pyOpenSSL

test_rsaGeneration uses too low bits

Bug #1265482 reported by Dirk Mueller on 2014-01-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	pyOpenSSL	New	Undecided	Unassigned

Bug Description

With certain security-enhanced versions of OpenSSL, test_crypto.py fails as it tries to generate a RSA key with only 128 bits. RSA keys below 1024 bits can be considered insecure and have been deprecated as of December 31st, 2013:

http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf

Please consider applying this patch:

--- a/pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py 2013-08-23 21:48:24.000000000 +0200
+++ b/pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py 2014-01-02 12:09:29.264883294 +0100
@@ -608,7 +608,7 @@
         L{PKeyType.generate_key} generates an RSA key when passed
         L{TYPE_RSA} as a type and a reasonable number of bits.
         """
- bits = 128
+ bits = 2048
         key = PKey()
         key.generate_key(TYPE_RSA, bits)
         self.assertEqual(key.type(), TYPE_RSA)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.