Bug 360126 - Main tests. r=cviecco
authorCykesiopka <cykesiopka.bmo@gmail.com>
Tue, 15 Jul 2014 19:50:00 -0400
changeset 216306 7c53c5e9bd3a2e7b3e4253047825ac9d257d2db1
parent 216305 83b81059b2a2c5af28632891978c3ee589958f0f
child 216307 c712bbb43cadb579f70992f4bb75201b74066a0a
push id515
push userraliiev@mozilla.com
push dateMon, 06 Oct 2014 12:51:51 +0000
treeherdermozilla-release@267c7a481bef [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerscviecco
bugs360126
milestone33.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 360126 - Main tests. r=cviecco
security/manager/ssl/tests/unit/head_psm.js
security/manager/ssl/tests/unit/psm_common_py/CertUtils.py
security/manager/ssl/tests/unit/test_keysize.js
security/manager/ssl/tests/unit/test_keysize/dsa-caBad.der
security/manager/ssl/tests/unit/test_keysize/dsa-caOK.der
security/manager/ssl/tests/unit/test_keysize/dsa-eeBad-intOK-caOK.der
security/manager/ssl/tests/unit/test_keysize/dsa-eeOK-intBad-caOK.der
security/manager/ssl/tests/unit/test_keysize/dsa-eeOK-intOK-caBad.der
security/manager/ssl/tests/unit/test_keysize/dsa-eeOK-intOK-caOK.der
security/manager/ssl/tests/unit/test_keysize/dsa-intBad-caOK.der
security/manager/ssl/tests/unit/test_keysize/dsa-intOK-caBad.der
security/manager/ssl/tests/unit/test_keysize/dsa-intOK-caOK.der
security/manager/ssl/tests/unit/test_keysize/generate.py
security/manager/ssl/tests/unit/test_keysize/rsa-caBad.der
security/manager/ssl/tests/unit/test_keysize/rsa-caOK.der
security/manager/ssl/tests/unit/test_keysize/rsa-eeBad-intOK-caOK.der
security/manager/ssl/tests/unit/test_keysize/rsa-eeOK-intBad-caOK.der
security/manager/ssl/tests/unit/test_keysize/rsa-eeOK-intOK-caBad.der
security/manager/ssl/tests/unit/test_keysize/rsa-eeOK-intOK-caOK.der
security/manager/ssl/tests/unit/test_keysize/rsa-intBad-caOK.der
security/manager/ssl/tests/unit/test_keysize/rsa-intOK-caBad.der
security/manager/ssl/tests/unit/test_keysize/rsa-intOK-caOK.der
security/manager/ssl/tests/unit/xpcshell.ini
--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -30,16 +30,17 @@ const SEC_ERROR_REVOKED_CERTIFICATE     
 const SEC_ERROR_UNKNOWN_ISSUER                          = SEC_ERROR_BASE +  13;
 const SEC_ERROR_BAD_DATABASE                            = SEC_ERROR_BASE +  18;
 const SEC_ERROR_UNTRUSTED_ISSUER                        = SEC_ERROR_BASE +  20; // -8172
 const SEC_ERROR_UNTRUSTED_CERT                          = SEC_ERROR_BASE +  21; // -8171
 const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE              = SEC_ERROR_BASE +  30; // -8162
 const SEC_ERROR_EXTENSION_VALUE_INVALID                 = SEC_ERROR_BASE +  34; // -8158
 const SEC_ERROR_EXTENSION_NOT_FOUND                     = SEC_ERROR_BASE +  35; // -8157
 const SEC_ERROR_CA_CERT_INVALID                         = SEC_ERROR_BASE +  36;
+const SEC_ERROR_INVALID_KEY                             = SEC_ERROR_BASE +  40; // -8152
 const SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION              = SEC_ERROR_BASE +  41;
 const SEC_ERROR_INADEQUATE_KEY_USAGE                    = SEC_ERROR_BASE +  90; // -8102
 const SEC_ERROR_INADEQUATE_CERT_TYPE                    = SEC_ERROR_BASE +  91; // -8101
 const SEC_ERROR_CERT_NOT_IN_NAME_SPACE                  = SEC_ERROR_BASE + 112; // -8080
 const SEC_ERROR_CERT_BAD_ACCESS_LOCATION                = SEC_ERROR_BASE + 117; // -8075
 const SEC_ERROR_OCSP_MALFORMED_REQUEST                  = SEC_ERROR_BASE + 120;
 const SEC_ERROR_OCSP_SERVER_ERROR                       = SEC_ERROR_BASE + 121; // -8071
 const SEC_ERROR_OCSP_TRY_SERVER_LATER                   = SEC_ERROR_BASE + 122;
--- a/security/manager/ssl/tests/unit/psm_common_py/CertUtils.py
+++ b/security/manager/ssl/tests/unit/psm_common_py/CertUtils.py
@@ -5,33 +5,37 @@
 # This file requires openssl 1.0.0 at least
 
 import os
 import random
 import pexpect
 import time
 import sys
 
-def init_dsa(db_dir):
+def init_dsa(db_dir, param_filename = 'dsa_param.pem', key_size = '2048'):
     """
     Initialize dsa parameters
 
     Sets up a set of params to be reused for DSA key generation
 
     Arguments:
       db_dir     -- location of the temporary params for the certificate
+      param_filename -- the file name for the param file
+      key_size   -- public key size
     """
-    dsa_key_params = db_dir + "/dsa_param.pem"
-    os.system("openssl dsaparam -out " + dsa_key_params + " 2048")
+    dsa_key_params = db_dir + '/' + param_filename
+    os.system("openssl dsaparam -out " + dsa_key_params + ' ' + key_size)
 
 
 def generate_cert_generic(db_dir, dest_dir, serial_num,  key_type, name,
                           ext_text, signer_key_filename = "",
                           signer_cert_filename = "",
-                          subject_string = ""):
+                          subject_string = "",
+                          dsa_param_filename = 'dsa_param.pem',
+                          key_size = '2048'):
     """
     Generate an x509 certificate with a sha256 signature
 
     Preconditions:
       if dsa keys are to be generated init_dsa must have been called before.
