Skip to content

Guard 512-bit key tests against OpenSSL security level rejection#206

Draft
toddr-bot wants to merge 1 commit into
cpan-authors:mainfrom
toddr-bot:koan.toddr.bot/fix-fragile-512bit-tests
Draft

Guard 512-bit key tests against OpenSSL security level rejection#206
toddr-bot wants to merge 1 commit into
cpan-authors:mainfrom
toddr-bot:koan.toddr.bot/fix-fragile-512bit-tests

Conversation

@toddr-bot

@toddr-bot toddr-bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Wrap bare generate_key(512) in t/rsa.t with eval/SKIP guard — previously would crash the entire test file on OpenSSL builds that reject 512-bit keys (FIPS mode, high security levels)
  • Switch subclass test from 512-bit to 2048-bit keygen — the test validates subclassing, not key size
  • Convert t/keygen.t 512-bit test from ok/fail to SKIP pattern when OpenSSL rejects the key

Follows the pattern already established in t/error.t lines 131-136.

Test plan

  • Verified all three changes work on OpenSSL 3.5.5 (512-bit still accepted, tests pass)
  • Confirmed pre-existing test failures are unrelated (reference use_pkcs1_pss_padding from unmerged PRs)
  • CI will validate across the OpenSSL matrix (1.1.1, 3.0.x, 3.4.x)

Quality Report

Changes: 2 files changed, 10 insertions(+), 3 deletions(-)

Code scan: clean

Tests: passed (OK)

Branch hygiene: clean

Generated by Kōan

…ection

Some OpenSSL builds (FIPS, high security levels) reject 512-bit RSA keys.
Three test sites used 512-bit keygen without SKIP guards, which would crash
the entire test file instead of gracefully skipping:

- t/rsa.t: bare generate_key(512) with no eval protection
- t/rsa.t: subclass test used 512-bit (switched to 2048-bit)
- t/keygen.t: used eval but reported failure instead of SKIP

Follows the pattern already established in t/error.t lines 131-136.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant