diff --git a/CHANGES b/CHANGES index 30c96118029cd9be0e8070e484d84fc8a77ce3d8..8aee60fc87abd853b98d944c35634463758e9049 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +4595. [func] dnssec-keygen will no longer generate RSA keys + less than 1024 bits in length. dnssec-keymgr + was similarly updated. [RT #36895] + 4594. [func] "dnstap-read -x" prints a hex dump of the wire format of each logged DNS message. [RT #44816] diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index 524b26b146cdb76edd9d4ff5bd6df582d8b1d3f1..1df9f0c236603863b83d3c946ef62aef478965b2 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -89,10 +89,10 @@ usage(void) { "NSEC3RSASHA1 if using -3)\n"); fprintf(stderr, " -3: use NSEC3-capable algorithm\n"); fprintf(stderr, " -b :\n"); - fprintf(stderr, " RSAMD5:\t[512..%d]\n", MAX_RSA); - fprintf(stderr, " RSASHA1:\t[512..%d]\n", MAX_RSA); - fprintf(stderr, " NSEC3RSASHA1:\t[512..%d]\n", MAX_RSA); - fprintf(stderr, " RSASHA256:\t[512..%d]\n", MAX_RSA); + fprintf(stderr, " RSAMD5:\t[1024..%d]\n", MAX_RSA); + fprintf(stderr, " RSASHA1:\t[1024..%d]\n", MAX_RSA); + fprintf(stderr, " NSEC3RSASHA1:\t[1024..%d]\n", MAX_RSA); + fprintf(stderr, " RSASHA256:\t[1024..%d]\n", MAX_RSA); fprintf(stderr, " RSASHA512:\t[1024..%d]\n", MAX_RSA); fprintf(stderr, " DH:\t\t[128..4096]\n"); fprintf(stderr, " DSA:\t\t[512..1024] and divisible by 64\n"); @@ -748,7 +748,7 @@ main(int argc, char **argv) { case DNS_KEYALG_RSASHA1: case DNS_KEYALG_NSEC3RSASHA1: case DNS_KEYALG_RSASHA256: - if (size != 0 && (size < 512 || size > MAX_RSA)) + if (size != 0 && (size < 1024 || size > MAX_RSA)) fatal("RSA key size %d out of range", size); break; case DNS_KEYALG_RSASHA512: diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook index f0b566506d7dcf95f95680f217b0823a60868c2c..58c222b68f3c5f924155d5c1dea10bbeaf6c2276 100644 --- a/bin/dnssec/dnssec-keygen.docbook +++ b/bin/dnssec/dnssec-keygen.docbook @@ -144,7 +144,7 @@ Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be - between 512 and 2048 bits. Diffie Hellman keys must be between + between 1024 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits. Elliptic curve algorithms don't need diff --git a/bin/python/isc/policy.py.in b/bin/python/isc/policy.py.in index 9dec2b8cf3d9d234f9b35ad7d366a0ef7705fd7e..8a1d511582bb2f47d667e1991ce233983cf8c834 100644 --- a/bin/python/isc/policy.py.in +++ b/bin/python/isc/policy.py.in @@ -131,11 +131,11 @@ class Policy: directory = None valid_key_sz_per_algo = {'DSA': [512, 1024], 'NSEC3DSA': [512, 1024], - 'RSAMD5': [512, 4096], - 'RSASHA1': [512, 4096], + 'RSAMD5': [1024, 4096], + 'RSASHA1': [1024, 4096], 'NSEC3RSASHA1': [512, 4096], - 'RSASHA256': [512, 4096], - 'RSASHA512': [512, 4096], + 'RSASHA256': [1024, 4096], + 'RSASHA512': [1024, 4096], 'ECCGOST': None, 'ECDSAP256SHA256': None, 'ECDSAP384SHA384': None} diff --git a/bin/tests/system/autosign/setup.sh b/bin/tests/system/autosign/setup.sh index cab648f747f8ac5f70dddd95e9c56d6e1615ff39..cf2e1b15dc7af708e603d4a79185f52a5eef3632 100644 --- a/bin/tests/system/autosign/setup.sh +++ b/bin/tests/system/autosign/setup.sh @@ -11,7 +11,7 @@ SYSTEMTESTTOP=.. . ./clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE echo "I:generating keys and preparing zones" cd ns1 && $SHELL keygen.sh diff --git a/bin/tests/system/dlv/setup.sh b/bin/tests/system/dlv/setup.sh index 677720c9a254a722fe5d43353e469fb574cdd5d5..cb98ad6702c02c60289a743734d18b48423b9bc1 100644 --- a/bin/tests/system/dlv/setup.sh +++ b/bin/tests/system/dlv/setup.sh @@ -9,6 +9,6 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE (cd ns1 && $SHELL -e sign.sh) diff --git a/bin/tests/system/dlvauto/ns1/sign.sh b/bin/tests/system/dlvauto/ns1/sign.sh index 8826ddca562bbff0fcd52026e7cef7eea9d595ea..a181b3650b66d3ea32cdb7b3b933db65bbf12279 100644 --- a/bin/tests/system/dlvauto/ns1/sign.sh +++ b/bin/tests/system/dlvauto/ns1/sign.sh @@ -13,7 +13,7 @@ zone=dlv.isc.org infile=dlv.isc.org.db.in zonefile=dlv.isc.org.db -dlvkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` +dlvkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone` cat $infile $dlvkey.key > $zonefile $SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null @@ -21,7 +21,7 @@ zone=. infile=root.db.in zonefile=root.db -rootkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` +rootkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone` cat $infile $rootkey.key > $zonefile $SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null diff --git a/bin/tests/system/dlvauto/setup.sh b/bin/tests/system/dlvauto/setup.sh index 13cd35780aba1d574bc0a8a03d88af78cc7502ae..a31ea34336ce63a46b044ad53354b50dc625404f 100644 --- a/bin/tests/system/dlvauto/setup.sh +++ b/bin/tests/system/dlvauto/setup.sh @@ -11,6 +11,6 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cd ns1 && $SHELL sign.sh diff --git a/bin/tests/system/dlzexternal/setup.sh b/bin/tests/system/dlzexternal/setup.sh index cce22f6e8265a7f5fde0f76a5021fea6b400ff91..7d23b3587f9a4e079065fca0bac77e0cdf248da3 100644 --- a/bin/tests/system/dlzexternal/setup.sh +++ b/bin/tests/system/dlzexternal/setup.sh @@ -9,6 +9,6 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE $DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key diff --git a/bin/tests/system/dns64/setup.sh b/bin/tests/system/dns64/setup.sh index 99689bf0bfab8c0a42a34f38cc4f359b02ae5417..ff5233c943549dbfd389b79664ccdbe5d0ce0219 100644 --- a/bin/tests/system/dns64/setup.sh +++ b/bin/tests/system/dns64/setup.sh @@ -11,6 +11,6 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cd ns1 && $SHELL sign.sh diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh index 514924b37cc916f1ab1bdec95e53c89853259892..4d59010cf435a104860503b90b89181a36e84aa0 100644 --- a/bin/tests/system/dnssec/ns1/sign.sh +++ b/bin/tests/system/dnssec/ns1/sign.sh @@ -24,7 +24,7 @@ cp ../ns2/dsset-in-addr.arpa$TP . grep "8 [12] " ../ns2/dsset-algroll$TP > dsset-algroll$TP cp ../ns6/dsset-optout-tld$TP . -keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone` cat $infile $keyname.key > $zonefile diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh index be711ca579148b4f6f08acb57e32a9c8d419a9fa..d92ec0d4cbd7c98cddec3a940c3c19453faacb04 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh @@ -98,7 +98,7 @@ privzone=private.secure.example. privinfile=private.secure.example.db.in privzonefile=private.secure.example.db -privkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $privzone` +privkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $privzone` cat $privinfile $privkeyname.key >$privzonefile @@ -112,7 +112,7 @@ dlvinfile=dlv.db.in dlvzonefile=dlv.db dlvsetfile=dlvset-`echo $privzone |sed -e "s/\.$//g"`$TP -dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone` +dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $dlvzone` cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh index 43aad4e0cab7280f1777496904522b3bf93ac039..c689cb6e096dfa1d1751fc0068b2968f87ca08b4 100644 --- a/bin/tests/system/dnssec/ns3/sign.sh +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -13,9 +13,9 @@ zone=secure.example. infile=secure.example.db.in zonefile=secure.example.db -cnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 768 -n host cnameandkey.$zone` -dnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 768 -n host dnameandkey.$zone` -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +cnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 1024 -n host cnameandkey.$zone` +dnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 1024 -n host dnameandkey.$zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` cat $infile $cnameandkey.key $dnameandkey.key $keyname.key >$zonefile @@ -25,7 +25,7 @@ zone=bogus.example. infile=bogus.example.db.in zonefile=bogus.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -35,7 +35,7 @@ zone=dynamic.example. infile=dynamic.example.db.in zonefile=dynamic.example.db -keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` +keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone` keyname2=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -46,7 +46,7 @@ zone=keyless.example. infile=generic.example.db.in zonefile=keyless.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -66,7 +66,7 @@ zone=secure.nsec3.example. infile=secure.nsec3.example.db.in zonefile=secure.nsec3.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -79,7 +79,7 @@ zone=nsec3.nsec3.example. infile=nsec3.nsec3.example.db.in zonefile=nsec3.nsec3.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -92,7 +92,7 @@ zone=optout.nsec3.example. infile=optout.nsec3.example.db.in zonefile=optout.nsec3.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -105,7 +105,7 @@ zone=nsec3.example. infile=nsec3.example.db.in zonefile=nsec3.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -118,7 +118,7 @@ zone=secure.optout.example. infile=secure.optout.example.db.in zonefile=secure.optout.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -131,7 +131,7 @@ zone=nsec3.optout.example. infile=nsec3.optout.example.db.in zonefile=nsec3.optout.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -144,7 +144,7 @@ zone=optout.optout.example. infile=optout.optout.example.db.in zonefile=optout.optout.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -157,7 +157,7 @@ zone=optout.example. infile=optout.example.db.in zonefile=optout.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -170,7 +170,7 @@ zone=nsec3-unknown.example. infile=nsec3-unknown.example.db.in zonefile=nsec3-unknown.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -183,7 +183,7 @@ zone=optout-unknown.example. infile=optout-unknown.example.db.in zonefile=optout-unknown.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -197,7 +197,7 @@ zone=dnskey-unknown.example. infile=dnskey-unknown.example.db.in zonefile=dnskey-unknown.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -216,7 +216,7 @@ zone=dnskey-nsec3-unknown.example. infile=dnskey-nsec3-unknown.example.db.in zonefile=dnskey-nsec3-unknown.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -234,7 +234,7 @@ zone=multiple.example. infile=multiple.example.db.in zonefile=multiple.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -257,7 +257,7 @@ zone=rsasha256.example. infile=rsasha256.example.db.in zonefile=rsasha256.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile @@ -362,7 +362,7 @@ zonefile=ttlpatch.example.db signedfile=ttlpatch.example.db.signed patchedfile=ttlpatch.example.db.patched -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile $SIGNER -P -r $RANDFILE -f $signedfile -o $zone $zonefile > /dev/null 2>&1 @@ -377,7 +377,7 @@ infile=split-dnssec.example.db.in zonefile=split-dnssec.example.db signedfile=split-dnssec.example.db.signed -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile echo '$INCLUDE "'"$signedfile"'"' >> $zonefile : > $signedfile @@ -391,7 +391,7 @@ infile=split-smart.example.db.in zonefile=split-smart.example.db signedfile=split-smart.example.db.signed -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` cp $infile $zonefile echo '$INCLUDE "'"$signedfile"'"' >> $zonefile : > $signedfile @@ -495,7 +495,7 @@ zone=badds.example. infile=bogus.example.db.in zonefile=badds.example.db -keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile diff --git a/bin/tests/system/dnssec/ns6/sign.sh b/bin/tests/system/dnssec/ns6/sign.sh index 94a5de24d4888ad79c5c9413799217b1fa578774..db34b0535b86da95d98795d9a9479dfbd5cbd76d 100644 --- a/bin/tests/system/dnssec/ns6/sign.sh +++ b/bin/tests/system/dnssec/ns6/sign.sh @@ -15,7 +15,7 @@ zone=optout-tld infile=optout-tld.db.in zonefile=optout-tld.db -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone` cat $infile $keyname.key >$zonefile diff --git a/bin/tests/system/dnssec/ns7/sign.sh b/bin/tests/system/dnssec/ns7/sign.sh index 2c851df37a5968543a8ae062c58e6e4b419a948a..5eda54cb62fa659757265d29d621b1eb2d5ad454 100644 --- a/bin/tests/system/dnssec/ns7/sign.sh +++ b/bin/tests/system/dnssec/ns7/sign.sh @@ -15,8 +15,8 @@ zone=split-rrsig infile=split-rrsig.db.in zonefile=split-rrsig.db -k1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone` -k2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone` +k1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone` +k2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone` cat $infile $k1.key $k2.key >$zonefile diff --git a/bin/tests/system/dnssec/setup.sh