 
 
     Arguments:
@@ -45,27 +49,29 @@ def generate_cert_generic(db_dir, dest_d
                     output cert
       ext_text   -- the text for the x509 extensions to be added to the
                     certificate
       signer_key_filename -- the filename of the key from which the cert will
                     be signed if null the cert will be self signed (think CA
                     roots).
       signer_cert_filename -- the certificate that will sign the certificate
                     (used to extract signer info) it must be in DER format.
+      dsa_param_filename -- the filename for the DSA param file
+      key_size   -- public key size for RSA certs
 
     output:
       key_name   -- the filename of the key file (PEM format)
       cert_name  -- the filename of the output certificate (DER format)
     """
     key_name = db_dir + "/"+ name + ".key"
     if key_type == 'rsa':
       os.system ("openssl genpkey -algorithm RSA -out " + key_name +
-                 " -pkeyopt rsa_keygen_bits:2048")
+                 " -pkeyopt rsa_keygen_bits:" + key_size)
     elif key_type == 'dsa':
-      dsa_key_params = db_dir + "/dsa_param.pem"
+      dsa_key_params = db_dir + '/' + dsa_param_filename
       os.system("openssl gendsa -out " + key_name + "  " + dsa_key_params)
     else:
       #assume is ec
       os.system("openssl ecparam -out " + key_name + " -name "+ key_type +
                 " -genkey");
     csr_name =  db_dir + "/"+ name + ".csr"
     if not subject_string:
       subject_string = '/CN=' + name
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize.js
@@ -0,0 +1,80 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks that RSA and DSA certs with key sizes below 1024 bits are rejected.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function certFromFile(filename) {
+  let der = readFile(do_get_file("test_keysize/" + filename, false));
+  return certdb.constructX509(der, der.length);
+}
+
+function load_cert(cert_name, trust_string) {
+  let cert_filename = cert_name + ".der";
+  addCertFromFile(certdb, "test_keysize/" + cert_filename, trust_string);
+  return certFromFile(cert_filename);
+}
+
+function check_cert_err_generic(cert, expected_error, usage) {
+  do_print("cert cn=" + cert.commonName);
+  do_print("cert issuer cn=" + cert.issuerCommonName);
+  let hasEVPolicy = {};
+  let verifiedChain = {};
+  let error = certdb.verifyCertNow(cert, usage,
+                                   NO_FLAGS, verifiedChain, hasEVPolicy);
+  equal(error, expected_error);
+}
+
+function check_cert_err(cert, expected_error) {
+  check_cert_err_generic(cert, expected_error, certificateUsageSSLServer)
+}
+
+function check_ok(cert) {
+  return check_cert_err(cert, 0);
+}
+
+function check_ok_ca(cert) {
+  return check_cert_err_generic(cert, 0, certificateUsageSSLCA);
+}
+
+function check_fail(cert) {
+  return check_cert_err(cert, SEC_ERROR_INVALID_KEY);
+}
+
+function check_fail_ca(cert) {
+  return check_cert_err_generic(cert,
+                                SEC_ERROR_INVALID_KEY,
+                                certificateUsageSSLCA);
+}
+
+function check_for_key_type(key_type) {
+  // OK CA -> OK INT -> OK EE
+  check_ok_ca(load_cert(key_type + "-caOK", "CTu,CTu,CTu"));
+  check_ok_ca(load_cert(key_type + "-intOK-caOK", ",,"));
+  check_ok(certFromFile(key_type + "-eeOK-intOK-caOK.der"));
+
+  // Bad CA -> OK INT -> OK EE
+  check_fail_ca(load_cert(key_type + "-caBad", "CTu,CTu,CTu"));
+  check_fail_ca(load_cert(key_type + "-intOK-caBad", ",,"));
+  check_fail(certFromFile(key_type + "-eeOK-intOK-caBad.der"));
+
+  // OK CA -> Bad INT -> OK EE
+  check_fail_ca(load_cert(key_type + "-intBad-caOK", ",,"));
+  check_fail(certFromFile(key_type + "-eeOK-intBad-caOK.der"));
+
+  // OK CA -> OK INT -> Bad EE
+  check_fail(certFromFile(key_type + "-eeBad-intOK-caOK.der"));
+}
+
+function run_test() {
+  check_for_key_type("rsa");
