < RSA_WEAK_KEY + // The absolute minimum size of RSA key that we can use with SHA-256 is + // 256bit (hash) + 256bit (salt) + 8 (start byte) + 8 (end byte) = 528. rsaparams.keySizeInBits = 528; -#else - rsaparams.keySizeInBits = RSA_MIN_MODULUS_BITS + 1; -#endif rsaparams.pe = 65537; // Bug 1012786: PK11_GenerateKeyPair can fail if there is insufficient @@ -397,18 +390,6 @@ TEST_P(TlsConnectTls13, DCWeakKey) { ssl_sig_rsa_pss_pss_sha256}; client_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); server_->SetSignatureSchemes(kSchemes, PR_ARRAY_SIZE(kSchemes)); -#if RSA_MIN_MODULUS_BITS > RSA_WEAK_KEY - // save the MIN POLICY length. - PRInt32 minRsa; - - ASSERT_EQ(SECSuccess, NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minRsa)); -#if RSA_MIN_MODULUS_BITS >= 2048 - ASSERT_EQ(SECSuccess, - NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, RSA_MIN_MODULUS_BITS + 1024)); -#else - ASSERT_EQ(SECSuccess, NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 2048)); -#endif -#endif ScopedSECKEYPrivateKey dc_priv; ScopedSECKEYPublicKey dc_pub; @@ -431,9 +412,6 @@ TEST_P(TlsConnectTls13, DCWeakKey) { auto cfilter = MakeTlsFilter<TlsExtensionCapture>( client_, ssl_delegated_credentials_xtn); ConnectExpectAlert(client_, kTlsAlertInsufficientSecurity); -#if RSA_MIN_MODULUS_BITS > RSA_WEAK_KEY - ASSERT_EQ(SECSuccess, NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, minRsa)); -#endif } class ReplaceDCSigScheme : public TlsHandshakeFilter { |