b/bin/tests/system/dnssec/setup.sh index 6b28cbf5c019178e7bf079c93dfeb450f206e2ce..78bfd01e180bf8421413ac08087191007505a63b 100644 --- a/bin/tests/system/dnssec/setup.sh +++ b/bin/tests/system/dnssec/setup.sh @@ -11,7 +11,7 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cd ns1 && $SHELL sign.sh diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index ab28b8b72fdf160f6643442a5c93005fcafdf0ae..040f67c50d0c31d07d489c83ec858b983fe0ed67 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -2938,16 +2938,23 @@ until test $alg = 256 do size= case $alg in - 1) size="-b 512";; + 1) # RSA/MD5 + size="-b 1024";; 2) # Diffie Helman alg=`expr $alg + 1` continue;; - 3) size="-b 512";; - 5) size="-b 512";; - 6) size="-b 512";; - 7) size="-b 512";; - 8) size="-b 512";; - 10) size="-b 1024";; + 3) # DSA/SHA1 + size="-b 512";; + 5) # RSA/SHA-1 + size="-b 1024";; + 6) # DSA-NSEC3-SHA1 + size="-b 512";; + 7) # RSASHA1-NSEC3-SHA1 + size="-b 1024";; + 8) # RSA/SHA-256 + size="-b 1024";; + 10) # RSA/SHA-512 + size="-b 1024";; 157|160|161|162|163|164|165) # private - non standard alg=`expr $alg + 1` continue;; diff --git a/bin/tests/system/dsdigest/setup.sh b/bin/tests/system/dsdigest/setup.sh index e5f0a4874ff1d40ba639c38d3d11d00db1d2634c..40b89f4fd96ff3ee39841dc875e9b279206c465a 100644 --- a/bin/tests/system/dsdigest/setup.sh +++ b/bin/tests/system/dsdigest/setup.sh @@ -9,6 +9,6 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cd ns1 && $SHELL sign.sh diff --git a/bin/tests/system/ecdsa/setup.sh b/bin/tests/system/ecdsa/setup.sh index e5f0a4874ff1d40ba639c38d3d11d00db1d2634c..40b89f4fd96ff3ee39841dc875e9b279206c465a 100644 --- a/bin/tests/system/ecdsa/setup.sh +++ b/bin/tests/system/ecdsa/setup.sh @@ -9,6 +9,6 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cd ns1 && $SHELL sign.sh diff --git a/bin/tests/system/filter-aaaa/setup.sh b/bin/tests/system/filter-aaaa/setup.sh index 476acba5d9192f6310dbd89ee73024a05a41d2eb..3302376ffa21b1252597f68247f0dc69cace0ea9 100644 --- a/bin/tests/system/filter-aaaa/setup.sh +++ b/bin/tests/system/filter-aaaa/setup.sh @@ -11,7 +11,7 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cp ns1/named1.conf ns1/named.conf cp ns2/named1.conf ns2/named.conf diff --git a/bin/tests/system/gost/setup.sh b/bin/tests/system/gost/setup.sh index 07b8048f4d6f115ad15970ddb2db97d2428d4ee6..b5fddac571c578b89d31c4c3445777a3f071bb08 100644 --- a/bin/tests/system/gost/setup.sh +++ b/bin/tests/system/gost/setup.sh @@ -9,6 +9,6 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cd ns1 && $SHELL sign.sh diff --git a/bin/tests/system/inline/ns1/sign.sh b/bin/tests/system/inline/ns1/sign.sh index f71bff4856a9977f1b804e63a2c4b34cd37c9632..f380de6f8c04fdafe10258599948e5a43f7e4250 100644 --- a/bin/tests/system/inline/ns1/sign.sh +++ b/bin/tests/system/inline/ns1/sign.sh @@ -14,7 +14,7 @@ SYSTEMTESTTOP=../.. zone=. rm -f K.+*+*.key rm -f K.+*+*.private -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` $SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out 2>&1 [ $? = 0 ] || cat signer.out diff --git a/bin/tests/system/inline/ns3/sign.sh b/bin/tests/system/inline/ns3/sign.sh index f2c3eace877bbd4d2a4616b2a083591e97edb919..f49ccb74bf6c626f03fe6ba0157f507da5a71f23 100755 --- a/bin/tests/system/inline/ns3/sign.sh +++ b/bin/tests/system/inline/ns3/sign.sh @@ -12,35 +12,35 @@ SYSTEMTESTTOP=../.. zone=bits rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db zone=noixfr rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db zone=master rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db zone=dynamic rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db zone=updated rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db $SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1 @@ -50,7 +50,7 @@ cp master2.db.in updated.db zone=expired rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db $SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1 @@ -58,7 +58,7 @@ $SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} zone=retransfer rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db @@ -71,20 +71,20 @@ $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db