From 1c464828a5ad8f47a6acf7b6d6ec1f324fe63b51 Mon Sep 17 00:00:00 2001

From: Nalin Dahyabhai <nalin@redhat.com>

Date: Tue, 12 Jan 2016 17:27:18 -0500

Subject: [PATCH] Stop assuming RSA 512 works

For the sake of F24, stop assuming that we'll be able to generate

512-bit RSA keys.  We use certutil to do some of it, and it doesn't give

us a way to toggle support on.

---

 tests/001-keyiread-rsa/expected.out |   2 -

 tests/001-keyiread-rsa/run.sh       |   4 +-

 tests/001-keyiread/expected.out     |   2 -

 tests/001-keyiread/run.sh           |   4 +-

 tests/002-keygen-dsa/expected.out   |   6 --

 tests/002-keygen-dsa/run.sh         |   4 +-

 tests/002-keygen-rsa/expected.out   |   6 --

 tests/002-keygen-rsa/run.sh         |   4 +-

 tests/002-keygen/expected.out       |  18 -----

 tests/002-keygen/run.sh             |   4 +-

 tests/003-csrgen-rsa/expected.out   | 124 ++++++++++++++--------------

 tests/003-csrgen-rsa/run.sh         |   4 +-

 tests/003-csrgen/expected.out       | 157 +++++++++++++++++-------------------

 tests/003-csrgen/run.sh             |   4 +-

 tests/004-selfsign-rsa/expected.out |   1 -

 tests/004-selfsign-rsa/run.sh       |   2 +-

 tests/004-selfsign/expected.out     |   1 -

 tests/004-selfsign/run.sh           |   2 +-

 18 files changed, 152 insertions(+), 197 deletions(-)

diff --git a/tests/001-keyiread-rsa/expected.out b/tests/001-keyiread-rsa/expected.out

index fa3493c04b26eb676700abdab7895fe0a1ee3d6d..727897d14f9a3eb8eab8c3b12964fa7d38cefdef 100644

--- a/tests/001-keyiread-rsa/expected.out

+++ b/tests/001-keyiread-rsa/expected.out

@@ -1,10 +1,8 @@

-OK (RSA:512).

 OK (RSA:1024).

 OK (RSA:1536).

 OK (RSA:2048).

 OK (RSA:3072).

 OK (RSA:4096).

-OK (RSA:512).

 OK (RSA:1024).

 OK (RSA:1536).

 OK (RSA:2048).

diff --git a/tests/001-keyiread-rsa/run.sh b/tests/001-keyiread-rsa/run.sh

index b5ac7150b80af45a23a56be6a49f3884a9f5049a..c7b7768690e80a9f3fcba0e42fe4a96b60efe48c 100755

--- a/tests/001-keyiread-rsa/run.sh

+++ b/tests/001-keyiread-rsa/run.sh

@@ -5,7 +5,7 @@ cd "$tmpdir"

 source "$srcdir"/functions

 initnssdb "$tmpdir"

-for size in 512 1024 1536 2048 3072 4096 ; do

+for size in 1024 1536 2048 3072 4096 ; do

 	# Generate a self-signed cert.

 	run_certutil -d "$tmpdir" -S -g $size -n keyi$size \

 		-s "cn=T$size" -c "cn=T$size" \

@@ -30,7 +30,7 @@ for size in 512 1024 1536 2048 3072 4096 ; do

 	$toolsdir/keyiread entry.nss.$size

 done

-for size in 512 1024 1536 2048 3072 4096 ; do

+for size in 1024 1536 2048 3072 4096 ; do

 	# Generate a key.

 	openssl genrsa $size > sample.$size 2> /dev/null

 	# Check the size of the key.

diff --git a/tests/001-keyiread/expected.out b/tests/001-keyiread/expected.out

index fa3493c04b26eb676700abdab7895fe0a1ee3d6d..727897d14f9a3eb8eab8c3b12964fa7d38cefdef 100644

--- a/tests/001-keyiread/expected.out

+++ b/tests/001-keyiread/expected.out

@@ -1,10 +1,8 @@

-OK (RSA:512).

 OK (RSA:1024).

 OK (RSA:1536).

 OK (RSA:2048).

 OK (RSA:3072).

 OK (RSA:4096).

-OK (RSA:512).

 OK (RSA:1024).

 OK (RSA:1536).

