1#! /usr/bin/env perl 2# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. 3# 4# Licensed under the OpenSSL license (the "License"). You may not use 5# this file except in compliance with the License. You can obtain a copy 6# in the file LICENSE in the source distribution or at 7# https://www.openssl.org/source/license.html 8 9 10use strict; 11use warnings; 12 13use File::Spec; 14use OpenSSL::Test qw/:DEFAULT srctop_file/; 15use OpenSSL::Test::Utils; 16 17setup("test_genrsa"); 18 19plan tests => 7; 20 21# We want to know that an absurdly small number of bits isn't support 22is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8"); 23 24# Depending on the shared library, we might have different lower limits. 25# Let's find it! This is a simple binary search 26# ------------------------------------------------------------ 27# NOTE: $good may need an update in the future 28# ------------------------------------------------------------ 29note "Looking for lowest amount of bits"; 30my $bad = 3; # Log2 of number of bits (2 << 3 == 8) 31my $good = 11; # Log2 of number of bits (2 << 11 == 2048) 32while ($good > $bad + 1) { 33 my $checked = int(($good + $bad + 1) / 2); 34 if (run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', 35 2 ** $checked ], stderr => undef))) { 36 note 2 ** $checked, " bits is good"; 37 $good = $checked; 38 } else { 39 note 2 ** $checked, " bits is bad"; 40 $bad = $checked; 41 } 42} 43$good++ if $good == $bad; 44$good = 2 ** $good; 45note "Found lowest allowed amount of bits to be $good"; 46 47ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])), 48 "genrsa -3 $good"); 49ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), 50 "rsa -check"); 51ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])), 52 "genrsa -f4 $good"); 53ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])), 54 "rsa -check"); 55ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 'genrsatest-enc.pem', 56 '-aes256', '-passout', 'pass:x' ])), 57 "rsa encrypt"); 58ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 'pass:x' ])), 59 "rsa decrypt"); 60