1#! /usr/bin/env perl
2# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the OpenSSL license (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10use strict;
11use warnings;
12
13use File::Spec;
14use OpenSSL::Test qw/:DEFAULT srctop_file/;
15use OpenSSL::Test::Utils;
16
17setup("test_genrsa");
18
19plan tests => 7;
20
21# We want to know that an absurdly small number of bits isn't support
22is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8");
23
24# Depending on the shared library, we might have different lower limits.
25# Let's find it!  This is a simple binary search
26# ------------------------------------------------------------
27# NOTE: $good may need an update in the future
28# ------------------------------------------------------------
29note "Looking for lowest amount of bits";
30my $bad = 3;                    # Log2 of number of bits (2 << 3  == 8)
31my $good = 11;                  # Log2 of number of bits (2 << 11 == 2048)
32while ($good > $bad + 1) {
33    my $checked = int(($good + $bad + 1) / 2);
34    if (run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem',
35                  2 ** $checked ], stderr => undef))) {
36        note 2 ** $checked, " bits is good";
37        $good = $checked;
38    } else {
39        note 2 ** $checked, " bits is bad";
40        $bad = $checked;
41    }
42}
43$good++ if $good == $bad;
44$good = 2 ** $good;
45note "Found lowest allowed amount of bits to be $good";
46
47ok(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', $good ])),
48   "genrsa -3 $good");
49ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
50   "rsa -check");
51ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
52   "genrsa -f4 $good");
53ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
54   "rsa -check");
55ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 'genrsatest-enc.pem',
56   '-aes256', '-passout', 'pass:x' ])),
57   "rsa encrypt");
58ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 'pass:x' ])),
59   "rsa decrypt");
60