 OK (RSA:2048).

diff --git a/tests/001-keyiread/run.sh b/tests/001-keyiread/run.sh

index d95043d164e133ed23148719b74513d745ebec66..ce1428edd8d022d8a7f7f735154234bbdc4bf228 100755

--- a/tests/001-keyiread/run.sh

+++ b/tests/001-keyiread/run.sh

@@ -5,7 +5,7 @@ cd "$tmpdir"

 source "$srcdir"/functions

 initnssdb "$tmpdir"

-for size in 512 1024 1536 2048 3072 4096 ; do

+for size in 1024 1536 2048 3072 4096 ; do

 	# Generate a self-signed cert.

 	run_certutil -d "$tmpdir" -S -g $size -n keyi$size \

 		-s "cn=T$size" -c "cn=T$size" \

@@ -30,7 +30,7 @@ for size in 512 1024 1536 2048 3072 4096 ; do

 	$toolsdir/keyiread entry.nss.$size

 done

-for size in 512 1024 1536 2048 3072 4096 ; do

+for size in 1024 1536 2048 3072 4096 ; do

 	# Generate a key.

 	openssl genrsa $size > sample.$size 2> /dev/null

 	# Check the size of the key.

diff --git a/tests/002-keygen-dsa/expected.out b/tests/002-keygen-dsa/expected.out

index f2a44d26286605c4186963f6c43b6dbd6e2e81cc..7445bcc2628dd78eef0cea4c90339c79fb3571cf 100644

--- a/tests/002-keygen-dsa/expected.out

+++ b/tests/002-keygen-dsa/expected.out

@@ -1,6 +1,3 @@

-[nss:512]

-OK.

-OK (DSA:512).

 [nss:1024]

 OK.

 OK (DSA:1024).

@@ -20,9 +17,6 @@ OK (DSA:3072).

 Failed to save NSS:${tmpdir}/rosubdir: need fs permissions.

 [nss:rwsubdir]

 Failed to save NSS:${tmpdir}/rwsubdir: need fs permissions.

-[openssl:512]

-OK.

-OK (DSA:512).

 [openssl:1024]

 OK.

 OK (DSA:1024).

diff --git a/tests/002-keygen-dsa/run.sh b/tests/002-keygen-dsa/run.sh

index fad19de1d365466c0bfd739fbd8be1be9135a291..d9cff0e973bcdffcbeda4c702d3ee86b27d07e43 100755

--- a/tests/002-keygen-dsa/run.sh

+++ b/tests/002-keygen-dsa/run.sh

@@ -5,7 +5,7 @@ cd "$tmpdir"

 source "$srcdir"/functions

 initnssdb "$tmpdir"

-for size in 512 1024 1536 2048 3072 4096 ; do

+for size in 1024 1536 2048 3072 4096 ; do

 	echo "[nss:$size]"

 	# Generate a key.

 	cat > entry.$size <<- EOF

@@ -41,7 +41,7 @@ key_gen_type=DSA

 EOF

 $toolsdir/keygen entry.$size || true

-for size in 512 1024 1536 2048 3072 4096 ; do

+for size in 1024 1536 2048 3072 4096 ; do

 	echo "[openssl:$size]"

 	# Generate a key.

 	cat > entry.$size <<- EOF

diff --git a/tests/002-keygen-rsa/expected.out b/tests/002-keygen-rsa/expected.out

index 33f0f48ea92e0b7fa17ccc6a1938fe37d7335c8a..3e6e9f3c1b293a0a9c16085bfbf243d44e43e129 100644

--- a/tests/002-keygen-rsa/expected.out

+++ b/tests/002-keygen-rsa/expected.out

@@ -1,6 +1,3 @@

-[nss:512]

-OK.

-OK (RSA:512).

 [nss:1024]

 OK.

 OK (RSA:1024).

@@ -20,9 +17,6 @@ OK (RSA:4096).

 Failed to save NSS:${tmpdir}/rosubdir: need fs permissions.

 [nss:rwsubdir]

 Failed to save NSS:${tmpdir}/rwsubdir: need fs permissions.

-[openssl:512]

-OK.

-OK (RSA:512).

 [openssl:1024]

 OK.

 OK (RSA:1024).

diff --git a/tests/002-keygen-rsa/run.sh b/tests/002-keygen-rsa/run.sh

index b133edd8535db75804c82f7505e055c9b1bd0aa2..476f412753511772c506e76d8f3bb9c128b8aa1e 100755

--- a/tests/002-keygen-rsa/run.sh

+++ b/tests/002-keygen-rsa/run.sh

@@ -5,7 +5,7 @@ cd "$tmpdir"

 source "$srcdir"/functions

 initnssdb "$tmpdir"

-for size in 512 1024 1536 2048 3072 4096 ; do

+for size in 1024 1536 2048 3072 4096 ; do

 	echo "[nss:$size]"

 	# Generate a key.

 	cat > entry.$size <<- EOF

@@ -41,7 +41,7 @@ key_gen_type=RSA

 EOF

 $toolsdir/keygen entry.$size || true

-for size in 512 1024 1536 2048 3072 4096 ; do

+for size in 1024 1536 2048 3072 4096 ; do

 	echo "[openssl:$size]"

 	# Generate a key.

 	cat > entry.$size <<- EOF

diff --git a/tests/002-keygen/expected.out b/tests/002-keygen/expected.out

index f47d2d564bfd36d8d944bc388119314ee41c3722..ff56372aac282743f79699b0b381fcf198bd5db4 100644

--- a/tests/002-keygen/expected.out

+++ b/tests/002-keygen/expected.out

@@ -1,12 +1,3 @@

-[nss:512]

-OK.

-OK (RSA:512).

-OK.

-OK (RSA:512 after RSA:512).

-OK.

-OK (RSA:512 after RSA:512).

-keyi512

-keyi512 (candidate (next))

 [nss:1024]

 OK.

 OK (RSA:1024).

@@ -56,15 +47,6 @@ keyi4096 (candidate (next))

 Failed to save NSS:${tmpdir}/rosubdir: need fs permissions.

 [nss:rwsubdir]

 Failed to save NSS:${tmpdir}/rwsubdir: need fs permissions.

-[openssl:512]

-OK.

-OK (RSA:512).

-OK.

-OK (RSA:512 after RSA:512).

-OK.

-OK (RSA:512 after RSA:512).

-${tmpdir}/sample.512

-${tmpdir}/sample.512.(next).key

 [openssl:1024]

 OK.

 OK (RSA:1024).

diff --git a/tests/002-keygen/run.sh b/tests/002-keygen/run.sh

index a0867cf1e3fd0a9f18d275ab308ec93808936b4b..f550feebac5ed10a52500286bb8b779ed8e1526a 100755

--- a/tests/002-keygen/run.sh

+++ b/tests/002-keygen/run.sh

@@ -5,7 +5,7 @@ cd "$tmpdir"

 source "$srcdir"/functions

 initnssdb "$tmpdir"

-for size in 512 1024 1536 2048 3072 4096 ; do

+for size in 1024 1536 2048 3072 4096 ; do

 	echo "[nss:$size]"

 	# Generate a key.

 	cat > entry.$size <<- EOF

@@ -49,7 +49,7 @@ key_gen_size=$size

 EOF

 $toolsdir/keygen entry.$size || true

-for size in 512 1024 1536 2048 3072 4096 ; do

+for size in 1024 1536 2048 3072 4096 ; do

 	echo "[openssl:$size]"

 	# Generate a key.

 	cat > entry.$size <<- EOF

diff --git a/tests/003-csrgen-rsa/expected.out b/tests/003-csrgen-rsa/expected.out

index 7b67eab3b9e431b8d22b5a73bb6b5d2952e05d83..e058e8541c2de49fe5f446a7e3432b4138fbb876 100644

--- a/tests/003-csrgen-rsa/expected.out

+++ b/tests/003-csrgen-rsa/expected.out

@@ -1,9 +1,5 @@

 pk12util: PKCS12 EXPORT SUCCESSFUL

 MAC verified OK

-512 OK.

-Signature OK

-pk12util: PKCS12 EXPORT SUCCESSFUL

-MAC verified OK

 1024 OK.

 Signature OK

 pk12util: PKCS12 EXPORT SUCCESSFUL

@@ -23,70 +19,70 @@ MAC verified OK

 4096 OK.

 Signature OK

 The last CSR (the one with everything) was:

-    0:d=0  hl=4 l=1019 cons: SEQUENCE          

-    4:d=1  hl=4 l= 933 cons: SEQUENCE          

+    0:d=0  hl=4 l=1413 cons: SEQUENCE          

+    4:d=1  hl=4 l=1133 cons: SEQUENCE          

     8:d=2  hl=2 l=   1 prim: INTEGER           :00

    11:d=2  hl=2 l=  22 cons: SEQUENCE          

    13:d=3  hl=2 l=  20 cons: SET               

    15:d=4  hl=2 l=  18 cons: SEQUENCE          

    17:d=5  hl=2 l=   3 prim: OBJECT            :commonName

    22:d=5  hl=2 l=  11 prim: PRINTABLESTRING   :Babs Jensen

-   35:d=2  hl=2 l=  92 cons: SEQUENCE          

-   37:d=3  hl=2 l=  13 cons: SEQUENCE          

-   39:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption

-   50:d=4  hl=2 l=   0 prim: NULL              

-   52:d=3  hl=2 l=  75 prim: BIT STRING        

-  129:d=2  hl=4 l= 808 cons: cont [ 0 ]        

