Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
dd7d1df8
Commit
dd7d1df8
authored
Apr 21, 2017
by
Mukund Sivaraman
Browse files
Increase minimum RSA keygen size to 1024 bits (#36895)
parent
f5c39b07
Changes
60
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
dd7d1df8
4595. [func] dnssec-keygen will no longer generate RSA keys
less than 1024 bits in length. dnssec-keymgr
was similarly updated. [RT #36895]
4594. [func] "dnstap-read -x" prints a hex dump of the wire
format of each logged DNS message. [RT #44816]
...
...
bin/dnssec/dnssec-keygen.c
View file @
dd7d1df8
...
...
@@ -89,10 +89,10 @@ usage(void) {
"NSEC3RSASHA1 if using -3)
\n
"
);
fprintf
(
stderr
,
" -3: use NSEC3-capable algorithm
\n
"
);
fprintf
(
stderr
,
" -b <key size in bits>:
\n
"
);
fprintf
(
stderr
,
" RSAMD5:
\t
[
512
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" RSASHA1:
\t
[
512
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" NSEC3RSASHA1:
\t
[
512
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" RSASHA256:
\t
[
512
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" RSAMD5:
\t
[
1024
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" RSASHA1:
\t
[
1024
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" NSEC3RSASHA1:
\t
[
1024
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" RSASHA256:
\t
[
1024
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" RSASHA512:
\t
[1024..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" DH:
\t\t
[128..4096]
\n
"
);
fprintf
(
stderr
,
" DSA:
\t\t
[512..1024] and divisible by 64
\n
"
);
...
...
@@ -748,7 +748,7 @@ main(int argc, char **argv) {
case
DNS_KEYALG_RSASHA1
:
case
DNS_KEYALG_NSEC3RSASHA1
:
case
DNS_KEYALG_RSASHA256
:
if
(
size
!=
0
&&
(
size
<
512
||
size
>
MAX_RSA
))
if
(
size
!=
0
&&
(
size
<
1024
||
size
>
MAX_RSA
))
fatal
(
"RSA key size %d out of range"
,
size
);
break
;
case
DNS_KEYALG_RSASHA512
:
...
...
bin/dnssec/dnssec-keygen.docbook
View file @
dd7d1df8
...
...
@@ -144,7 +144,7 @@
<para>
Specifies the number of bits in the key. The choice of key
size depends on the algorithm used. RSA keys must be
between
512
and 2048 bits. Diffie Hellman keys must be between
between
1024
and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
bits and an exact multiple of 64. HMAC keys must be
between 1 and 512 bits. Elliptic curve algorithms don't need
...
...
bin/python/isc/policy.py.in
View file @
dd7d1df8
...
...
@@ -131,11 +131,11 @@ class Policy:
directory = None
valid_key_sz_per_algo = {'DSA': [512, 1024],
'NSEC3DSA': [512, 1024],
'RSAMD5': [
512
, 4096],
'RSASHA1': [
512
, 4096],
'RSAMD5': [
1024
, 4096],
'RSASHA1': [
1024
, 4096],
'NSEC3RSASHA1': [512, 4096],
'RSASHA256': [
512
, 4096],
'RSASHA512': [
512
, 4096],
'RSASHA256': [
1024
, 4096],
'RSASHA512': [
1024
, 4096],
'ECCGOST': None,
'ECDSAP256SHA256': None,
'ECDSAP384SHA384': None}
...
...
bin/tests/system/autosign/setup.sh
View file @
dd7d1df8
...
...
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
.
./clean.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
echo
"I:generating keys and preparing zones"
cd
ns1
&&
$SHELL
keygen.sh
bin/tests/system/dlv/setup.sh
View file @
dd7d1df8
...
...
@@ -9,6 +9,6 @@
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
(
cd
ns1
&&
$SHELL
-e
sign.sh
)
bin/tests/system/dlvauto/ns1/sign.sh
View file @
dd7d1df8
...
...
@@ -13,7 +13,7 @@ zone=dlv.isc.org
infile
=
dlv.isc.org.db.in
zonefile
=
dlv.isc.org.db
dlvkey
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
dlvkey
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$dlvkey
.key
>
$zonefile
$SIGNER
-P
-g
-r
$RANDFILE
-o
$zone
$zonefile
>
/dev/null
...
...
@@ -21,7 +21,7 @@ zone=.
infile
=
root.db.in
zonefile
=
root.db
rootkey
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
rootkey
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$rootkey
.key
>
$zonefile
$SIGNER
-P
-g
-r
$RANDFILE
-o
$zone
$zonefile
>
/dev/null
...
...
bin/tests/system/dlvauto/setup.sh
View file @
dd7d1df8
...