zone=retransfer3 rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone` $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db for s in a c d h k l m q z do zone=test-$s - keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` + keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` done for s in b f i o p t v do zone=test-$s - keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` + keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` done diff --git a/bin/tests/system/inline/setup.sh b/bin/tests/system/inline/setup.sh index c7f27d6621177ec30180396eca275b3214800142..a84477626a486f9de0fd2e98c0249458f7f507c1 100644 --- a/bin/tests/system/inline/setup.sh +++ b/bin/tests/system/inline/setup.sh @@ -9,7 +9,7 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cp ns1/root.db.in ns1/root.db rm -f ns1/root.db.signed diff --git a/bin/tests/system/keepalive/setup.sh b/bin/tests/system/keepalive/setup.sh index 0f5c88e037553fb1894444b2c8778ed85828a643..25cb9a69791b89db924658640d6f44f5433b17b5 100644 --- a/bin/tests/system/keepalive/setup.sh +++ b/bin/tests/system/keepalive/setup.sh @@ -11,4 +11,4 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE diff --git a/bin/tests/system/legacy/build.sh b/bin/tests/system/legacy/build.sh index 60f793685a384b9da85d9b38fc21413fe7e06ef7..424ce7a717b8c446343467cd14ce0f630ea4331b 100644 --- a/bin/tests/system/legacy/build.sh +++ b/bin/tests/system/legacy/build.sh @@ -9,7 +9,7 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE $SHELL clean.sh diff --git a/bin/tests/system/masterformat/setup.sh b/bin/tests/system/masterformat/setup.sh index adff5de9dfa192f6a507eb40cd0cd0fa440e75b4..3abba7dd1019a17e3ee5c6bf7bedc0bd8a2be1ef 100755 --- a/bin/tests/system/masterformat/setup.sh +++ b/bin/tests/system/masterformat/setup.sh @@ -7,7 +7,7 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE rm -f named-compilezone ln -s $CHECKZONE named-compilezone diff --git a/bin/tests/system/metadata/setup.sh b/bin/tests/system/metadata/setup.sh index 988e39deec47a7e123c9c3e38720c4f773a019e2..57858eddf72e76f41f0a3282a2025f62dc1931e7 100644 --- a/bin/tests/system/metadata/setup.sh +++ b/bin/tests/system/metadata/setup.sh @@ -11,7 +11,7 @@ SYSTEMTESTTOP=.. $SHELL ./clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE pzone=parent.nil czone=child.parent.nil diff --git a/bin/tests/system/metadata/tests.sh b/bin/tests/system/metadata/tests.sh index e5b2109686fc40aeb0905481163f304b309112c7..6edbc96a819fbd2e1cd9bf2c380f6c1e0d5fa28d 100644 --- a/bin/tests/system/metadata/tests.sh +++ b/bin/tests/system/metadata/tests.sh @@ -28,7 +28,7 @@ rolling=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < rolling.key` standby=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < standby.key` zsk=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < zsk.key` -$GENRANDOM 400 $RANDFILE +$GENRANDOM 800 $RANDFILE echo "I:signing zones" $SIGNER -Sg -o $czone $cfile > /dev/null 2>&1 diff --git a/bin/tests/system/mkeys/setup.sh b/bin/tests/system/mkeys/setup.sh index 6ef53372ef72fc3de93c8f25ed4b5fc453ec52ff..2c571eb224ed5d4de8c3c36dc96eeca18938a703 100644 --- a/bin/tests/system/mkeys/setup.sh +++ b/bin/tests/system/mkeys/setup.sh @@ -11,7 +11,7 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cp ns1/named1.conf ns1/named.conf diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh index 3ca59fcea1b40aa6c3d346483c5c81e85597a8db..1a5551ed5b577ea7c3344fc3906dfb40a17895a7 100644 --- a/bin/tests/system/nsupdate/setup.sh +++ b/bin/tests/system/nsupdate/setup.sh @@ -9,7 +9,7 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE # # jnl and database files MUST be removed before we start diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh index c771bd8e4f4341f1b4a3dc6a2d4053c2cdc8cebe..0baea8a94c8c73e95b34c7dfeb17b7527b8b1cfa 100755 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -160,7 +160,7 @@ grep ns6.