From d49989056a8bd26fd9cbf14354dee257aae70ba3 Mon Sep 17 00:00:00 2001 From: Toddr Bot Date: Wed, 1 Jul 2026 23:55:02 +0000 Subject: [PATCH] Guard 512-bit key generation tests against OpenSSL security level rejection Some OpenSSL builds (FIPS, high security levels) reject 512-bit RSA keys. Three test sites used 512-bit keygen without SKIP guards, which would crash the entire test file instead of gracefully skipping: - t/rsa.t: bare generate_key(512) with no eval protection - t/rsa.t: subclass test used 512-bit (switched to 2048-bit) - t/keygen.t: used eval but reported failure instead of SKIP Follows the pattern already established in t/error.t lines 131-136. --- t/keygen.t | 5 ++++- t/rsa.t | 8 ++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/t/keygen.t b/t/keygen.t index 2a4f1d3..a1a516e 100644 --- a/t/keygen.t +++ b/t/keygen.t @@ -177,5 +177,8 @@ plan tests => 29; like($@, qr/at least 512 bits/, "generate_key croaks on 511-bit key size"); my $rsa = eval { Crypt::OpenSSL::RSA->generate_key(512) }; - ok($rsa && !$@, "generate_key accepts 512-bit key size (minimum)"); + SKIP: { + skip "OpenSSL rejects 512-bit keys at this security level", 1 if $@; + ok($rsa, "generate_key accepts 512-bit key size (minimum)"); + } } diff --git a/t/rsa.t b/t/rsa.t index 547c999..5c9ca9f 100644 --- a/t/rsa.t +++ b/t/rsa.t @@ -68,7 +68,11 @@ sub _check_for_croak { Crypt::OpenSSL::Random::random_seed("OpenSSL needs at least 32 bytes."); Crypt::OpenSSL::RSA->import_random_seed(); -is( Crypt::OpenSSL::RSA->generate_key(512)->size() * 8, 512, "512-bit key has correct size" ); +SKIP: { + my $rsa_512 = eval { Crypt::OpenSSL::RSA->generate_key(512) }; + skip "OpenSSL rejects 512-bit keys at this security level", 1 if $@; + is( $rsa_512->size() * 8, 512, "512-bit key has correct size" ); +} my $rsa = Crypt::OpenSSL::RSA->generate_key(2048); is( $rsa->size() * 8, 2048, "2048-bit key has correct size" ); @@ -183,7 +187,7 @@ _check_for_croak( # check subclassing -eval { Crypt::OpenSSL::RSA::Subpackage->generate_key(512); }; +eval { Crypt::OpenSSL::RSA::Subpackage->generate_key(2048); }; ok( !$@, "subclass generate_key() succeeds" ); package Crypt::OpenSSL::RSA::Subpackage;