+  check_for_key_type("dsa");
+
+  run_next_test();
+}
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..b7ea48d517058bcbc65a5930e2e522252218d515
GIT binary patch
literal 605
zc$_n6Vv00qViH@x%*4pV#4PGiYrxIMnb79Jn99t;%w!;9C}beO#vIDR%)^;doT!_e
z=#-dZAScdiXkuV)Xl!U|Vqs(+CC+OE;u=7?ICM2J&H`ddHg>Hxk8>6*j6e<#QzgTk
z<AD?OFP+-@YuUZv#+0&B!3UFNV)*a;>7KgPY~tHx*57NpEHgrH-+rmJxMP}YWmI8E
zz-x8hi+tB-+KD?)_kN(Nd#Z5*^ZtzvvkjxP_Sk;i!><2B*Urr?%w+l@v4ave5AHbX
z39EU0vG|ncs=-+EBPr48v24@4VkS|B-gV)LPEnpwr{Z&sPVlc2KN*&InyDiE&a~Eq
zbAPU;)fDbmv=qB!5tHB>zG<iDBsKmi3sX#+ik>~~3+5IQo^<Bzk6-#d!qVR!?XCT|
zEq6=E;j&Us>Au6^dJ3;+-8(E|7c+P9j=o6!j86>--gAvI*1nb#Vv2h(d#b(ErmMVq
zhc0~b)w~!beCUDBQgJ(LHs)#uri#qu#k0jSO*F2Gi->Djdnxo^+TyWvlFILPP0LG%
zg?C5nRSfHSA~0+9kMy3-2kB*-cw=AWE-&mkC$!uy$nS5+uBE^DMLA#YkWadItIsYp
zk2fJ+RHAd?Op}S*kCX;U-QT~+;#kR1rzcf4<v%NRSI=nfV={d_cg=g|#li-H2K>M{
zlNDxU{LjK_zzn2N(gL#qgMluSNbKi(CSGfP2S3U9sq2svx6YLN<Og6-wwP2atDVd%
Sn6UEgGmXZ=q*W1TcK`s|^y|R@
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..c57957fc455ca242a26c80cfaeb17468e7961cf3
GIT binary patch
literal 633
zc$_n6Vk$LgVlrO9%*4pV#KM@?J=uVpjWeOmgE5tvg_+4f*ig`bpN%<`g_(yVr8rSH
zInm$SKu(<3(8R#p(Adz_#KOotN}SgS#5I6&v1@8#+yTToZ0uTX9_K7r7=avlrp88w
z`!P=Q_y3E{yL0Bb;}WY-e{QY=Efbn^<X-4TmtJI;W3y<&g8N!G%j5s6p4OWG|I40s
z*{?I_Z_|xop7DWa_Q8P0HS?+>UY3_$ZrgKXgI0CT`c5rxyMT24xw|&3TxX;t^I;cn
zT+4T^G*;f?z??4CPVN;^Nv^t{8A7a6udhCsm6FXQ%Fw<$**#h0@osg=cg%-8#q-}k
z+R6xW+Pvk($A5UKKb-Q4U-#al-#q=_ZYbTIZF<1lev<RlMeG-B{;*bCZoGXuH2q<_
z_W2v1+&IG`9(A&)CSR#KCTr5H<FtB9eZ|%AHZ|7hy;a$sg$K)i-(j9``-u^kMBR1A
z>bi!5Hi7>aoLQ;3)o4}whQ|i25BCY!$G8~m-nYi1a^vS<=EhbAkUQ=fK9sg`^mu$h
z>*L&Dm5=u<GtbC<eyMS9{_A5tQzCw^t@yjLtED4Y_kX;>@wrE%)UN+r#=CX<)&=&7
zt@nfs6)(-Hx%SpPdBeT!cCot~8jXxN*oBXtWZrKv#p}QS*6@<0Q=NY1>E(zUTOAIs
zkTBoktPyY_H0{;;5BE$CO7Rs&^eq-PfJCUQFeBrC7FGjhAcc}nnDrS9beKd84WBJo
sy2JAUzoX{+Prl|n-f=3QnM5RJu=d^Y{2b2F+5c$Crq_o8PZeDS092^~W&i*H
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..07629f06038e7b03599ef159c6e983c8e65d7cf8
GIT binary patch
literal 600
zc$_n6VhS;6ViH=w%*4pV#KLIb*ki!W#+lIO!I;X-!pvkKX((<W%ElbZ!py^$Qk<xp
znOEZPt(%<a?`<F_&TD95U~Xt^Xli0%WF95XYXssNK)D9;hO!3I5UnC0t*NO_i7Chi
zG%?NsVo5f3tu~Ky7A%ZF4i8f$!<^%R6Z9{g+WKqRz2L@_vQohZlVxJ~@BHbWy47sr
z+hx|@Yr8BnLT}%GskOLcnrmfLVMxGhb>547*Js*^J5Tq1psIVSaRc-IjSjO7qqO$e
ze%-^a|3lZ#%`MDi`XRA{5;hO+IO++jd3>?>l;*0zSo0$((dn^l)4XCPQHI`i;fYRB
zo>8abbB#{$uM<BRmUx<}BK*#@)`W9^uBO!#?pL%FyJQiQ;2XYar{^R!{wWJnOq+_H
zJ?#tT780Ix=IxJP`aQzZ-yZF){kSc6OUU7}Qcvl=!{K@guV>vmEMgZkckzzCNd1gY
z4GG?JjWX80mJ?!%doX*dz0{_wyn2T&eDc-27$tn@fzDEKJ8L%PY6hkX+jz5H9<gOF
zlowY>gk?BMCklorZL<FU=+-2E1D$)j_Oo2fv<Wsnt2Q-pOSb&o(+q+iZrV$Ka1QX}
zDA{7RN}ge(*CFli2dkof_#~*`wm->lYW%Wu@$H$tSznblHBGS;>0!L4z_j#1yUu$H
z)!=)*{}lK({J8aa%SDuAz^u<;pu;30*vrnE5i7CXDE<A-A5)XI2no&aWD+qbfB!%1
UP{f12NUwXB_xDx0RmaW-0DD^NAOHXW
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..9b5cf38bf6f09a71c3ef86b2f51ad9605ec6005f
GIT binary patch
literal 630
zc$_n6Vk$CdVlr63%*4pV#B43L(14qbGoj6cF_oExnaM!PP{KfrjX9KsnTJ26I8iq<
zuf!=aMK?Lo-`hY=oY&CAz}(Q-(A31j$UI7%*9gQlfN~Aw4P_0aA$mnXdQ(&Vy-^Hk
zV%!15I&AD(Z64<=SQvpEd8WojhWjy2^Y{OY&AW5vx#JS6P=9W&11%GpbL3v=Mweb>
zm}9eO!h-u+H_PMytDe@H|NqOLcG<5p=Wo-EVV?1UXZFE>#x?V*B3_o4UT)iSV}n+8
z&H7F)Z@YkW{kgj~tXyZLB=cbxZ(PfFt~6HO;=r6P)lTjeQAw`4o*6={Q?IW+n3a;v
zB+AgfJJ~&1<neBG$#=|$JjL_hKibL&a@xG*#m9emsXv_ZieLBMqu)IJ-)<<~oo#x+
z+kTSs)J5zUZ2quTTW-94IyC)ZyY~4TpWHaZA|7?Js3u>jIwot<tmCwLOMS)F@HREp
z=)G0ho`na?e&1o9aQlf7mqgul$LhL<gEoQx7o1tCxYcM?`-aB`tq=DJ*vGgS?B2J=
zqjKZtVCKeF29P`M31)m1%VE9Da^CrC?j?h&Pvwo$Li-ymRO_c(=0pY+x>$JZd3K^{
zsf{*^B7@VlgRJj)0%GoX+Uyp{xg?geQ#DB{&h2tcL*B;qZ7V(YvER9KGx_1Ccanau
z17zPOKAirrS6#nxb+D}X6Q2mb$Z6jim~-c;F1LD>B^^2Ceo2V?5|mWJtj}Pe!z5zI
v^+i^H@3qv);!0i<Z1tzuUHM<mBx3OHk&)5=i@7XE<+oVP3*4buU;6+6hi3f9
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..b3b083d686e299d3bb358ac9ca88dad5d9cb50d1
GIT binary patch
literal 630
zc$_n6Vk$CdVlr63%*4pV#KLfj_q_o(8)rhB2V*KT3p0~}l%a%y7#nja3o{RYN^zoY
zW?qTEw{CKxQ(}sNoH(zciGjJHv7xDng^_ubIIj_iYXIdM$Q#NUNJI3Bfb^!O0<|I=
z(8RbMh;`W5wc0$+S+FnyIr2=6jSTl=oaXQU7n^tI%yY*jR-yjfTnAbvH0Q{@(2Xv=
z$S}ud(S!x}wQiQj|5rV&HUIyYJ?*kzXU^ZI8^b)~1JCS(0gY?sRYklkFTLEh=f(!D
z>YDYPTHba6>H2ebZCJU^NJ-|yF5bA7?_6oDyv2bzU8<ejE25HIbv-kLSf^fJeK0E}
zn@N<ReRr~ZvdH7z>XPr64|$5`zkjrq5#+Ra%Zrcy@KS#`<rTl~y+^-!`oG;!x;xwS
zfVcf5=c$X>FWCHHt+w2F`*djf!*=cSH$J&>hDAK;WKm7NQguw$q*=#l^_KdItKn^G
ztkHX`vONnAmi@lNJmK~eBQA-$>yFiR4F_!k|1UVRQgN%%s`d?!4O$=W6R?kQG1$Ft
zjYs9i&%w-%EeuSJ4UxhRIr`=<dGXNTrkzq*!v3!tZte8G7h0UQ*`{*KhqE8rGS1~^
zZ1}K#W!na~`^Wl&mBdmL{cSQb8ftqC(|a%UoVoiynmP2$s)Ji2xA0u?Jo;^Nu9F!X
zBcE7=?cqO9r&&G{{<*3w@VaLGm&QAPeItJP=}$3xZM^tz`cW%q#bA$CltjX;&tRa#
yBvNvzvFTLp;+?Mgb<f`%E1z*n(^7;<MAYtyNnY*3fA4kg@cG{O+k9}={T%?l!U*O7
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..97ad32b1e9e1b0ab4784fb70b39ed5b225640245
GIT binary patch
literal 628
zc$_n6Vk$6bV$xf{%*4pV#KQP)&3OZEHqL}L55`nx7G@>`Nkef1Q8wmK7G@s4l;T9)
z%)AnRZ{6fXe{Tahab80c19L-TLsJtABl9S6ULz3K0LnFxGn6rqf@l>6X-!Q9>O|7t
z#JC-Zb=cUo+C0u#urLBS@=T454EJN4=I{R(n|J5TbH^oCq5j-l2U;dH=g7U#jV`^&
zFvn)mga!AtZkEUYS3RvY|Noag?Xq8I&flgR!#v{y&+LN%jcevrMZ7F8z1+6v#s;nG
zn)RJp-gW`$`g3<}Sh>zfN#?^Y-nf?UTxqPl#eq3ps-4^`qLN&7Ju`$@r(R!uFe@dS
zNtB^|cd~o3$m8AWlJA%gd5Y)1f3%em<g|Iqi;w^CQhzw*6~FGiN56Uczui!}JKOYt
zxBVpNsf*Yz*!*Fww%mC8bZGj+cJ1>wKDlv*MLg<cQBA&5bxhWzS;uMhmimgT;caTH
z(R-`1Jqr(({l3FI;r0_FE{VG9j@5My2W<lXFF3POajVg)_6?5>S|9Ecu#a&u*u8I!
zN9D%P!OV><3`~s;>8eu>Uaz_REAC|}@7F-#8iwr!*6-^6<!mrY*?2(C^~2<Sn@&{C
zX%*lssGZ(%?Cjb-7b31OAKlUV@9g?gw~XE+qE#!q3vXu$IxT;jF~#MTg7XoUgBlX6
zPd_aTGxzR!*y_F3SFP0H1B*Wk*R>62?tahTI$?Y1%)@>^3}?>mF9`BMNg~Yp3<f$(
xA|CU#oLQAhr&_LPd*Z4xFU6kYW+Ib_X6Cl?kNJ;#PV^aM*eED?u2DPo766qf1H}LU
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..79795850171c81c728430ece330b041a35e3aa57
GIT binary patch
literal 610
zc$_n6Vu~|pVv<?F%*4pV#KO2JN7aCvjWeOmgE5tvg_+4f*ig`bpN%<`g_(yVr8rSH
zInm$SKu(<3(8R#p(Adz_#KOotN}SgS#5I6&4WtYu48$Os_(7U7^Gci&Qy_Yq7-s>o
zBpbU{o5wi|7Dgb4hpCcb&hfwr`j<{^{k7~~aAQhYso;ajGBNyj{&Y{>YBurhGVAZP
zU6vW4w{O4HTHG<swKA$OB;d6=??t}rGwsBkr+Yt8)jid?fqDN%huMZvT6=82?qS#e
zp=;;n7G^U2kk~;9n+JCs^@P<tzF2%pbJbw1`H__9^jNlOUNMs>L+`rqM5idvs8jK|
zMkn~!iJuHhJk3-QerH;1!nr?J(`pL$D_V+OvWQ9W4d1lWbCMeWl!Ym#O-0Y1_62hb
z2~Rrn_Qx;%9%1QkkM`Dn+?Kl~<ZxN3r*z-pa6N_Bv+f-hv5T3zct>BPe#WPU1n;><
z8Eaq52{FYzm_5~AYSUF-y+ap1`D$K_5<c`mXQ{ZIH5+p^15<_XiqA*gzDihD|N5Y9
zqOz%mQ?sl*yzBBhrbXTHXZ?=}?md#G7rZIinajH8?7@w<9;`U<uKb5USi*~-z{qxw
z+8rY4AAT;{qiNIfrC1_m*}nz6Up8BO=dhdB{!K7x`_zAooY6PtSG=wimC&(_yq{8H
z#jw2D{1Bt+t;NCykm!~bW@P-&!fL<_q)-wBvp$1?4wDGy=V!}Pidydm86UQ>-1Lj_
f`HDhWCJ~0?tE)2D`tQgrSy6b7>DDxP)wzxUbIt9~
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..09476591dc20b5b84e48f170c679cdc4d39ac768
GIT binary patch
literal 640
zc$_n6VyZD{VzOGm%*4pV#KJhm^@ssC8)rhB2V*KT3p0~}h@p^y02^~C3o{RAN^zoY
za-vgWih-Osuc3*7xuLP4sfmS=d6YP>5r}I5<r+vCN*IVibn%09W#*Omdqed$F>VK9
z9X58YHji@_EQ~;oJX2#M!~Gbi`TPIH=G{5-+;NFjs6RK?ftCr)IdU&_qf0L`%&}QC
zVZnW^o8|HURZnZp|NmuAyX@DQ^S9~7FwgkFGy7mb<C=L@5iiS2FSqTvu|cc4W__oY
zw_QNG{@h&~R<1KrlKHTUH?HM7R~jpCabQlDYA5%Ks3cci&kP~fsn=H@%u2~-5@l%L
zo$Q`0@_4tp<U8g=p5poMA8lm>Ic?tZ;^RNO)E`cH#jkts(QlsqZ#R_g&Ne;ZZ9mC*
z>LT_FHh);FEjQji9h&~IUHklvPi~xH5sx}qRFkh%9g{U_)^S?BrM}{7c$*q)^xmp$
z&%%Rczwa<lxc$V4OQP<&V|87_L7Tw;3(l-m+-kI{eZyme)`$B9>|<OEcJEu`QMvJR
zFmq!I15;yz<FY8f$wIgI?C<L@Kd19n>%WJ=p2&%kQ88iCj`rso<+yG8xK<iO$97Hn
zxxRMMJ;$&~54c15gEZb-dst4hl0V(fc&BgT{`p=$o)K3Ce+4{{^?3Hh{?^yL#M2gm
zE9<ncz4d>dqG9@hyZyxFGafMxy%%5iJTrIC+OXxFLAZ=5N9<x@13?3RV6@5#Gcx{X
zVKra|QYguVS)ai`he@Q&wYla~%>VDHjtbVVzn(2w_GZ%>CXtwx+mg=j5AbS^VSi=o
LocU&7bfPc-BM1Qc
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..c12bf8851064c59d9abe94e33878c1e6766d0ae8
GIT binary patch
literal 639
zc$_n6VyZT1VzOMo%*4pV#KLH*zrui<jWeOmgE5tvg_+4f*ig`bpN%<`g_(yVr8rSH
zInm$SKu(<3(8R#p(Adz_#KOotN}SgS#5I6&4I~Z44MZWD_&}O6^Gf`^AzGUlcL1>t
z8@pDU$2kiYMj%I?sj-paevH%n{r_U~?won<xWp>dpPTDI%Y^0}xfi<8r573I*esf`
z;J(()^7#L%r?uw)|FWlD_Up{~+jL`?XMEt9eK4SL&Ah6Jm*u6G+xFbppjBP7zEjKF
zE+Ach?ye0h*BL3veAvYs*Yce!jg_}JFsDnklY2!}lB=#~h7jx2>#GlDrDQXSGPLhb