-  133:d=3  hl=2 l=  52 cons: SEQUENCE          

-  135:d=4  hl=2 l=   9 prim: OBJECT            :challengePassword

-  146:d=4  hl=2 l=  39 cons: SET               

-  148:d=5  hl=2 l=  37 prim: PRINTABLESTRING   :ChallengePasswordIsEncodedInPlainText

-  187:d=3  hl=2 l=  61 cons: SEQUENCE          

-  189:d=4  hl=2 l=   9 prim: OBJECT            :friendlyName

-  200:d=4  hl=2 l=  48 cons: SET               

-  202:d=5  hl=2 l=  46 prim: BMPSTRING         

-  250:d=3  hl=4 l= 687 cons: SEQUENCE          

-  254:d=4  hl=2 l=   9 prim: OBJECT            :Extension Request

-  265:d=4  hl=4 l= 672 cons: SET               

-  269:d=5  hl=4 l= 668 cons: SEQUENCE          

-  273:d=6  hl=2 l=  14 cons: SEQUENCE          

-  275:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage

-  280:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  283:d=7  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205E0

-  289:d=6  hl=4 l= 264 cons: SEQUENCE          

-  293:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name

-  298:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  301:d=7  hl=3 l= 253 prim: OCTET STRING      [HEX DUMP]:3081FA82096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74

-  557:d=6  hl=2 l=  32 cons: SEQUENCE          

-  559:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage

-  564:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  567:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:301406082B0601050507030206082B06010505070304

-  591:d=6  hl=2 l=  18 cons: SEQUENCE          

-  593:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints

-  598:d=7  hl=2 l=   1 prim: BOOLEAN           :255

-  601:d=7  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:30060101FF020103

-  611:d=6  hl=2 l=  34 cons: SEQUENCE          

-  613:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier

-  618:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  621:d=7  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D

-  647:d=6  hl=2 l=  32 cons: SEQUENCE          

-  649:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier

-  654:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  657:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D

-  681:d=6  hl=2 l= 107 cons: SEQUENCE          

-  683:d=7  hl=2 l=   8 prim: OBJECT            :Authority Information Access

-  693:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  696:d=7  hl=2 l=  92 prim: OCTET STRING      [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435

-  790:d=6  hl=2 l=  96 cons: SEQUENCE          

-  792:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points

-  797:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  800:d=7  hl=2 l=  86 prim: OCTET STRING      [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574

-  888:d=6  hl=2 l=  51 cons: SEQUENCE          

-  890:d=7  hl=2 l=   9 prim: OBJECT            :Netscape Comment

-  901:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  904:d=7  hl=2 l=  35 prim: OCTET STRING      [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374

-  941:d=1  hl=2 l=  13 cons: SEQUENCE          

-  943:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption

-  954:d=2  hl=2 l=   0 prim: NULL              

-  956:d=1  hl=2 l=  65 prim: BIT STRING        

+   35:d=2  hl=4 l= 290 cons: SEQUENCE          

+   39:d=3  hl=2 l=  13 cons: SEQUENCE          

+   41:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption

+   52:d=4  hl=2 l=   0 prim: NULL              

+   54:d=3  hl=4 l= 271 prim: BIT STRING        

+  329:d=2  hl=4 l= 808 cons: cont [ 0 ]        

+  333:d=3  hl=2 l=  52 cons: SEQUENCE          

+  335:d=4  hl=2 l=   9 prim: OBJECT            :challengePassword

+  346:d=4  hl=2 l=  39 cons: SET               

+  348:d=5  hl=2 l=  37 prim: PRINTABLESTRING   :ChallengePasswordIsEncodedInPlainText

+  387:d=3  hl=2 l=  61 cons: SEQUENCE          

+  389:d=4  hl=2 l=   9 prim: OBJECT            :friendlyName

+  400:d=4  hl=2 l=  48 cons: SET               

+  402:d=5  hl=2 l=  46 prim: BMPSTRING         

+  450:d=3  hl=4 l= 687 cons: SEQUENCE          

+  454:d=4  hl=2 l=   9 prim: OBJECT            :Extension Request

+  465:d=4  hl=4 l= 672 cons: SET               

+  469:d=5  hl=4 l= 668 cons: SEQUENCE          

+  473:d=6  hl=2 l=  14 cons: SEQUENCE          

+  475:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage

+  480:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+  483:d=7  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205E0

+  489:d=6  hl=4 l= 264 cons: SEQUENCE          

+  493:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name

+  498:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+  501:d=7  hl=3 l= 253 prim: OCTET STRING      [HEX DUMP]:3081FA82096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74

+  757:d=6  hl=2 l=  32 cons: SEQUENCE          

+  759:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage

+  764:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+  767:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:301406082B0601050507030206082B06010505070304

+  791:d=6  hl=2 l=  18 cons: SEQUENCE          

+  793:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints

+  798:d=7  hl=2 l=   1 prim: BOOLEAN           :255

+  801:d=7  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:30060101FF020103

+  811:d=6  hl=2 l=  34 cons: SEQUENCE          

+  813:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier

+  818:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+  821:d=7  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D

+  847:d=6  hl=2 l=  32 cons: SEQUENCE          

+  849:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier

+  854:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+  857:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D

+  881:d=6  hl=2 l= 107 cons: SEQUENCE          

+  883:d=7  hl=2 l=   8 prim: OBJECT            :Authority Information Access

+  893:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+  896:d=7  hl=2 l=  92 prim: OCTET STRING      [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435

+  990:d=6  hl=2 l=  96 cons: SEQUENCE          

+  992:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points

+  997:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+ 1000:d=7  hl=2 l=  86 prim: OCTET STRING      [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574

+ 1088:d=6  hl=2 l=  51 cons: SEQUENCE          

+ 1090:d=7  hl=2 l=   9 prim: OBJECT            :Netscape Comment

+ 1101:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+ 1104:d=7  hl=2 l=  35 prim: OCTET STRING      [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374

+ 1141:d=1  hl=2 l=  13 cons: SEQUENCE          

+ 1143:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption

+ 1154:d=2  hl=2 l=   0 prim: NULL              

+ 1156:d=1  hl=4 l= 257 prim: BIT STRING        

 Test complete (32 combinations).

diff --git a/tests/003-csrgen-rsa/run.sh b/tests/003-csrgen-rsa/run.sh

index c049dd00d411706b1470a1a8a9fb8ae59c36bf8b..7f1e7b41f195b3af429c1ba7129dd00b7ca2ed9d 100755

--- a/tests/003-csrgen-rsa/run.sh

+++ b/tests/003-csrgen-rsa/run.sh

@@ -5,7 +5,7 @@ cd "$tmpdir"

 source "$srcdir"/functions

 initnssdb "$tmpdir"

-for size in 512 1024 1536 2048 3072 4096 ; do

+for size in 1024 1536 2048 3072 4096 ; do

 	# Build a self-signed certificate.

 	run_certutil -d "$tmpdir" -S -g $size -n keyi$size \

 		-s "cn=T$size" -c "cn=T$size" \

@@ -216,7 +216,7 @@ for nscomment in "" "certmonger generated this request" ; do

 done

 nscomment=

-size=512

+size=2048

 subject="CN=Babs Jensen"

 hostname=localhost,localhost.localdomain

 email=root@localhost,root@localhost.localdomain

diff --git a/tests/003-csrgen/expected.out b/tests/003-csrgen/expected.out

index 7f4586cd2820be6c0a88bd6787c86a532f68643c..51083160df3dd69972292fd23d51e79714290d22 100644

--- a/tests/003-csrgen/expected.out

+++ b/tests/003-csrgen/expected.out

@@ -1,11 +1,6 @@

 pk12util: PKCS12 EXPORT SUCCESSFUL

 MAC verified OK

 Signature OK

-minicert.openssl.512.pem: OK

-512 OK.

-pk12util: PKCS12 EXPORT SUCCESSFUL

-MAC verified OK

-Signature OK

 minicert.openssl.1024.pem: OK

 1024 OK.

 pk12util: PKCS12 EXPORT SUCCESSFUL

@@ -29,86 +24,86 @@ Signature OK

 minicert.openssl.4096.pem: OK

 4096 OK.

 The last CSR (the one with everything) was:

-    0:d=0  hl=4 l=1241 cons: SEQUENCE          

-    4:d=1  hl=4 l=1155 cons: SEQUENCE          

+    0:d=0  hl=4 l=1635 cons: SEQUENCE          

+    4:d=1  hl=4 l=1355 cons: SEQUENCE          

     8:d=2  hl=2 l=   1 prim: INTEGER           :00

    11:d=2  hl=2 l=  22 cons: SEQUENCE          

    13:d=3  hl=2 l=  20 cons: SET               

    15:d=4  hl=2 l=  18 cons: SEQUENCE          

    17:d=5  hl=2 l=   3 prim: OBJECT            :commonName

    22:d=5  hl=2 l=  11 prim: PRINTABLESTRING   :Babs Jensen

-   35:d=2  hl=2 l=  92 cons: SEQUENCE          

-   37:d=3  hl=2 l=  13 cons: SEQUENCE          

-   39:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption

-   50:d=4  hl=2 l=   0 prim: NULL              

-   52:d=3  hl=2 l=  75 prim: BIT STRING        

-  129:d=2  hl=4 l=1030 cons: cont [ 0 ]        

-  133:d=3  hl=2 l=  52 cons: SEQUENCE          

-  135:d=4  hl=2 l=   9 prim: OBJECT            :challengePassword

-  146:d=4  hl=2 l=  39 cons: SET               

-  148:d=5  hl=2 l=  37 prim: PRINTABLESTRING   :ChallengePasswordIsEncodedInPlainText

-  187:d=3  hl=2 l=  61 cons: SEQUENCE          

-  189:d=4  hl=2 l=   9 prim: OBJECT            :friendlyName

-  200:d=4  hl=2 l=  48 cons: SET               

-  202:d=5  hl=2 l=  46 prim: BMPSTRING         

-  250:d=3  hl=4 l= 909 cons: SEQUENCE          

-  254:d=4  hl=2 l=   9 prim: OBJECT            :Extension Request

-  265:d=4  hl=4 l= 894 cons: SET               

-  269:d=5  hl=4 l= 890 cons: SEQUENCE          

-  273:d=6  hl=2 l=  14 cons: SEQUENCE          

-  275:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage

-  280:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  283:d=7  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205E0

-  289:d=6  hl=4 l= 290 cons: SEQUENCE          

-  293:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name

-  298:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  301:d=7  hl=4 l= 278 prim: OCTET STRING      [HEX DUMP]:3082011282096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F7487047F000001871000000000000000000000000000000001

-  583:d=6  hl=2 l=  32 cons: SEQUENCE          

-  585:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage

-  590:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  593:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:301406082B0601050507030206082B06010505070304

-  617:d=6  hl=2 l=  18 cons: SEQUENCE          

-  619:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints

-  624:d=7  hl=2 l=   1 prim: BOOLEAN           :255

-  627:d=7  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:30060101FF020103

-  637:d=6  hl=2 l=  34 cons: SEQUENCE          

-  639:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier

-  644:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  647:d=7  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D

-  673:d=6  hl=2 l=  32 cons: SEQUENCE          

-  675:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier

-  680:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  683:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D

-  707:d=6  hl=2 l= 107 cons: SEQUENCE          

-  709:d=7  hl=2 l=   8 prim: OBJECT            :Authority Information Access

-  719:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  722:d=7  hl=2 l=  92 prim: OCTET STRING      [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435

-  816:d=6  hl=2 l=  96 cons: SEQUENCE          

-  818:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points

-  823:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  826:d=7  hl=2 l=  86 prim: OCTET STRING      [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574

-  914:d=6  hl=2 l= 106 cons: SEQUENCE          

-  916:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Freshest CRL

-  921:d=7  hl=2 l=   1 prim: BOOLEAN           :0

-  924:d=7  hl=2 l=  96 prim: OCTET STRING      [HEX DUMP]:305E302DA02BA0298627687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F67657464656C7461302DA02BA0298627687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F67657464656C7461

- 1022:d=6  hl=2 l=  51 cons: SEQUENCE          

- 1024:d=7  hl=2 l=   9 prim: OBJECT            :Netscape Comment

- 1035:d=7  hl=2 l=   1 prim: BOOLEAN           :0

- 1038:d=7  hl=2 l=  35 prim: OCTET STRING      [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374

- 1075:d=6  hl=2 l=  18 cons: SEQUENCE          

- 1077:d=7  hl=2 l=   9 prim: OBJECT            :OCSP No Check

- 1088:d=7  hl=2 l=   1 prim: BOOLEAN           :0

- 1091:d=7  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:0500

- 1095:d=6  hl=2 l=  44 cons: SEQUENCE          

- 1097:d=7  hl=2 l=   9 prim: OBJECT            :1.3.6.1.4.1.311.20.2

- 1108:d=7  hl=2 l=   1 prim: BOOLEAN           :0

- 1111:d=7  hl=2 l=  28 prim: OCTET STRING      [HEX DUMP]:1E1A006300610041007700650073006F006D00650043006500720074

- 1141:d=6  hl=2 l=  20 cons: SEQUENCE          

- 1143:d=7  hl=2 l=   9 prim: OBJECT            :Netscape Cert Type

- 1154:d=7  hl=2 l=   1 prim: BOOLEAN           :0

- 1157:d=7  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0

- 1163:d=1  hl=2 l=  13 cons: SEQUENCE          

- 1165:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption

- 1176:d=2  hl=2 l=   0 prim: NULL              

- 1178:d=1  hl=2 l=  65 prim: BIT STRING        

+   35:d=2  hl=4 l= 290 cons: SEQUENCE          

+   39:d=3  hl=2 l=  13 cons: SEQUENCE          

+   41:d=4  hl=2 l=   9 prim: OBJECT            :rsaEncryption

+   52:d=4  hl=2 l=   0 prim: NULL              

+   54:d=3  hl=4 l= 271 prim: BIT STRING        

+  329:d=2  hl=4 l=1030 cons: cont [ 0 ]        

+  333:d=3  hl=2 l=  52 cons: SEQUENCE          

+  335:d=4  hl=2 l=   9 prim: OBJECT            :challengePassword

+  346:d=4  hl=2 l=  39 cons: SET               

+  348:d=5  hl=2 l=  37 prim: PRINTABLESTRING   :ChallengePasswordIsEncodedInPlainText

+  387:d=3  hl=2 l=  61 cons: SEQUENCE          

+  389:d=4  hl=2 l=   9 prim: OBJECT            :friendlyName

+  400:d=4  hl=2 l=  48 cons: SET               

+  402:d=5  hl=2 l=  46 prim: BMPSTRING         

+  450:d=3  hl=4 l= 909 cons: SEQUENCE          

+  454:d=4  hl=2 l=   9 prim: OBJECT            :Extension Request

+  465:d=4  hl=4 l= 894 cons: SET               

+  469:d=5  hl=4 l= 890 cons: SEQUENCE          

+  473:d=6  hl=2 l=  14 cons: SEQUENCE          

+  475:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Key Usage

+  480:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+  483:d=7  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205E0

+  489:d=6  hl=4 l= 290 cons: SEQUENCE          

+  493:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Alternative Name

+  498:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+  501:d=7  hl=4 l= 278 prim: OCTET STRING      [HEX DUMP]:3082011282096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F7487047F000001871000000000000000000000000000000001

+  783:d=6  hl=2 l=  32 cons: SEQUENCE          

+  785:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Extended Key Usage

+  790:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+  793:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:301406082B0601050507030206082B06010505070304

+  817:d=6  hl=2 l=  18 cons: SEQUENCE          

+  819:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Basic Constraints

+  824:d=7  hl=2 l=   1 prim: BOOLEAN           :255

+  827:d=7  hl=2 l=   8 prim: OCTET STRING      [HEX DUMP]:30060101FF020103

+  837:d=6  hl=2 l=  34 cons: SEQUENCE          

+  839:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier

+  844:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+  847:d=7  hl=2 l=  24 prim: OCTET STRING      [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D

+  873:d=6  hl=2 l=  32 cons: SEQUENCE          

+  875:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier

+  880:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+  883:d=7  hl=2 l=  22 prim: OCTET STRING      [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D

+  907:d=6  hl=2 l= 107 cons: SEQUENCE          

+  909:d=7  hl=2 l=   8 prim: OBJECT            :Authority Information Access

+  919:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+  922:d=7  hl=2 l=  92 prim: OCTET STRING      [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435

+ 1016:d=6  hl=2 l=  96 cons: SEQUENCE          

+ 1018:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 CRL Distribution Points

+ 1023:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+ 1026:d=7  hl=2 l=  86 prim: OCTET STRING      [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574

+ 1114:d=6  hl=2 l= 106 cons: SEQUENCE          

+ 1116:d=7  hl=2 l=   3 prim: OBJECT            :X509v3 Freshest CRL

+ 1121:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+ 1124:d=7  hl=2 l=  96 prim: OCTET STRING      [HEX DUMP]:305E302DA02BA0298627687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F67657464656C7461302DA02BA0298627687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F67657464656C7461

+ 1222:d=6  hl=2 l=  51 cons: SEQUENCE          

+ 1224:d=7  hl=2 l=   9 prim: OBJECT            :Netscape Comment

+ 1235:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+ 1238:d=7  hl=2 l=  35 prim: OCTET STRING      [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374

+ 1275:d=6  hl=2 l=  18 cons: SEQUENCE          

+ 1277:d=7  hl=2 l=   9 prim: OBJECT            :OCSP No Check

+ 1288:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+ 1291:d=7  hl=2 l=   2 prim: OCTET STRING      [HEX DUMP]:0500

+ 1295:d=6  hl=2 l=  44 cons: SEQUENCE          

+ 1297:d=7  hl=2 l=   9 prim: OBJECT            :1.3.6.1.4.1.311.20.2

+ 1308:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+ 1311:d=7  hl=2 l=  28 prim: OCTET STRING      [HEX DUMP]:1E1A006300610041007700650073006F006D00650043006500720074

+ 1341:d=6  hl=2 l=  20 cons: SEQUENCE          

+ 1343:d=7  hl=2 l=   9 prim: OBJECT            :Netscape Cert Type

+ 1354:d=7  hl=2 l=   1 prim: BOOLEAN           :0

+ 1357:d=7  hl=2 l=   4 prim: OCTET STRING      [HEX DUMP]:030205A0

+ 1363:d=1  hl=2 l=  13 cons: SEQUENCE          

+ 1365:d=2  hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption

+ 1376:d=2  hl=2 l=   0 prim: NULL              

+ 1378:d=1  hl=4 l= 257 prim: BIT STRING        

 Test complete (69 combinations).

diff --git a/tests/003-csrgen/run.sh b/tests/003-csrgen/run.sh

index 9a1c027fa7d9da0eec41e5e63e68b05645df9d6b..67b12064b55dd52bd64fbf1b1f9615655913c334 100755

--- a/tests/003-csrgen/run.sh

+++ b/tests/003-csrgen/run.sh

@@ -5,7 +5,7 @@ cd "$tmpdir"

 source "$srcdir"/functions

 initnssdb "$tmpdir"

-for size in 512 1024 1536 2048 3072 4096 ; do

+for size in 1024 1536 2048 3072 4096 ; do

 	# Build a self-signed certificate.

 	run_certutil -d "$tmpdir" -S -g $size -n keyi$size \

 		-s "cn=T$size" -c "cn=T$size" \

@@ -298,7 +298,7 @@ for ns_certtype in "" client server email objsign reserved sslca emailca objca c

 done

 ns_certtype=

-size=512

+size=2048

 subject="CN=Babs Jensen"

 hostname=localhost,localhost.localdomain

 email=root@localhost,root@localhost.localdomain

diff --git a/tests/004-selfsign-rsa/expected.out b/tests/004-selfsign-rsa/expected.out

index c50bd2ee0c1101f2df71738d4152e4fcf3bc9591..dd5029eca4f2b6e2cd354f64cd31b843c5857385 100644

--- a/tests/004-selfsign-rsa/expected.out

+++ b/tests/004-selfsign-rsa/expected.out

@@ -1,4 +1,3 @@

-512 OK.

 1024 OK.

 1536 OK.

 2048 OK.

diff --git a/tests/004-selfsign-rsa/run.sh b/tests/004-selfsign-rsa/run.sh

index 8788bdb02fee287299e4cc389e18c7e0eb5ca91d..6f9285b65d4205fd4f24327fea9d934afc5fd68c 100755

--- a/tests/004-selfsign-rsa/run.sh

+++ b/tests/004-selfsign-rsa/run.sh

@@ -33,7 +33,7 @@ function setupca() {

 	EOF

 }

-for size in 512 1024 1536 2048 3072 4096 ; do

+for size in 1024 1536 2048 3072 4096 ; do

 	# Build a self-signed certificate.

 	run_certutil -d "$tmpdir" -S -g $size -n keyi$size \

 		-s "cn=T$size" -c "cn=T$size" \

diff --git a/tests/004-selfsign/expected.out b/tests/004-selfsign/expected.out

index c50bd2ee0c1101f2df71738d4152e4fcf3bc9591..dd5029eca4f2b6e2cd354f64cd31b843c5857385 100644

--- a/tests/004-selfsign/expected.out

+++ b/tests/004-selfsign/expected.out

@@ -1,4 +1,3 @@

-512 OK.

 1024 OK.

 1536 OK.

 2048 OK.

diff --git a/tests/004-selfsign/run.sh b/tests/004-selfsign/run.sh

index 7b2ee438d34d539ab7063b0bd1fc004421c97999..7bb368ec39d9675bff05c837c7e9a4cf64c5b714 100755

--- a/tests/004-selfsign/run.sh

+++ b/tests/004-selfsign/run.sh

@@ -43,7 +43,7 @@ function setupca() {

 	EOF

 }

-for size in 512 1024 1536 2048 3072 4096 ; do

+for size in 1024 1536 2048 3072 4096 ; do

 	# Build a self-signed certificate.

 	run_certutil -d "$tmpdir" -S -g $size -n keyi$size \

 		-s "cn=T$size" -c "cn=T$size" \

-- 

2.9.0