summaryrefslogtreecommitdiff
path: root/tests/cert
diff options
context:
space:
mode:
authorKai Engert <kaie@kuix.de>2017-10-12 18:22:33 +0200
committerKai Engert <kaie@kuix.de>2017-10-12 18:22:33 +0200
commitfb06d0195ec9fda90f0138eb452a68555bfe8093 (patch)
treef52253b1f897ee350a1e41bc676096bbcc44e5cf /tests/cert
parent1db9f64345a261984228029db5b9a47b4a80ead7 (diff)
downloadnss-hg-fb06d0195ec9fda90f0138eb452a68555bfe8093.tar.gz
Bug 1402410, Make nss-softokn verify that RSA exponent is not smaller than 0x10001, when NSS is built with full FIPS support; r=fkiefer, r=kaie
Diffstat (limited to 'tests/cert')
-rwxr-xr-xtests/cert/cert.sh20
1 files changed, 20 insertions, 0 deletions
diff --git a/tests/cert/cert.sh b/tests/cert/cert.sh
index 1e7c091e5..ca0646055 100755
--- a/tests/cert/cert.sh
+++ b/tests/cert/cert.sh
@@ -1260,6 +1260,10 @@ MODSCRIPT
CU_ACTION="Setting invalid database password in FIPS mode"
RETEXPECTED=255
certu -W -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -@ "${R_FIPSBADPWFILE}" 2>&1
+ CU_ACTION="Attempt to generate a key with exponent of 3 (too small)"
+ certu -G -k rsa -g 2048 -y 3 -d "${PROFILEDIR}" -z ${R_NOISE_FILE} -f "${R_FIPSPWFILE}"
+ CU_ACTION="Attempt to generate a key with exponent of 17 (too small)"
+ certu -G -k rsa -g 2048 -y 17 -d "${PROFILEDIR}" -z ${R_NOISE_FILE} -f "${R_FIPSPWFILE}"
RETEXPECTED=0
CU_ACTION="Generate Certificate for ${CERTNAME}"
@@ -1268,6 +1272,20 @@ MODSCRIPT
if [ "$RET" -eq 0 ]; then
cert_log "SUCCESS: FIPS passed"
fi
+
+}
+
+########################## cert_rsa_exponent #################################
+# local shell function to verify small rsa exponent can be used (only
+# run if FIPS has not been turned on in the build).
+##############################################################################
+cert_rsa_exponent()
+{
+ echo "$SCRIPTNAME: Verify that small RSA exponents still work =============="
+ CU_ACTION="Attempt to generate a key with exponent of 3"
+ certu -G -k rsa -g 2048 -y 3 -d "${PROFILEDIR}" -z ${R_NOISE_FILE} -f "${R_FIPSPWFILE}"
+ CU_ACTION="Attempt to generate a key with exponent of 17"
+ certu -G -k rsa -g 2048 -y 17 -d "${PROFILEDIR}" -z ${R_NOISE_FILE} -f "${R_FIPSPWFILE}"
}
############################## cert_eccurves ###########################
@@ -1977,6 +1995,8 @@ cert_ssl
cert_smime_client
if [[ -n "$NSS_TEST_ENABLE_FIPS" ]]; then
cert_fips
+else
+ cert_rsa_exponent
fi
cert_eccurves
cert_extensions
View Lorry Controller Status