zc25?0yjxxJ9rGbi@%;CXwlad8Hg9?H@gH9552w81*S+`XH&6e!8%lR)n;!7CpX5As
z5&H$3KdjZ38*iTuO@G*~eg4KLH_ot#N1ZIH$ych5$(l6lIIZ4NUvV|OO^r2rZ&kKu
z;lZ-scbF&KeqzKWQFq<3x~}1%P2m3pXI3h1HCola;juyM!+iqwF)jwX_pR}$-1s?|
zxv`Z2<c{fU70zFM#kHaL<7$<~I~eQ^i!CZx{3zl0*$CBNRXaGFBWITfENER`e8B&v
z?D~l4vvE}|8yk7oEuFW?_VVka`wp)D`k-rDX88Vo_r7bZY!+Vo(WR-+%<%Basjr(S
zgvjjvr}e?9<kc3An6jT@3;%95xH2Q+>Q^@nd%?8qrKf#LubV9vHh`oBSz$)T|17Kq
z%s>hywJ_^580avG$U9szdb#dumfSg$QscR2|30`Bsm3ItXVtLTK}oy1LE>fSGG2zA
Ji<%8@004}x2Ic?&
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/generate.py
@@ -0,0 +1,138 @@
+#!/usr/bin/python
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+import tempfile, os, sys
+import random
+
+libpath = os.path.abspath('../psm_common_py')
+
+sys.path.append(libpath)
+
+import CertUtils
+
+srcdir = os.getcwd()
+db_dir = tempfile.mkdtemp()
+dsaBad_param_filename = 'dsaBad_param.pem'
+dsaOK_param_filename = 'dsaOK_param.pem'
+
+ca_ext_text = 'basicConstraints = critical, CA:TRUE\n'
+ee_ext_text = ''
+
+def generate_certs(key_type, bad_key_size, ok_key_size):
+    if key_type == 'dsa':
+        CertUtils.init_dsa(db_dir, dsaBad_param_filename, bad_key_size)
+        CertUtils.init_dsa(db_dir, dsaOK_param_filename, ok_key_size)
+
+    # OK Chain
+    [caOK_key, caOK_cert] = CertUtils.generate_cert_generic(
+                                db_dir,
+                                srcdir,
+                                random.randint(100, 40000000),
+                                key_type,
+                                key_type + '-caOK',
+                                ca_ext_text,
+                                dsa_param_filename = dsaOK_param_filename,
+                                key_size = ok_key_size)
+
+    [intOK_key, intOK_cert] = CertUtils.generate_cert_generic(
+                                  db_dir,
+                                  srcdir,
+                                  random.randint(100, 40000000),
+                                  key_type,
+                                  key_type + '-intOK-caOK',
+                                  ca_ext_text,
+                                  caOK_key,
+                                  caOK_cert,
+                                  dsa_param_filename = dsaOK_param_filename,
+                                  key_size = ok_key_size)
+
+    CertUtils.generate_cert_generic(db_dir,
+                                    srcdir,
+                                    random.randint(100, 40000000),
+                                    key_type,
+                                    key_type + '-eeOK-intOK-caOK',
+                                    ee_ext_text,
+                                    intOK_key,
+                                    intOK_cert,
+                                    dsa_param_filename = dsaOK_param_filename,
+                                    key_size = ok_key_size)
+
+    # Bad CA
+    [caBad_key, caBad_cert] = CertUtils.generate_cert_generic(
+                                  db_dir,
+                                  srcdir,
+                                  random.randint(100, 40000000),
+                                  key_type,
+                                  key_type + '-caBad',
+                                  ca_ext_text,
+                                  dsa_param_filename = dsaBad_param_filename,
+                                  key_size = bad_key_size)
+
+    [int_key, int_cert] = CertUtils.generate_cert_generic(
+                              db_dir,
+                              srcdir,
+                              random.randint(100, 40000000),
+                              key_type,
+                              key_type + '-intOK-caBad',
+                              ca_ext_text,
+                              caBad_key,
+                              caBad_cert,
+                              dsa_param_filename = dsaOK_param_filename,