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1 ret=0 echo "I:check SIG(0) key is accepted" -key=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 512 -T KEY -n ENTITY xxx` +key=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -T KEY -n ENTITY xxx` echo "" | $NSUPDATE -k ${key}.private > /dev/null 2>&1 || ret=1 [ $ret = 0 ] || { echo I:failed; status=1; } diff --git a/bin/tests/system/padding/setup.sh b/bin/tests/system/padding/setup.sh index 0f5c88e037553fb1894444b2c8778ed85828a643..25cb9a69791b89db924658640d6f44f5433b17b5 100644 --- a/bin/tests/system/padding/setup.sh +++ b/bin/tests/system/padding/setup.sh @@ -11,4 +11,4 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE diff --git a/bin/tests/system/pending/ns2/sign.sh b/bin/tests/system/pending/ns2/sign.sh index dc41cfa2154c911aab4b4d229780fbc84f5df941..9663428603fc9e012354b2b238e1e612cf5b804f 100644 --- a/bin/tests/system/pending/ns2/sign.sh +++ b/bin/tests/system/pending/ns2/sign.sh @@ -16,7 +16,7 @@ for domain in example example.com; do infile=${domain}.db.in zonefile=${domain}.db - keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` keyname2=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -f KSK -n zone $zone` cat $infile $keyname1.key $keyname2.key > $zonefile diff --git a/bin/tests/system/pending/setup.sh b/bin/tests/system/pending/setup.sh index a3304cb20281a6e6e5cf9629055f432304ba2309..186ed94ea512a3d0c23f1dd75e83bd8196f6046b 100644 --- a/bin/tests/system/pending/setup.sh +++ b/bin/tests/system/pending/setup.sh @@ -9,6 +9,6 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cd ns1 && $SHELL -e sign.sh diff --git a/bin/tests/system/pipelined/setup.sh b/bin/tests/system/pipelined/setup.sh index d541f0d110a4a211628efc7daad56085db0f83f4..0f7d7423a910a45c539f0f2f162bd144f63387df 100644 --- a/bin/tests/system/pipelined/setup.sh +++ b/bin/tests/system/pipelined/setup.sh @@ -11,4 +11,4 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE diff --git a/bin/tests/system/redirect/setup.sh b/bin/tests/system/redirect/setup.sh index 5e70ea726f3c2c883c14fdb0535b08ed0f4a1480..a0ae8a957558143d062ac1362a13f3d90ab89210 100644 --- a/bin/tests/system/redirect/setup.sh +++ b/bin/tests/system/redirect/setup.sh @@ -11,7 +11,7 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cp ns2/redirect.db.in ns2/redirect.db cp ns2/example.db.in ns2/example.db diff --git a/bin/tests/system/resolver/setup.sh b/bin/tests/system/resolver/setup.sh index 51537ba81e620d915a19f7b7ab3facd7b50c633b..1e51b86d851d861e92b495aca382ed677f44a97f 100644 --- a/bin/tests/system/resolver/setup.sh +++ b/bin/tests/system/resolver/setup.sh @@ -9,7 +9,7 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cp ns4/tld1.db ns4/tld.db cp ns6/to-be-removed.tld.db.in ns6/to-be-removed.tld.db diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh index 9f78481439c8b5134bc5aeb5433ab6557e8f73c0..6ea9f323c16fc64e35de4a235995e3c6f9719004 100644 --- a/bin/tests/system/rndc/setup.sh +++ b/bin/tests/system/rndc/setup.sh @@ -11,7 +11,7 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE $SHELL ../genzone.sh 2 >ns2/nil.db $SHELL ../genzone.sh 2 >ns2/other.db diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh index 6e9740cffa83b33ecac35913ac4da4432356d136..6c816d77f7c5f3e1a4c70d1c3053ec7ab015b390 100644 --- a/bin/tests/system/rndc/tests.sh +++ b/bin/tests/system/rndc/tests.sh @@ -569,8 +569,8 @@ fi n=`expr $n + 1` echo "I:check 'rndc \"\"' is handled ($n)" ret=0 -$RNDCCMD "" > rndc.out.test$n 2>&1 && ret=1 -grep "rndc: '' failed: failure" rndc.out.test$n > /dev/null +$RNDCCMD "" > rndc.output.test$n 2>&1 && ret=1 +grep "rndc: '' failed: failure" rndc.output.test$n > /dev/null if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` diff --git a/bin/tests/system/rpz/setup.sh b/bin/tests/system/rpz/setup.sh index e0e0e4a6a2fa02833c7f9d7b8783c9f81852f94c..12aeef1176b716475b6adbe18788cfb0d73b9e5d 100644 --- a/bin/tests/system/rpz/setup.sh +++ b/bin/tests/system/rpz/setup.sh @@ -26,11 +26,11 @@ for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wild done # sign the root and a zone in ns2 -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE # $1=directory, $2=domain name, $3=input zone file, $4=output file signzone () { - KEYNAME=`$KEYGEN -q -r $RANDFILE -b 512 -K $1 $2` + KEYNAME=`$KEYGEN -q -r $RANDFILE -b 1024 -K $1 $2` cat $1/$3 $1/$KEYNAME.key > $1/tmp $SIGNER -Pp -K $1 -o $2 -f $1/$4 $1/tmp >/dev/null sed -n -e 's/\(.*\) IN DNSKEY \([0-9]\{1,\} [0-9]\{1,\} [0-9]\{1,\}\) \(.*\)/trusted-keys {"\1" \2 "\3";};/p' $1/$KEYNAME.key >>trusted.conf diff --git a/bin/tests/system/rsabigexponent/prereq.sh b/bin/tests/system/rsabigexponent/prereq.sh index 91780dc5a6994cd35faa3ae37d5773ccaa42ab9c..4a8c4407a910dcf2ba71347aec4b8580e4748ebd 100644 --- a/bin/tests/system/rsabigexponent/prereq.sh +++ b/bin/tests/system/rsabigexponent/prereq.sh @@ -9,7 +9,7 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE if $BIGKEY > /dev/null 2>&1 then diff --git a/bin/tests/system/rsabigexponent/setup.sh b/bin/tests/system/rsabigexponent/setup.sh index ab6477456c9e8cc4aab5544ccd63980da7674370..4e47409fc5792ebdb55cc70787f49a4011b65930 100644 --- a/bin/tests/system/rsabigexponent/setup.sh +++ b/bin/tests/system/rsabigexponent/setup.sh @@ -11,6 +11,6 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cd ns1 && $SHELL -e sign.sh diff --git a/bin/tests/system/sfcache/ns1/sign.sh b/bin/tests/system/sfcache/ns1/sign.sh index 647b30f09c04212fd16248dc895b9b8641b1a5c8..9ab0754419ee2b6fe1864467da13725f4d539607 100644 --- a/bin/tests/system/sfcache/ns1/sign.sh +++ b/bin/tests/system/sfcache/ns1/sign.sh @@ -17,7 +17,7 @@ zonefile=root.db cp ../ns2/dsset-example$TP . -keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone` cat $infile $keyname.key > $zonefile diff --git a/bin/tests/system/sfcache/prereq.sh b/bin/tests/system/sfcache/prereq.sh index 18f6e96a69b0ea45942a82786cb03772909a4479..2fdd872b7772fc9453e934ee69d1ed1a78d5723a 100644 --- a/bin/tests/system/sfcache/prereq.sh +++ b/bin/tests/system/sfcache/prereq.sh @@ -9,9 +9,9 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -$GENRANDOM 400 $RANDFILE +$GENRANDOM 800 $RANDFILE -if $KEYGEN -q -a RSAMD5 -b 512 -n zone -r $RANDFILE foo > /dev/null 2>&1 +if $KEYGEN -q -a RSAMD5 -b 1024 -n zone -r $RANDFILE foo > /dev/null 2>&1 then rm -f Kfoo* else diff --git a/bin/tests/system/sfcache/setup.sh b/bin/tests/system/sfcache/setup.sh index b5d5a7a7138a090156e9b1ee63c1584d5972b170..ea6366c6714b9e6d4e749b26f869b1435a16290c 100644 --- a/bin/tests/system/sfcache/setup.sh +++ b/bin/tests/system/sfcache/setup.sh @@ -11,7 +11,7 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cd ns1 && $SHELL sign.sh diff --git a/bin/tests/system/smartsign/setup.sh b/bin/tests/system/smartsign/setup.sh index 3c64bf6c57e0b7a0b89c19ed95387d87d4987e8a..3372c41c289943679d4ee3c5a58606d04c2fcab2 100644 --- a/bin/tests/system/smartsign/setup.sh +++ b/bin/tests/system/smartsign/setup.sh @@ -11,4 +11,4 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE diff --git a/bin/tests/system/staticstub/ns4/sign.sh b/bin/tests/system/staticstub/ns4/sign.sh index 4dda61069733b85a13faf50373a5c8951c61d3a5..e9a50b86cb1afabf05954d0a3d86ce00ef5919be 100755 --- a/bin/tests/system/staticstub/ns4/sign.sh +++ b/bin/tests/system/staticstub/ns4/sign.sh @@ -15,7 +15,7 @@ zone=sub.example infile=${zone}.db.in zonefile=${zone}.db -keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` +keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone` keyname2=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -f KSK -n zone $zone` cat $infile $keyname1.key $keyname2.key > $zonefile diff --git a/bin/tests/system/staticstub/setup.sh b/bin/tests/system/staticstub/setup.sh index a3d09923a4d6a6f8db443461d69db7a32a3ecfd0..1b3f4ad3d038e3cc5debf1ea2684eeb9b0664569 100755 --- a/bin/tests/system/staticstub/setup.sh +++ b/bin/tests/system/staticstub/setup.sh @@ -13,6 +13,6 @@ sed 's/SERVER_CONFIG_PLACEHOLDER/server-names { "ns.example.net"; };/' ns2/named sed 's/EXAMPLE_ZONE_PLACEHOLDER/zone "example" { type master; file "example.db.signed"; };/' ns3/named.conf.in > ns3/named.conf -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cd ns3 && $SHELL -e sign.sh diff --git a/bin/tests/system/testcrypto.sh b/bin/tests/system/testcrypto.sh index 07bded63758734ab6976e95cbc3ca123a7aee09b..46ebfe277491afc65b5762a3f925bad07d6e4f89 100644 --- a/bin/tests/system/testcrypto.sh +++ b/bin/tests/system/testcrypto.sh @@ -9,12 +9,12 @@ SYSTEMTESTTOP=${SYSTEMTESTTOP:=..} . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE prog=$0 args="-r $RANDFILE" -alg="-a RSAMD5 -b 512" +alg="-a RSAMD5 -b 1024" quiet=0 msg1="cryptography" diff --git a/bin/tests/system/tkey/setup.sh b/bin/tests/system/tkey/setup.sh index eec303725d3cae02c9b38304ba46a52afd9e9b9b..8bf19cb946eee854c3b949f8d0283118936e9b8d 100644 --- a/bin/tests/system/tkey/setup.sh +++ b/bin/tests/system/tkey/setup.sh @@ -11,6 +11,6 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE cd ns1 && $SHELL setup.sh diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh index de6f0ab313e32143f2c2a33bb683d903ec437838..9ea7292afd6b5d78f25e207493309778d6d2e0ae 100644 --- a/bin/tests/system/tsig/setup.sh +++ b/bin/tests/system/tsig/setup.sh @@ -11,4 +11,4 @@ SYSTEMTESTTOP=.. sh clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh index 58d61d996c552b9d6f981fa5c049d8d60f920c22..c40da019f8142ad69fb2d4c771cbddf6d63e1ee0 100644 --- a/bin/tests/system/tsiggss/setup.sh +++ b/bin/tests/system/tsiggss/setup.sh @@ -9,7 +9,7 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE rm -f ns1/*.jnl ns1/K*.key ns1/K*.private ns1/_default.tsigkeys diff --git a/bin/tests/system/unknown/ns3/sign.sh b/bin/tests/system/unknown/ns3/sign.sh index cb8cbac149470b33238de4561de526dec82b3ed2..f489b03b63701526b119e1e858a5b666df09469a 100644 --- a/bin/tests/system/unknown/ns3/sign.sh +++ b/bin/tests/system/unknown/ns3/sign.sh @@ -14,5 +14,5 @@ SYSTEMTESTTOP=../.. zone=example rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` +keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone` diff --git a/bin/tests/system/unknown/setup.sh b/bin/tests/system/unknown/setup.sh index 4db528f0b9c938aa656e76f899e0f80a7f921418..f236d0fb5fa5b40b052bf48e0796eca818475b61 100644 --- a/bin/tests/system/unknown/setup.sh +++ b/bin/tests/system/unknown/setup.sh @@ -9,6 +9,6 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE (cd ns3; $SHELL -e sign.sh) diff --git a/bin/tests/system/upforwd/setup.sh b/bin/tests/system/upforwd/setup.sh index f40a3e06ce19307ddc73cfdc340b3e15aa4cdd2e..05c356a155428923d3e094278173002ae4aa378a 100644 --- a/bin/tests/system/upforwd/setup.sh +++ b/bin/tests/system/upforwd/setup.sh @@ -18,7 +18,7 @@ rm -f Ksig0.example2.* # # SIG(0) required cryptographic support which may not be configured. # -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE keyname=`$KEYGEN -q -r $RANDFILE -n HOST -a RSASHA1 -b 1024 -T KEY sig0.example2 2>/dev/null | $D2U` if test -n "$keyname" then diff --git a/bin/tests/system/verify/setup.sh b/bin/tests/system/verify/setup.sh index 0a8a5963bad067c7d8ef00de6fe9e673e9bba419..4ef23d6d90ea0f5abe74f239303caf61fcd8770f 100644 --- a/bin/tests/system/verify/setup.sh +++ b/bin/tests/system/verify/setup.sh @@ -11,6 +11,6 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE (cd zones && $SHELL genzones.sh) diff --git a/bin/tests/system/views/setup.sh b/bin/tests/system/views/setup.sh index a5250f90c8b782da69abe2644f35e118c09ef4fa..1e661f913be9c75447f665089839233618cb5e78 100644 --- a/bin/tests/system/views/setup.sh +++ b/bin/tests/system/views/setup.sh @@ -19,7 +19,7 @@ rm -f ns2/internal/inline.db.signed.jnl SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE # # We remove k1 and k2 as KEYGEN is deterministic when given the diff --git a/bin/tests/system/wildcard/setup.sh b/bin/tests/system/wildcard/setup.sh index 80597c4df8c61cb295944d7f0dc451a45c4b2708..425e1350350423c0d009f5062c402dca5c37aa61 100644 --- a/bin/tests/system/wildcard/setup.sh +++ b/bin/tests/system/wildcard/setup.sh @@ -9,6 +9,6 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE (cd ns1 && $SHELL -e sign.sh) diff --git a/bin/tests/system/zonechecks/setup.sh b/bin/tests/system/zonechecks/setup.sh index 4b64918debbb344fd6ee5e9c1a58c45700741933..77089938ff75b6c6a0a6374dfd411ec80e886e17 100644 --- a/bin/tests/system/zonechecks/setup.sh +++ b/bin/tests/system/zonechecks/setup.sh @@ -11,7 +11,7 @@ SYSTEMTESTTOP=.. $SHELL clean.sh -test -r $RANDFILE || $GENRANDOM 400 $RANDFILE +test -r $RANDFILE || $GENRANDOM 800 $RANDFILE $SHELL ../genzone.sh 1 > ns1/master.db $SHELL ../genzone.sh 1 > ns1/duplicate.db