plan tests =>
($no_fips ? 0 : 5) # Extra FIPS related tests
- + 15;
+ + 16;
# We want to know that an absurdly small number of bits isn't support
is(run(app([ 'openssl', 'genpkey', '-out', 'genrsatest.pem',
ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 'genrsatest-enc.pem',
'-aes256', '-passout', 'pass:x' ])),
"rsa encrypt");
+# Check the default salt length for PBKDF2 is 16 bytes
+# We expect the output to be of the form "0:d=0 hl=2 l= 16 prim: OCTET STRING [HEX DUMP]:FAC7F37508E6B7A805BF4B13861B3687"
+# i.e. 2 byte header + 16 byte salt.
+ok(run(app(([ 'openssl', 'asn1parse',
+ '-in', 'genrsatest-enc.pem',
+ '-offset', '34', '-length', '18']))),
+ "Check the default size of the PBKDF2 PARAM 'salt length' is 16");
ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 'pass:x' ])),
"rsa decrypt");