+                              key_size = ok_key_size)
+
+    CertUtils.generate_cert_generic(db_dir,
+                                    srcdir,
+                                    random.randint(100, 40000000),
+                                    key_type,
+                                    key_type + '-eeOK-intOK-caBad',
+                                    ee_ext_text,
+                                    int_key,
+                                    int_cert,
+                                    dsa_param_filename = dsaOK_param_filename,
+                                    key_size = ok_key_size)
+
+    # Bad Intermediate
+    [intBad_key, intBad_cert] = CertUtils.generate_cert_generic(
+                                    db_dir,
+                                    srcdir,
+                                    random.randint(100, 40000000),
+                                    key_type,
+                                    key_type + '-intBad-caOK',
+                                    ca_ext_text,
+                                    caOK_key,
+                                    caOK_cert,
+                                    dsa_param_filename = dsaBad_param_filename,
+                                    key_size = bad_key_size)
+
+    CertUtils.generate_cert_generic(db_dir,
+                                    srcdir,
+                                    random.randint(100, 40000000),
+                                    key_type,
+                                    key_type + '-eeOK-intBad-caOK',
+                                    ee_ext_text,
+                                    intBad_key,
+                                    intBad_cert,
+                                    dsa_param_filename = dsaOK_param_filename,
+                                    key_size = ok_key_size)
+
+    # Bad End Entity
+    CertUtils.generate_cert_generic(db_dir,
+                                    srcdir,
+                                    random.randint(100, 40000000),
+                                    key_type,
+                                    key_type + '-eeBad-intOK-caOK',
+                                    ee_ext_text,
+                                    intOK_key,
+                                    intOK_cert,
+                                    dsa_param_filename = dsaBad_param_filename,
+                                    key_size = bad_key_size)
+
+# SECKEY_PublicKeyStrengthInBits() rounds up the number of bits to the next
+# multiple of 8 - therefore the highest key size less than 1024 that can be
+# tested at the moment is 1016
+generate_certs('rsa', '1016', '1024')
+
+generate_certs('dsa', '960', '1024')
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..f7079a333a18af457a124c02931266d2f500c1b2
GIT binary patch
literal 438
zc$_n6V%%iV#3-|XnTe5!iG|^`td9XN8>d#AN85K^Mn-N{1_Kd8Ap-$6=1>-99?qiT
zMBU^>r^FNkIdNV?69aQYV?$FD3nTL=ab6=3*8s}Jp{sEovgwSh49tx^3<ixIOpOf;
z2SnDmc|EB7<ojyw>K+Mkxf5m2H19_9x84&EXAfBXTQlc`SH_jocN!bls|zWoX<QcL
z_@*kHH`_|;P3Kc>ZSmzkJKoFa9caq(`?UE(n$(nE`sc(#LLdLlbv}1~Wpd%dNg5VB
zo6bgGx$)lGe*4<UZOYBl60EPr^IV=+xvI8iVI~tZBLm}NVFN(}exS2ug&7(Dv#=U4
z11YosVFtR@qW5#J-~W5YQ+`VQ^3GkBapJ}NOK1NdvYa5dCidkiu46l=6)xgF^KV<p
zYE73VpDySxXAwL0-f>C7HWfd=FR$WR7iN4)PhXJD*41EFTgi2D$?Ll-Gdmv0{au&U
rowK+^<gtX>Zr;Y~>YT4H6~0JZt)FCFv*5GI?i&@8ULI=t*H{DqJV&WS
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0016f5152ca9fcb536e6cf63c605826391f8da32
GIT binary patch
literal 438
zc$_n6V%%iV#3;RhnTe5!iG^XuI}Zb1HcqWJkGAi;jEvl@3<ko6f(HC-%%LpIJRC*E
ziMq*&{@w<1;=G0?2IhvwhNdPKMrKjsyhb3d0hEhfQ{#MOvl&?#m>YW;3>rI`8XFm2
zRA=8RI#nIGrpDekFjM|#m#fGVE#5bCD)LV-3bYu@it90OGKnwx^5FUu@s+oC%~N=>
z>MZj^fzLjfIlZFJ&nh&QZ7M3Qwb9pHo*{4ghdc7${q)TaJKhS+h+x_`&!aEGF)vCa
zXitw_hg?kM+xw-LW;dxQOg5~!zGA9wSyjXAtxU{}42+9~4Is{z6=r1o&%$cJ45ZM)
zgBj@9ODlh-=Bn0OEGfD>rE8JAq|i@!eVzKR4AJ*zEsnc(ZQHE{t>Q%~VpE?<CH#FF
z&$~46y1}DOyF*ncuK9YS%cxdyXW8$6Ei>Nfe@NBVdV8!@c=!J{-xEb^_I}<xNo&s!