...
@@ -11,6 +11,6 @@ SYSTEMTESTTOP=..
$SHELL
clean.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
cd
ns1
&&
$SHELL
sign.sh
bin/tests/system/dlzexternal/setup.sh
View file @
dd7d1df8
...
...
@@ -9,6 +9,6 @@
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
$DDNSCONFGEN
-q
-r
$RANDFILE
-z
example.nil
>
ns1/ddns.key
bin/tests/system/dns64/setup.sh
View file @
dd7d1df8
...
...
@@ -11,6 +11,6 @@ SYSTEMTESTTOP=..
$SHELL
clean.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
cd
ns1
&&
$SHELL
sign.sh
bin/tests/system/dnssec/ns1/sign.sh
View file @
dd7d1df8
...
...
@@ -24,7 +24,7 @@ cp ../ns2/dsset-in-addr.arpa$TP .
grep
"8 [12] "
../ns2/dsset-algroll
$TP
>
dsset-algroll
$TP
cp
../ns6/dsset-optout-tld
$TP
.
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
bin/tests/system/dnssec/ns2/sign.sh
View file @
dd7d1df8
...
...
@@ -98,7 +98,7 @@ privzone=private.secure.example.
privinfile
=
private.secure.example.db.in
privzonefile
=
private.secure.example.db
privkeyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$privzone
`
privkeyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$privzone
`
cat
$privinfile
$privkeyname
.key
>
$privzonefile
...
...
@@ -112,7 +112,7 @@ dlvinfile=dlv.db.in
dlvzonefile
=
dlv.db
dlvsetfile
=
dlvset-
`
echo
$privzone
|sed
-e
"s/
\.
$/
/g"
`
$TP
dlvkeyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$dlvzone
`
dlvkeyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$dlvzone
`
cat
$dlvinfile
$dlvkeyname
.key
$dlvsetfile
>
$dlvzonefile
...
...
bin/tests/system/dnssec/ns3/sign.sh
View file @
dd7d1df8
...
...
@@ -13,9 +13,9 @@ zone=secure.example.
infile
=
secure.example.db.in
zonefile
=
secure.example.db
cnameandkey
=
`
$KEYGEN
-T
KEY
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
host cnameandkey.
$zone
`
dnameandkey
=
`
$KEYGEN
-T
KEY
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
host dnameandkey.
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
cnameandkey
=
`
$KEYGEN
-T
KEY
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
host cnameandkey.
$zone
`
dnameandkey
=
`
$KEYGEN
-T
KEY
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
host dnameandkey.
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$cnameandkey
.key
$dnameandkey
.key
$keyname
.key
>
$zonefile
...
...
@@ -25,7 +25,7 @@ zone=bogus.example.
infile
=
bogus.example.db.in
zonefile
=
bogus.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -35,7 +35,7 @@ zone=dynamic.example.
infile
=
dynamic.example.db.in
zonefile
=
dynamic.example.db
keyname1
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
keyname1
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
keyname2
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
-f
KSK
$zone
`
cat
$infile
$keyname1
.key
$keyname2
.key
>
$zonefile
...
...
@@ -46,7 +46,7 @@ zone=keyless.example.
infile
=
generic.example.db.in
zonefile
=
keyless.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -66,7 +66,7 @@ zone=secure.nsec3.example.
infile
=
secure.nsec3.example.db.in
zonefile
=
secure.nsec3.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -79,7 +79,7 @@ zone=nsec3.nsec3.example.
infile
=
nsec3.nsec3.example.db.in
zonefile
=
nsec3.nsec3.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -92,7 +92,7 @@ zone=optout.nsec3.example.
infile
=
optout.nsec3.example.db.in
zonefile
=
optout.nsec3.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -105,7 +105,7 @@ zone=nsec3.example.
infile
=
nsec3.example.db.in
zonefile
=
nsec3.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -118,7 +118,7 @@ zone=secure.optout.example.
infile
=
secure.optout.example.db.in
zonefile
=
secure.optout.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -131,7 +131,7 @@ zone=nsec3.optout.example.
infile
=
nsec3.optout.example.db.in
zonefile
=
nsec3.optout.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -144,7 +144,7 @@ zone=optout.optout.example.
infile
=
optout.optout.example.db.in
zonefile
=
optout.optout.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -157,7 +157,7 @@ zone=optout.example.
infile
=
optout.example.db.in
zonefile
=
optout.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -170,7 +170,7 @@ zone=nsec3-unknown.example.
infile
=
nsec3-unknown.example.db.in
zonefile
=
nsec3-unknown.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -183,7 +183,7 @@ zone=optout-unknown.example.