oCmyc#DW1DC=gw`vdtK7(x4r;(VCsZ|nz>@7GHaL2eNeLr08zZ70RR91
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..7397577653cc496ac8f07e8b7351fe4af172cb1b
GIT binary patch
literal 434
zc$_n6Vq9m?#3;UinTe5!iG|^w;#vb<HcqWJkGAi;jEvl@3<i>h;s&B@%%LpIJbXpP
ziMpA2CH~&J$%+2n26E!Oh9(B)hQ@}bCKg8KQR2KtAg%$FYankZYak8LDgx4)n(CC8
zf^0zJJY?G#Ss9ocdl(EFJD3_97%slbUFPybPiM>Njw(J@t4J4?J_~(y_xkA{OPv)f
z-|bkj`ecmW<27<;PU?M34LJDy-~uVL4flk$l{lR;@&0sUlEsGdWtJIhKh0CKFAe&a
zB(^fbeaVk4jk_H#Eq7`xk@+_3?A=)}nKZg>B#);o*#BAnpZRgNsO7J7o?i14RJdx%
z#LURRh!z&ijg1Uy1}nD(${qT?;It;kLg6Imh^NcGT=*xO#HS^7#3u5?rzf+&$1OMF
zRP5g^xc^nokAH=Y$11Cqf1CKO_wF;(^a{O4h2Q0B3@oEsBGx=zZq&${;Ogo4W`$6X
u)szUe%g#QAv!9zLu&=Xu+!1;zhD&43%ZCQ>89Keb(-r>hy6inEO%4EWv!>nv
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..f8d60726e084558f2f7dc76e0c589b359b21182a
GIT binary patch
literal 435
zc$_n6Vq9;~#3;FdnTe5!iG|Va2D<?-8>d#AN85K^Mn-N{1_LQW2?H@U=1>-99{!@@
zMBU815~suz-Q+}nZv#1TUPBWDb3<c8Qxgj#^C)p%BM{dB$~BNTlr@ls=oJC!O-=Rp
zMlqmqKC*R;tPISJy$lA8olK3543G8RTv+LH_v_E~TSW`5XIgcKs@(FM|3u-2_Sf1!
z{XZ|)G@X!Ek6JFjX7a71j)^>BF+c5B*Y9&>yPETKPUqG>B{y}?tIwvK^<VnykUHCu
zl&QW!tejVwAO1S?Qt|x6cXKEHon<F-X?}FajH4=Vqw_i3a^#i^AGiGy&ipurWtO;A
zEfX^%10z~!FgG?Z@E>lx5hIaU@vUL+qN`<AS$a#DZ_7OXxvyF=<Ia`6zuzaRq>21~
z68JHOy<YQa2zz>_-TJ_<1&*Is8_!K&xGgm~L%QWUo8ZJ7S0^aHvRU4DI?_P8c2Cv0
vsz)L&4oS;=*K9vN_muCVC;O(RZQi~-jWs__T%qLB|N1p1HG3O-R_Or%=;Er3
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..5ec9faf69dfe2fb5754b3066887b16bba2090b32
GIT binary patch
literal 436
zc$_n6V%%WR#3;FdnTe5!iG|@y)m8&uHcqWJkGAi;jEvl@3<gq$5(Z*y%%LpIJp4t)
ziMpA2CH~&J$%#&hDF$-lyoM$Q=7z?GrY06f=27CjMj);MlxrYwC~F`M(JKPdo0<yL
ziflmRd}QkwSs9ocdl?KGJDD0A8EzEG&em_5@l>s{_T<x-l|K$hbbLBn<6a)@dt@(T
z^j*o?kIRyhTGe~cyxnECFS)b+!divC<xe+OUrfn)d48gil;#yT#Yc>dY<x??-?ird
zF3>ntymo`oQ7(};D<%iXIr)8m%lkL}Oy4x=H%^KlY{NtBXPHeA?(dHMe_B9CW?^h2
z6Eh<NBU)%M1KlOHzvEK=>Z2l+>o?kpe*L^Q@64|kicy<qp6+?E(^~cV*|M(%0^1`p
z&wkL`n)*j!-;0RJ#ph2{&iwe$X#Ms8HO&{#A2>2jI-Is%u-?S3U~8mFK<S}GE@4aS
uwX+?A)0g^s&6e_bdAqx*>u!4G#=U#$=jrfhos?Z>a6-k8zuYR8Hx>YGI;jBw
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..94dfef87e0e90302740d7280c42f1bbd7599b625
GIT binary patch
literal 434
zc$_n6Vq9m?#3;UinTe5!iG}h0=kEr*Y@Awc9&O)w85y}*84M&1#SKK+m_u2ZdH9No
z6LmB5O8mWblN0^D4dldm4NVNp4UG*=O)QMeqQrTPKwJYT*Fert#y|?9RT!i-H5I56
zNq^&fWXl*?8JHV;84MabnHn1zuB^HEMl4f2HL!L2wC_{SvR`$s+NYaip*Nw-bKb{z
z8;;BGj(mNW&8-nyoV9)O)ToPM0nAcMk2qC6_PcOp+LrF5bFUB1*}M4uvZG2`85#4w
z-#@+P%1MDoAM~HbUHri&@kMIRyg$8~U(^cRK0P{n_3KW<?Pq&M44M?#?iX%9xaI1h
zlT6Hv42)=D!3=bl-Gejpo@f90@$z}Y@;-<8ag3|JA9WE-%*(2e59aS$vx-0ai+9Bh
zv#>{B$`ZG2X1qQ<^+n&ku8ro&cO;KaGd<@wq33Bu^VaJ>{kJNFM7nQcbI@~G9l!p+
vRi1vgvFF)C^Y71CEA8=3<MynTE2b>ARfrLaZ`~2hHaE+Wqs{ZTe>*b(M76Lp
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..707d0004daf4ea55bd44da53451e5ce96065e5f3
GIT binary patch
literal 444
zc$_n6V%%ZS#HhG{nTe5!iG@k}ZK(k-8>d#AN85K^Mn-N{1_NP3K?8m^=1>-99*&~o
zMBU^>e{Tahab80c19L-TLsJtABl9S6ULz3K0LnFxGL$e7gJ|LhY0AtiaY{^q=xv;b
zYy~4L19M{!gF#~lQ)2_exy)Ji(+~Y$QTQ`)0rRQp3?6*fwdT%9eZDF0^`eLVM_+L7
z{nV_lKP4~w^r20L+CCTa-UW3C^PS|<nLaI2`Py;;)ws7>+V!e$C#s8_b-yVh#_@84
zw0dPj<iqRMcFXRuA9mY&tv<*pg*oK%fA*t2-2P3g@1ESeYVzWe5~r1apT1;bW@KPo
zENlSrv8*s7<9`-b17;wF7Ank*jSPJL5BZkmRtTlN(X2mrBYDc6O}9El%DcES?tc1h
z&$rw&dg`TZOP(EPes<O+VYclD6XDR`<t)wS^MvzzWxlFTY2na%U-8<}EA3u<sUX{i
zwd-4J8}hsNGR(T|dLZb|!J0)^g|7Vj_ULSq{$uMs&x}m2q`K+^DCEoZwcnrpQfuX;
F2mlV*r?db7
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..b7391c49ab365f162407d3e272a5e35fddf2c038
GIT binary patch
literal 445
zc$_n6V%%xa#HhT0nTe5!iG`v2S+4;v8>d#AN85K^Mn-N{1_Kd8Ap-$6=1>-99?qiT
zMBU^>r^FNkIdNV?69aQYV?$FD3nTL=ab6=3*8s{jkTR4o5QFIA2kFYpEAjV+>TR5l
zYzHGN19M|9gF#~_Q)45;b}t9!&f0|^IG^nmlDzHqApF2f?YjE%MS8)P^c?GNu6h4s
z)5nZpov;&!4Nn({H#C(rFMK0w_3*m;%e{{;YzyA9v~P*UJWeO?d-rQ&eYjdqeD1#`
z?k}G_-#g*&W{cp{yWOMnA7_1S><fQf5mTc4u=Ga5A%8KRS+^_~d^_0a&}YlU%*epF
zSlB?&fFJ03Sz$)T|17Kq%s>h)T$mdh7(xX9I^Fsuz31&B=gSu^3*K)myXt)|_K}v(
z?@gs?O+CyDw?De3*Z5j^J7Z2??sbMmVS>UUeXHx7A1(LJ{M@+hNrFeM*<$<a8kM#>
z-;%NvV-vTxtm@mZxb(|iamkl+6MBW!GHi{Xt+w<1YQ(j!{*=e>`OIG`z4k4ON&B&)
Hz9|X-mm#Y<
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..d41c1cb05c90f8e10e0453581b3aee6e0c63ad00
GIT binary patch
literal 444
zc$_n6V%%ZS#HhG{nTe5!iG@+@VXgr$8>d#AN85K^Mn-N{1_NP3K?8m^=1>-99*&~o
zMBU^>e{Tahab80c19L-TLsJtABeN)RULz3K0LnFxG!!=wg=pdfY0Ati@%M&kZJdv6
z10yQ~b7L=qL1QOVV<W?cuO1<f`C1=+eEd_KXXc0P70aT&%ru*+_|UpgRb}s`ZI4$a
zbI-ZCY1XrJ*B)*oRyKRZQ$iDd``2;rN?bFeY|HGhZw`XRxwc7v9n&{hb%bo5b6@ZM
znfZIy&Esy#{#bPFL)@!w|9kVa)>_Cs);~7EZuVk>+AMkNC0D*ZVw$~us+v6$Gb01z
zVqpV_k7b1!8UM4e8ZZMXv`}FNI(Ao0z$xaru9w(8_=Zkj$GxQVkJGG~y5edwhpt@V
z<Ko<vvC~w%o#*S3(>7Jo*ZwqJPB^kLHgp2#*|Ue%nb<Ku_ndu8R52me_~sN#^;sqY
z5#5u_Bo$4xZP}z}9@(|WZu9Yvx71zgl@u@AFKKG(dX|0Zzv}MPJ5v3dugmYUaCQsm
F1OS9!qyhi{
--- a/security/manager/ssl/tests/unit/xpcshell.ini
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@@ -10,16 +10,17 @@ support-files =
   test_getchain/**
   test_intermediate_basic_usage_constraints/**
   test_name_constraints/**
   test_cert_trust/**
   test_cert_version/**
   test_cert_eku/**
   test_ocsp_url/**
   test_ocsp_fetch_method/**
+  test_keysize/**
 
 [test_datasignatureverifier.js]
 [test_hash_algorithms.js]
 [test_hmac.js]
 
 [test_sts_preloadlist_perwindowpb.js]
 # Bug 978426: Test fails consistently only on B2G ARM
 skip-if = buildapp == "b2g" && processor = "arm"
@@ -87,8 +88,9 @@ skip-if = os == "android"
 run-sequentially = hardcoded ports
 # Bug 1009158: this test times out on Android
 skip-if = os == "android"
 [test_ocsp_no_hsts_upgrade.js]
 run-sequentially = hardcoded ports
 # Bug 1009158: this test times out on Android
 skip-if = os == "android"
 [test_add_preexisting_cert.js]
+[test_keysize.js]