infile
=
optout-unknown.example.db.in
zonefile
=
optout-unknown.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -197,7 +197,7 @@ zone=dnskey-unknown.example.
infile
=
dnskey-unknown.example.db.in
zonefile
=
dnskey-unknown.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -216,7 +216,7 @@ zone=dnskey-nsec3-unknown.example.
infile
=
dnskey-nsec3-unknown.example.db.in
zonefile
=
dnskey-nsec3-unknown.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -234,7 +234,7 @@ zone=multiple.example.
infile
=
multiple.example.db.in
zonefile
=
multiple.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -257,7 +257,7 @@ zone=rsasha256.example.
infile
=
rsasha256.example.db.in
zonefile
=
rsasha256.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -362,7 +362,7 @@ zonefile=ttlpatch.example.db
signedfile
=
ttlpatch.example.db.signed
patchedfile
=
ttlpatch.example.db.patched
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
$SIGNER
-P
-r
$RANDFILE
-f
$signedfile
-o
$zone
$zonefile
>
/dev/null 2>&1
...
...
@@ -377,7 +377,7 @@ infile=split-dnssec.example.db.in
zonefile
=
split-dnssec.example.db
signedfile
=
split-dnssec.example.db.signed
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
echo
'$INCLUDE "'
"
$signedfile
"
'"'
>>
$zonefile
:
>
$signedfile
...
...
@@ -391,7 +391,7 @@ infile=split-smart.example.db.in
zonefile
=
split-smart.example.db
signedfile
=
split-smart.example.db.signed
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
cp
$infile
$zonefile
echo
'$INCLUDE "'
"
$signedfile
"
'"'
>>
$zonefile
:
>
$signedfile
...
...
@@ -495,7 +495,7 @@ zone=badds.example.
infile
=
bogus.example.db.in
zonefile
=
badds.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
bin/tests/system/dnssec/ns6/sign.sh
View file @
dd7d1df8
...
...
@@ -15,7 +15,7 @@ zone=optout-tld
infile
=
optout-tld.db.in
zonefile
=
optout-tld.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
bin/tests/system/dnssec/ns7/sign.sh
View file @
dd7d1df8
...
...
@@ -15,8 +15,8 @@ zone=split-rrsig
infile
=
split-rrsig.db.in
zonefile
=
split-rrsig.db
k1
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
768
-n
zone
$zone
`
k2
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
768
-n
zone
$zone
`
k1
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
1024
-n
zone
$zone
`
k2
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
1024
-n
zone
$zone
`
cat
$infile
$k1
.key
$k2
.key
>
$zonefile
...
...
bin/tests/system/dnssec/setup.sh
View file @
dd7d1df8
...
...
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
$SHELL
clean.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
cd
ns1
&&
$SHELL
sign.sh
...
...
bin/tests/system/dnssec/tests.sh
View file @
dd7d1df8
...
...
@@ -2938,16 +2938,23 @@ until test $alg = 256
do
size
=
case
$alg
in
1
)
size
=
"-b 512"
;;
1
)
# RSA/MD5
size
=
"-b 1024"
;;
2
)
# Diffie Helman
alg
=
`
expr
$alg
+ 1
`
continue
;;
3
)
size
=
"-b 512"
;;
5
)
size
=
"-b 512"
;;
6
)
size
=
"-b 512"
;;
7
)
size
=
"-b 512"
;;
8
)
size
=
"-b 512"
;;
10
)
size
=
"-b 1024"
;;
3
)
# DSA/SHA1
size
=
"-b 512"
;;
5
)
# RSA/SHA-1
size
=
"-b 1024"
;;
6
)
# DSA-NSEC3-SHA1
size
=
"-b 512"
;;
7
)
# RSASHA1-NSEC3-SHA1
size
=
"-b 1024"
;;
8
)
# RSA/SHA-256
size
=
"-b 1024"
;;
10
)
# RSA/SHA-512
size
=
"-b 1024"
;;
157|160|161|162|163|164|165
)
# private - non standard
alg
=
`
expr
$alg
+ 1
`
continue
;;
...
...
bin/tests/system/dsdigest/setup.sh
View file @
dd7d1df8
...
...
@@ -9,6 +9,6 @@
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
cd
ns1
&&
$SHELL
sign.sh
bin/tests/system/ecdsa/setup.sh
View file @
dd7d1df8
...
...
@@ -9,6 +9,6 @@
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
cd
ns1
&&
$SHELL
sign.sh
bin/tests/system/filter-aaaa/setup.sh
View file @
dd7d1df8
...
...
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
$SHELL
clean.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
cp
ns1/named1.conf ns1/named.conf
cp
ns2/named1.conf ns2/named.conf
...
...
Prev
1
2
3
Next
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment