|
 |
24159a |
From 4a1bbbbe8ff1951dba9f5d6a69c42dcf274877d2 Mon Sep 17 00:00:00 2001
|
|
|
24159a |
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
|
|
24159a |
Date: Fri, 22 Jun 2018 14:05:43 +0200
|
|
|
24159a |
Subject: [PATCH 2/2] Squashed commit of the following:
|
|
|
24159a |
MIME-Version: 1.0
|
|
|
24159a |
Content-Type: text/plain; charset=UTF-8
|
|
|
24159a |
Content-Transfer-Encoding: 8bit
|
|
|
24159a |
|
|
|
24159a |
commit d1de64d54126a9662b0f709adf1467f1ca3caa50
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Wed Jun 20 19:15:31 2018 +0200
|
|
|
24159a |
|
|
|
24159a |
Fix allow_query tests with hmac-256 keys
|
|
|
24159a |
|
|
|
24159a |
commit 854606588f53ee403364461ad29dc1cfd29525a0
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Wed Mar 7 15:54:11 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Increase bitsize of DSA key to pass FIPS 140-2 mode.
|
|
|
24159a |
|
|
|
24159a |
commit 98dae21d1f863fa26c125271392288730da52842
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Thu Apr 19 18:28:09 2018 +0200
|
|
|
24159a |
|
|
|
24159a |
Fix nsupdate, tsig and rndc tests.
|
|
|
24159a |
Do not use md5 by default for rndc, skip gracefully md5 if not available.
|
|
|
24159a |
|
|
|
24159a |
Rename md5 keys to rndc*.conf, to pass util/merge_copyrights change.
|
|
|
24159a |
Fix dynamic ports merge.
|
|
|
24159a |
|
|
|
24159a |
commit 0ec5e2522aa32931cda5abd07a757035078840ea
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Wed Jun 20 19:34:20 2018 +0200
|
|
|
24159a |
|
|
|
24159a |
Use testcrypto for crypto detection. Generate random data per test into test directory.
|
|
|
24159a |
|
|
|
24159a |
commit 0ca3c85fa6450ae8b347fa5585d0134ebe41682c
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Wed Mar 7 13:21:00 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Add md5 availability detection to featuretest
|
|
|
24159a |
|
|
|
24159a |
commit c1b104ccf66a1ec37e941e303a56675c7dcccbaa
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Mon Jan 22 14:12:37 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Update system tests to detect MD5 disabled at runtime
|
|
|
24159a |
|
|
|
24159a |
commit 743d24de87b6f022b99d14d3109958660b9ee07b
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Fri Feb 23 21:57:11 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Make testcrypto FIPS compatible
|
|
|
24159a |
|
|
|
24159a |
(cherry picked from commit 0e15cc7012c537a5d683c35534d33d23fcc4d942)
|
|
|
24159a |
|
|
|
24159a |
commit 325dc1f4f37dc4b7133dd39d7780c10d183e4808
|
|
|
24159a |
Author: Evan Hunt <each@isc.org>
|
|
|
24159a |
Date: Mon Oct 31 23:01:38 2016 -0700
|
|
|
24159a |
|
|
|
24159a |
[v9_9] 4496. [func] dig: add +idnout to control whether labels are
|
|
|
24159a |
display in punycode or not. Requires idn support
|
|
|
24159a |
to be enabled at compile time. [RT #43398]
|
|
|
24159a |
|
|
|
24159a |
(cherry picked from commit 42470b0b87da24b18e0ff6ce78f3143e89df6d31)
|
|
|
24159a |
(cherry picked from commit 6552f33198438390724c5823b8dbcf477ec9638c)
|
|
|
24159a |
(cherry picked from commit 7aec46a5ef4074c3957d525643188257c7575841)
|
|
|
24159a |
|
|
|
24159a |
Skip IDN part and import only feature-test from system tests
|
|
|
24159a |
|
|
|
24159a |
(cherry picked from commit 61a01f48604ff6f5f84b64a5aaee722ebae8fadc)
|
|
|
24159a |
|
|
|
24159a |
commit d435ac7bcf72117e75e534c23fca1852f4140eb8
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Wed Mar 7 10:44:23 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Use hmac-sha256 instead of default hmac-md5 for allow-query.
|
|
|
24159a |
Do not use hmac-md5 in tests by default, make it pass with MD5 disabled.
|
|
|
24159a |
|
|
|
24159a |
commit 067ca65156a9fadb191b7c9073904a43f57f1896
|
|
|
24159a |
Author: Evan Hunt <each@isc.org>
|
|
|
24159a |
Date: Thu Feb 6 19:48:49 2014 -0800
|
|
|
24159a |
|
|
|
24159a |
[v9_9] add testcrypto.sh
|
|
|
24159a |
|
|
|
24159a |
(cherry picked from commit e9a2673e85173d93be168f561c5c77184d4e839d)
|
|
|
24159a |
|
|
|
24159a |
commit 3fd542379fa381b54381e07d6625ce53f9f9b1f0
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Thu Jun 21 12:00:35 2018 +0200
|
|
|
24159a |
|
|
|
24159a |
Revert "4450. [port] Provide more nuanced HSM support which better matches"
|
|
|
24159a |
|
|
|
24159a |
This reverts commit f3b4d031c1f714ff6e862670663aa5a18650951e.
|
|
|
24159a |
|
|
|
24159a |
Revert PK11_MD5_DISABLED also from remaining files. Keep documentation
|
|
|
24159a |
changes.
|
|
|
24159a |
|
|
|
24159a |
commit f90934f734796595135cdd7a5008555a615dfe8e
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Wed Jun 20 19:31:19 2018 +0200
|
|
|
24159a |
|
|
|
24159a |
Fix rndc-confgen default algorithm, report true algorithm in usage.
|
|
|
24159a |
|
|
|
24159a |
commit dd53212c12c6943a21a3c24d60995edd19e1d9f7
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Fri Feb 23 21:21:30 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Cleanup only if initialization was successful
|
|
|
24159a |
|
|
|
24159a |
commit f163ea51c46bb22bf264a1ac983e2027e43845fa
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Mon Feb 5 12:19:28 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Ensure dst backend is initialized first even before hmac algorithms.
|
|
|
24159a |
|
|
|
24159a |
commit 58751b60bd39168b7c8f817ede70473842432081
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Mon Feb 5 12:17:54 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Skip initialization of MD5 based algorithms if not available.
|
|
|
24159a |
|
|
|
24159a |
commit 0572b98430d3c80f4a0b0c592b1e3bf7fde9b768
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Mon Feb 5 10:21:27 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Change secalgs skipping to be more safe
|
|
|
24159a |
|
|
|
24159a |
commit 994f497a032930fce1370d507a265fbb293c66f4
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Wed Jan 31 18:26:11 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Skip MD5 algorithm also in case of NULL name
|
|
|
24159a |
|
|
|
24159a |
commit abd82fbd2507c4b8f20e1ade202fd66d224fd646
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Wed Jan 31 16:54:29 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Revert part of commit 1b5c641416eb6de7fc232fc89d31a40a4d439f3d related
|
|
|
24159a |
to SHA1.
|
|
|
24159a |
|
|
|
24159a |
commit b3c832d53a14a0779f598869bb99685c8e4b2bc0
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Wed Jan 31 11:38:12 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Make MD5 behave like unknown algorithm in TSIG.
|
|
|
24159a |
|
|
|
24159a |
commit a64a3d6962ee93d6f8699b29bd6507dba0c244ed
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Tue Nov 28 20:14:37 2017 +0100
|
|
|
24159a |
|
|
|
24159a |
Select token with most supported functions, instead of demanding it must support all functions
|
|
|
24159a |
|
|
|
24159a |
Initialize PKCS#11 always until successfully initialized
|
|
|
24159a |
|
|
|
24159a |
commit db118c6368668099ea1b6e75860cc12e178afa3b
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Mon Jan 22 16:17:44 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Handle MD5 unavailability from DST
|
|
|
24159a |
|
|
|
24159a |
commit 8f8824dca2f5b4d5a3a176d31ac3ee612321c4e3
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Mon Jan 22 14:11:16 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Check runtime flag from library and applications, fail gracefully.
|
|
|
24159a |
|
|
|
24159a |
commit bd431384af7dcde8827e670c8749517ad677a967
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Mon Jan 22 08:39:08 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Modify libraries to use isc_md5_available() if PK11_MD5_DISABLE is not
|
|
|
24159a |
defined.
|
|
|
24159a |
TODO: pk11.c should accept slot without MD5 support.
|
|
|
24159a |
|
|
|
24159a |
commit 160b13979ef3d0e92d2dd52d0987a3ec979be6cf
|
|
|
24159a |
Author: Petr Menšík <pemensik@redhat.com>
|
|
|
24159a |
Date: Mon Jan 22 07:21:04 2018 +0100
|
|
|
24159a |
|
|
|
24159a |
Add runtime detection whether MD5 is useable.
|
|
|
24159a |
|
|
|
24159a |
commit 23b27ce0f2ad496c331ae40349cc1074a1b11804
|
|
|
24159a |
Author: Mark Andrews <marka@isc.org>
|
|
|
24159a |
Date: Fri Aug 19 08:25:54 2016 +1000
|
|
|
24159a |
|
|
|
24159a |
4450. [port] Provide more nuanced HSM support which better matches
|
|
|
24159a |
the specific PKCS11 providers capabilities. [RT #42458]
|
|
|
24159a |
|
|
|
24159a |
(cherry picked from commit 8ee6f289d87851a5b898b24a64587f0e6bc225bc)
|
|
|
24159a |
---
|
|
|
24159a |
bin/tests/system/Makefile.in | 25 +++-
|
|
|
24159a |
bin/tests/system/acl/ns2/named1.conf | 4 +-
|
|
|
24159a |
bin/tests/system/acl/ns2/named2.conf | 4 +-
|
|
|
24159a |
bin/tests/system/acl/ns2/named3.conf | 6 +-
|
|
|
24159a |
bin/tests/system/acl/ns2/named4.conf | 4 +-
|
|
|
24159a |
bin/tests/system/acl/ns2/named5.conf | 4 +-
|
|
|
24159a |
bin/tests/system/acl/tests.sh | 32 +++---
|
|
|
24159a |
bin/tests/system/allow_query/ns2/named10.conf | 2 +-
|
|
|
24159a |
bin/tests/system/allow_query/ns2/named11.conf | 4 +-
|
|
|
24159a |
bin/tests/system/allow_query/ns2/named12.conf | 2 +-
|
|
|
24159a |
bin/tests/system/allow_query/ns2/named30.conf | 2 +-
|
|
|
24159a |
bin/tests/system/allow_query/ns2/named31.conf | 4 +-
|
|
|
24159a |
bin/tests/system/allow_query/ns2/named32.conf | 2 +-
|
|
|
24159a |
bin/tests/system/allow_query/ns2/named40.conf | 4 +-
|
|
|
24159a |
bin/tests/system/allow_query/tests.sh | 18 +--
|
|
|
24159a |
bin/tests/system/checkconf/bad-tsig.conf | 2 +-
|
|
|
24159a |
bin/tests/system/conf.sh.in | 6 +-
|
|
|
24159a |
bin/tests/system/digdelv/ns2/example.db | 15 ++-
|
|
|
24159a |
bin/tests/system/digdelv/tests.sh | 4 +-
|
|
|
24159a |
bin/tests/system/dlv/ns1/sign.sh | 4 +-
|
|
|
24159a |
bin/tests/system/dlv/ns2/sign.sh | 4 +-
|
|
|
24159a |
bin/tests/system/dlv/ns3/sign.sh | 68 +++++------
|
|
|
24159a |
bin/tests/system/dlv/ns6/sign.sh | 64 +++++------
|
|
|
24159a |
bin/tests/system/dnssec/ns2/sign.sh | 8 +-
|
|
|
24159a |
bin/tests/system/dnssec/prereq.sh | 11 +-
|
|
|
24159a |
bin/tests/system/feature-test.c | 159 ++++++++++++++++++++++++++
|
|
|
24159a |
bin/tests/system/filter-aaaa/ns1/sign.sh | 4 +-
|
|
|
24159a |
bin/tests/system/filter-aaaa/ns4/sign.sh | 4 +-
|
|
|
24159a |
bin/tests/system/keymgr/prereq.sh | 15 +--
|
|
|
24159a |
bin/tests/system/nsupdate/ns1/named.conf | 2 +-
|
|
|
24159a |
bin/tests/system/nsupdate/ns2/named.conf | 2 +-
|
|
|
24159a |
bin/tests/system/nsupdate/setup.sh | 7 +-
|
|
|
24159a |
bin/tests/system/nsupdate/tests.sh | 11 +-
|
|
|
24159a |
bin/tests/system/rndc/setup.sh | 4 +-
|
|
|
24159a |
bin/tests/system/rndc/tests.sh | 22 ++--
|
|
|
24159a |
bin/tests/system/testcrypto.sh | 71 ++++++++++++
|
|
|
24159a |
bin/tests/system/tkey/keycreate.c | 3 +
|
|
|
24159a |
bin/tests/system/tkey/keydelete.c | 18 ++-
|
|
|
24159a |
bin/tests/system/tkey/prereq.sh | 11 +-
|
|
|
24159a |
bin/tests/system/tsig/clean.sh | 1 +
|
|
|
24159a |
bin/tests/system/tsig/ns1/named.conf | 12 +-
|
|
|
24159a |
bin/tests/system/tsig/ns1/rndc5.conf.in | 22 ++++
|
|
|
24159a |
bin/tests/system/tsig/setup.sh | 25 ++++
|
|
|
24159a |
bin/tests/system/tsig/tests.sh | 75 +++++++-----
|
|
|
24159a |
bin/tests/system/tsiggss/setup.sh | 2 +-
|
|
|
24159a |
bin/tests/system/upforwd/ns1/named.conf | 2 +-
|
|
|
24159a |
bin/tests/system/upforwd/tests.sh | 2 +-
|
|
|
24159a |
47 files changed, 547 insertions(+), 230 deletions(-)
|
|
|
24159a |
create mode 100644 bin/tests/system/feature-test.c
|
|
|
24159a |
create mode 100644 bin/tests/system/testcrypto.sh
|
|
|
24159a |
create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
|
|
|
24159a |
create mode 100644 bin/tests/system/tsig/setup.sh
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/Makefile.in b/bin/tests/system/Makefile.in
|
|
|
24159a |
index 0c7fdffd01..afee71b2bb 100644
|
|
|
24159a |
--- a/bin/tests/system/Makefile.in
|
|
|
24159a |
+++ b/bin/tests/system/Makefile.in
|
|
|
24159a |
@@ -23,10 +23,31 @@ top_srcdir = @top_srcdir@
|
|
|
24159a |
|
|
|
24159a |
SUBDIRS = dlzexternal dyndb filter-aaaa geoip lwresd rpz rrl \
|
|
|
24159a |
rsabigexponent tkey tsiggss
|
|
|
24159a |
-TARGETS =
|
|
|
24159a |
+CINCLUDES = ${ISC_INCLUDES} ${DNS_INCLUDES}
|
|
|
24159a |
+
|
|
|
24159a |
+CDEFINES = @USE_GSSAPI@
|
|
|
24159a |
+CWARNINGS =
|
|
|
24159a |
+
|
|
|
24159a |
+DNSLIBS =
|
|
|
24159a |
+ISCLIBS = ../../../lib/isc/libisc.@A@
|
|
|
24159a |
+
|
|
|
24159a |
+DNSDEPLIBS =
|
|
|
24159a |
+ISCDEPLIBS =
|
|
|
24159a |
+
|
|
|
24159a |
+DEPLIBS =
|
|
|
24159a |
+
|
|
|
24159a |
+LIBS = @LIBS@
|
|
|
24159a |
+
|
|
|
24159a |
+OBJS = feature-test.@O@
|
|
|
24159a |
+SRCS = feature-test.c
|
|
|
24159a |
+
|
|
|
24159a |
+TARGETS = feature-test@EXEEXT@
|
|
|
24159a |
|
|
|
24159a |
@BIND9_MAKE_RULES@
|
|
|
24159a |
|
|
|
24159a |
+feature-test@EXEEXT@: feature-test.@O@
|
|
|
24159a |
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ feature-test.@O@ ${ISCLIBS} ${LIBS}
|
|
|
24159a |
+
|
|
|
24159a |
# Running the scripts below is bypassed when a separate
|
|
|
24159a |
# build directory is used.
|
|
|
24159a |
|
|
|
24159a |
@@ -38,6 +59,8 @@ test: subdirs
|
|
|
24159a |
testclean clean distclean::
|
|
|
24159a |
if test -f ./cleanall.sh; then sh ./cleanall.sh; fi
|
|
|
24159a |
rm -f systests.output
|
|
|
24159a |
+ rm -f ${TARGETS}
|
|
|
24159a |
+ rm -f ${OBJS}
|
|
|
24159a |
|
|
|
24159a |
distclean::
|
|
|
24159a |
rm -f conf.sh
|
|
|
24159a |
diff --git a/bin/tests/system/acl/ns2/named1.conf b/bin/tests/system/acl/ns2/named1.conf
|
|
|
24159a |
index b70d1dd761..9037a15c9d 100644
|
|
|
24159a |
--- a/bin/tests/system/acl/ns2/named1.conf
|
|
|
24159a |
+++ b/bin/tests/system/acl/ns2/named1.conf
|
|
|
24159a |
@@ -35,12 +35,12 @@ options {
|
|
|
24159a |
include "../../common/controls.conf";
|
|
|
24159a |
|
|
|
24159a |
key one {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
key two {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/acl/ns2/named2.conf b/bin/tests/system/acl/ns2/named2.conf
|
|
|
24159a |
index bcd7e0df19..648c5fdbdc 100644
|
|
|
24159a |
--- a/bin/tests/system/acl/ns2/named2.conf
|
|
|
24159a |
+++ b/bin/tests/system/acl/ns2/named2.conf
|
|
|
24159a |
@@ -35,12 +35,12 @@ options {
|
|
|
24159a |
include "../../common/controls.conf";
|
|
|
24159a |
|
|
|
24159a |
key one {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
key two {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/acl/ns2/named3.conf b/bin/tests/system/acl/ns2/named3.conf
|
|
|
24159a |
index ea2cbcb44a..546ecf6af4 100644
|
|
|
24159a |
--- a/bin/tests/system/acl/ns2/named3.conf
|
|
|
24159a |
+++ b/bin/tests/system/acl/ns2/named3.conf
|
|
|
24159a |
@@ -35,17 +35,17 @@ options {
|
|
|
24159a |
include "../../common/controls.conf";
|
|
|
24159a |
|
|
|
24159a |
key one {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
key two {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
key three {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/acl/ns2/named4.conf b/bin/tests/system/acl/ns2/named4.conf
|
|
|
24159a |
index 99edf7ebe5..4c84d0f163 100644
|
|
|
24159a |
--- a/bin/tests/system/acl/ns2/named4.conf
|
|
|
24159a |
+++ b/bin/tests/system/acl/ns2/named4.conf
|
|
|
24159a |
@@ -35,12 +35,12 @@ options {
|
|
|
24159a |
include "../../common/controls.conf";
|
|
|
24159a |
|
|
|
24159a |
key one {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
key two {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/acl/ns2/named5.conf b/bin/tests/system/acl/ns2/named5.conf
|
|
|
24159a |
index d17e1cf7b7..52ae56300e 100644
|
|
|
24159a |
--- a/bin/tests/system/acl/ns2/named5.conf
|
|
|
24159a |
+++ b/bin/tests/system/acl/ns2/named5.conf
|
|
|
24159a |
@@ -36,12 +36,12 @@ options {
|
|
|
24159a |
include "../../common/controls.conf";
|
|
|
24159a |
|
|
|
24159a |
key one {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
key two {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
|
|
|
24159a |
index 7207c5a1d3..753f9f6743 100644
|
|
|
24159a |
--- a/bin/tests/system/acl/tests.sh
|
|
|
24159a |
+++ b/bin/tests/system/acl/tests.sh
|
|
|
24159a |
@@ -28,13 +28,13 @@ echo "I:testing basic ACL processing"
|
|
|
24159a |
# key "one" should fail
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
# any other key should be fine
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
cp -f ns2/named2.conf ns2/named.conf
|
|
|
24159a |
@@ -44,18 +44,18 @@ sleep 5
|
|
|
24159a |
# prefix 10/8 should fail
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
# any other address should work, as long as it sends key "one"
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:two:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
echo "I:testing nested ACL processing"
|
|
|
24159a |
@@ -67,31 +67,31 @@ sleep 5
|
|
|
24159a |
# should succeed
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:two:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
# should succeed
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
# should succeed
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
# should succeed
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
# but only one or the other should fail
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
@@ -102,7 +102,7 @@ grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $tt failed" ; status=1; }
|
|
|
24159a |
# and other values? right out
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 127.0.0.1 axfr -y three:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 127.0.0.1 axfr -y hmac-sha256:three:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
# now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two
|
|
|
24159a |
@@ -113,31 +113,31 @@ sleep 5
|
|
|
24159a |
# should succeed
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:two:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
# should succeed
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
# should fail
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 10.53.0.2 axfr -y hmac-sha256:one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
# should fail
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 10.53.0.1 axfr -y hmac-sha256:two:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
# should fail
|
|
|
24159a |
t=`expr $t + 1`
|
|
|
24159a |
$DIG $DIGOPTS tsigzone. \
|
|
|
24159a |
- @10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
+ @10.53.0.2 -b 10.53.0.3 axfr -y hmac-sha256:one:1234abcd8765 -p 5300 > dig.out
|
|
|
24159a |
grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
|
|
|
24159a |
|
|
|
24159a |
echo "I:testing allow-query-on ACL processing"
|
|
|
24159a |
diff --git a/bin/tests/system/allow_query/ns2/named10.conf b/bin/tests/system/allow_query/ns2/named10.conf
|
|
|
24159a |
index 17786e6f87..918b185671 100644
|
|
|
24159a |
--- a/bin/tests/system/allow_query/ns2/named10.conf
|
|
|
24159a |
+++ b/bin/tests/system/allow_query/ns2/named10.conf
|
|
|
24159a |
@@ -20,7 +20,7 @@
|
|
|
24159a |
controls { /* empty */ };
|
|
|
24159a |
|
|
|
24159a |
key one {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/allow_query/ns2/named11.conf b/bin/tests/system/allow_query/ns2/named11.conf
|
|
|
24159a |
index 3d225bd9a2..2ccd8d4b3f 100644
|
|
|
24159a |
--- a/bin/tests/system/allow_query/ns2/named11.conf
|
|
|
24159a |
+++ b/bin/tests/system/allow_query/ns2/named11.conf
|
|
|
24159a |
@@ -20,12 +20,12 @@
|
|
|
24159a |
controls { /* empty */ };
|
|
|
24159a |
|
|
|
24159a |
key one {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
key two {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234efgh8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/allow_query/ns2/named12.conf b/bin/tests/system/allow_query/ns2/named12.conf
|
|
|
24159a |
index e5e64184c8..fd322bb709 100644
|
|
|
24159a |
--- a/bin/tests/system/allow_query/ns2/named12.conf
|
|
|
24159a |
+++ b/bin/tests/system/allow_query/ns2/named12.conf
|
|
|
24159a |
@@ -19,7 +19,7 @@
|
|
|
24159a |
controls { /* empty */ };
|
|
|
24159a |
|
|
|
24159a |
key one {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/allow_query/ns2/named30.conf b/bin/tests/system/allow_query/ns2/named30.conf
|
|
|
24159a |
index 9182f21af3..585436f1d9 100644
|
|
|
24159a |
--- a/bin/tests/system/allow_query/ns2/named30.conf
|
|
|
24159a |
+++ b/bin/tests/system/allow_query/ns2/named30.conf
|
|
|
24159a |
@@ -20,7 +20,7 @@
|
|
|
24159a |
controls { /* empty */ };
|
|
|
24159a |
|
|
|
24159a |
key one {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/allow_query/ns2/named31.conf b/bin/tests/system/allow_query/ns2/named31.conf
|
|
|
24159a |
index 19efdf397e..d7f0e80616 100644
|
|
|
24159a |
--- a/bin/tests/system/allow_query/ns2/named31.conf
|
|
|
24159a |
+++ b/bin/tests/system/allow_query/ns2/named31.conf
|
|
|
24159a |
@@ -20,12 +20,12 @@
|
|
|
24159a |
controls { /* empty */ };
|
|
|
24159a |
|
|
|
24159a |
key one {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
key two {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234efgh8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/allow_query/ns2/named32.conf b/bin/tests/system/allow_query/ns2/named32.conf
|
|
|
24159a |
index 3c207f3422..4d66a3812d 100644
|
|
|
24159a |
--- a/bin/tests/system/allow_query/ns2/named32.conf
|
|
|
24159a |
+++ b/bin/tests/system/allow_query/ns2/named32.conf
|
|
|
24159a |
@@ -19,7 +19,7 @@
|
|
|
24159a |
controls { /* empty */ };
|
|
|
24159a |
|
|
|
24159a |
key one {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/allow_query/ns2/named40.conf b/bin/tests/system/allow_query/ns2/named40.conf
|
|
|
24159a |
index cb81c79e5d..c581c5eefd 100644
|
|
|
24159a |
--- a/bin/tests/system/allow_query/ns2/named40.conf
|
|
|
24159a |
+++ b/bin/tests/system/allow_query/ns2/named40.conf
|
|
|
24159a |
@@ -23,12 +23,12 @@ acl accept { 10.53.0.2; };
|
|
|
24159a |
acl badaccept { 10.53.0.1; };
|
|
|
24159a |
|
|
|
24159a |
key one {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
key two {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "1234efgh8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/allow_query/tests.sh b/bin/tests/system/allow_query/tests.sh
|
|
|
24159a |
index 0592c342d4..c5ef867451 100644
|
|
|
24159a |
--- a/bin/tests/system/allow_query/tests.sh
|
|
|
24159a |
+++ b/bin/tests/system/allow_query/tests.sh
|
|
|
24159a |
@@ -195,7 +195,7 @@ sleep 5
|
|
|
24159a |
|
|
|
24159a |
echo "I:test $n: key allowed - query allowed"
|
|
|
24159a |
ret=0
|
|
|
24159a |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
|
|
24159a |
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
|
|
24159a |
if [ $ret != 0 ]; then echo "I:failed"; fi
|
|
|
24159a |
@@ -209,7 +209,7 @@ sleep 5
|
|
|
24159a |
|
|
|
24159a |
echo "I:test $n: key not allowed - query refused"
|
|
|
24159a |
ret=0
|
|
|
24159a |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
|
|
24159a |
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
|
|
24159a |
if [ $ret != 0 ]; then echo "I:failed"; fi
|
|
|
24159a |
@@ -223,7 +223,7 @@ sleep 5
|
|
|
24159a |
|
|
|
24159a |
echo "I:test $n: key disallowed - query refused"
|
|
|
24159a |
ret=0
|
|
|
24159a |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
|
|
24159a |
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
|
|
24159a |
if [ $ret != 0 ]; then echo "I:failed"; fi
|
|
|
24159a |
@@ -366,7 +366,7 @@ sleep 5
|
|
|
24159a |
|
|
|
24159a |
echo "I:test $n: views key allowed - query allowed"
|
|
|
24159a |
ret=0
|
|
|
24159a |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
|
|
24159a |
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
|
|
24159a |
if [ $ret != 0 ]; then echo "I:failed"; fi
|
|
|
24159a |
@@ -380,7 +380,7 @@ sleep 5
|
|
|
24159a |
|
|
|
24159a |
echo "I:test $n: views key not allowed - query refused"
|
|
|
24159a |
ret=0
|
|
|
24159a |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
|
|
24159a |
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
|
|
24159a |
if [ $ret != 0 ]; then echo "I:failed"; fi
|
|
|
24159a |
@@ -394,7 +394,7 @@ sleep 5
|
|
|
24159a |
|
|
|
24159a |
echo "I:test $n: views key disallowed - query refused"
|
|
|
24159a |
ret=0
|
|
|
24159a |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
|
|
24159a |
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
|
|
24159a |
if [ $ret != 0 ]; then echo "I:failed"; fi
|
|
|
24159a |
@@ -530,7 +530,7 @@ status=`expr $status + $ret`
|
|
|
24159a |
n=`expr $n + 1`
|
|
|
24159a |
echo "I:test $n: zone key allowed - query allowed"
|
|
|
24159a |
ret=0
|
|
|
24159a |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
|
|
24159a |
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
|
|
|
24159a |
if [ $ret != 0 ]; then echo "I:failed"; fi
|
|
|
24159a |
@@ -540,7 +540,7 @@ status=`expr $status + $ret`
|
|
|
24159a |
n=`expr $n + 1`
|
|
|
24159a |
echo "I:test $n: zone key not allowed - query refused"
|
|
|
24159a |
ret=0
|
|
|
24159a |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
|
|
24159a |
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
|
|
24159a |
if [ $ret != 0 ]; then echo "I:failed"; fi
|
|
|
24159a |
@@ -550,7 +550,7 @@ status=`expr $status + $ret`
|
|
|
24159a |
n=`expr $n + 1`
|
|
|
24159a |
echo "I:test $n: zone key disallowed - query refused"
|
|
|
24159a |
ret=0
|
|
|
24159a |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
|
|
|
24159a |
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
|
|
24159a |
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
|
|
24159a |
if [ $ret != 0 ]; then echo "I:failed"; fi
|
|
|
24159a |
diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
|
|
|
24159a |
index 8f0ecf7ea0..0e4718994f 100644
|
|
|
24159a |
--- a/bin/tests/system/checkconf/bad-tsig.conf
|
|
|
24159a |
+++ b/bin/tests/system/checkconf/bad-tsig.conf
|
|
|
24159a |
@@ -18,7 +18,7 @@
|
|
|
24159a |
|
|
|
24159a |
/* Bad secret */
|
|
|
24159a |
key "badtsig" {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha256;
|
|
|
24159a |
secret "jEdD+BPKg==";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
|
|
|
24159a |
index 930928b429..420320c737 100644
|
|
|
24159a |
--- a/bin/tests/system/conf.sh.in
|
|
|
24159a |
+++ b/bin/tests/system/conf.sh.in
|
|
|
24159a |
@@ -56,6 +56,10 @@ JOURNALPRINT=$TOP/bin/tools/named-journalprint
|
|
|
24159a |
VERIFY=$TOP/bin/dnssec/dnssec-verify
|
|
|
24159a |
ARPANAME=$TOP/bin/tools/arpaname
|
|
|
24159a |
SAMPLE=$TOP/lib/export/samples/sample
|
|
|
24159a |
+GENRANDOM=$TOP/bin/tools/genrandom
|
|
|
24159a |
+FEATURETEST=$TOP/bin/tests/system/feature-test
|
|
|
24159a |
+
|
|
|
24159a |
+RANDFILE=$TOP/bin/tests/system/random.data
|
|
|
24159a |
|
|
|
24159a |
# The "stress" test is not run by default since it creates enough
|
|
|
24159a |
# load on the machine to make it unusable to other users.
|
|
|
24159a |
@@ -89,4 +93,4 @@ fi
|
|
|
24159a |
|
|
|
24159a |
export NAMED LWRESD DIG NSUPDATE KEYGEN KEYFRLAB SIGNER KEYSIGNER KEYSETTOOL \
|
|
|
24159a |
PERL PYTHON SUBDIRS RNDC CHECKZONE PK11GEN PK11LIST PK11DEL TESTSOCK6 \
|
|
|
24159a |
- JOURNALPRINT ARPANAME SAMPLE
|
|
|
24159a |
+ JOURNALPRINT ARPANAME SAMPLE FEATURETEST
|
|
|
24159a |
diff --git a/bin/tests/system/digdelv/ns2/example.db b/bin/tests/system/digdelv/ns2/example.db
|
|
|
24159a |
index 0a1aa5d615..fd3ed3a045 100644
|
|
|
24159a |
--- a/bin/tests/system/digdelv/ns2/example.db
|
|
|
24159a |
+++ b/bin/tests/system/digdelv/ns2/example.db
|
|
|
24159a |
@@ -41,10 +41,13 @@ foo SSHFP 2 1 123456789abcdef67890123456789abcdef67890
|
|
|
24159a |
;;
|
|
|
24159a |
;; we are not testing DNSSEC behavior, so we don't care about the semantics
|
|
|
24159a |
;; of the following records.
|
|
|
24159a |
-dnskey 300 DNSKEY 256 3 1 (
|
|
|
24159a |
- AQPTpWyReB/e9Ii6mVGnakS8hX2zkh/iUYAg
|
|
|
24159a |
- +Ge4noWROpTWOIBvm76zeJPWs4Zfqa1IsswD
|
|
|
24159a |
- Ix5Mqeg0zwclz59uecKsKyx5w9IhtZ8plc4R
|
|
|
24159a |
- b9VIE5x7KNHAYTvTO5d4S8M=
|
|
|
24159a |
- )
|
|
|
24159a |
+dnskey 300 DNSKEY 256 3 8 (
|
|
|
24159a |
+ AwEAAaWmCoDpj2K59zcpqnmnQM7IC/XbjS6jIP7uTBR4X7p1bdQJzAeo
|
|
|
24159a |
+ EnMhnpnxPp0j+20eZm4847DB2U+HuHy79Mvqd3aozTmfBJvzjKs9qyba
|
|
|
24159a |
+ zY/ZHn6BDYxNJiFfjSS/VJ1KuQPDbpCzhm2hbvT5s9nSOaG0WyRk+d+R
|
|
|
24159a |
+ qEca11E7ZKkmmNiGlyzMAgfmTTBwgxWBAAhvd9nU1GqD6eQ6Z63hpTc/
|
|
|
24159a |
+ KDIHnFTo7pOcZ4z5urIKUMCMcFytedETlEoR5CIWGPdQq2eIEEMfn5ld
|
|
|
24159a |
+ QqdEZRHVErD9og8aluJ2s767HZb8LzjCfYgBFoT9/n48T75oZLEKtSkG
|
|
|
24159a |
+ /idCeeQlaLU=
|
|
|
24159a |
+ )
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
|
|
|
24159a |
index a19256cde3..bdfacf9fb4 100644
|
|
|
24159a |
--- a/bin/tests/system/digdelv/tests.sh
|
|
|
24159a |
+++ b/bin/tests/system/digdelv/tests.sh
|
|
|
24159a |
@@ -59,7 +59,7 @@ if [ -x ${DIG} ] ; then
|
|
|
24159a |
echo "I:checking dig +rrcomments works for DNSKEY($n)"
|
|
|
24159a |
ret=0
|
|
|
24159a |
$DIG $DIGOPTS +tcp @10.53.0.3 +rrcomments DNSKEY dnskey.example > dig.out.test$n || ret=1
|
|
|
24159a |
- grep "; ZSK; alg = RSAMD5 *; key id = 30795" < dig.out.test$n > /dev/null || ret=1
|
|
|
24159a |
+ grep "; ZSK; alg = RSASHA256 *; key id = 36895$" < dig.out.test$n > /dev/null || ret=1
|
|
|
24159a |
if [ $ret != 0 ]; then echo "I:failed"; fi
|
|
|
24159a |
status=`expr $status + $ret`
|
|
|
24159a |
|
|
|
24159a |
@@ -146,7 +146,7 @@ if [ -n "${DELV}" -a -x "${DELV}" ] ; then
|
|
|
24159a |
echo "I:checking delv +rrcomments works for DNSKEY($n)"
|
|
|
24159a |
ret=0
|
|
|
24159a |
$DELV $DELVOPTS @10.53.0.3 +rrcomments DNSKEY dnskey.example > delv.out.test$n || ret=1
|
|
|
24159a |
- grep "; ZSK; alg = RSAMD5 *; key id = 30795" < delv.out.test$n > /dev/null || ret=1
|
|
|
24159a |
+ grep "; ZSK; alg = RSASHA256 *; key id = 36895" < dig.out.test$n > /dev/null || ret=1
|
|
|
24159a |
if [ $ret != 0 ]; then echo "I:failed"; fi
|
|
|
24159a |
status=`expr $status + $ret`
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh
|
|
|
24159a |
index 9854f5b7ce..cf261c136c 100755
|
|
|
24159a |
--- a/bin/tests/system/dlv/ns1/sign.sh
|
|
|
24159a |
+++ b/bin/tests/system/dlv/ns1/sign.sh
|
|
|
24159a |
@@ -30,8 +30,8 @@ infile=root.db.in
|
|
|
24159a |
zonefile=root.db
|
|
|
24159a |
outfile=root.signed
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh
|
|
|
24159a |
index edcc8f21d4..4e142b00d8 100755
|
|
|
24159a |
--- a/bin/tests/system/dlv/ns2/sign.sh
|
|
|
24159a |
+++ b/bin/tests/system/dlv/ns2/sign.sh
|
|
|
24159a |
@@ -31,8 +31,8 @@ zonefile=druz.db
|
|
|
24159a |
outfile=druz.pre
|
|
|
24159a |
dlvzone=utld.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh
|
|
|
24159a |
index 6bdc2f6cc5..64c5846f7d 100755
|
|
|
24159a |
--- a/bin/tests/system/dlv/ns3/sign.sh
|
|
|
24159a |
+++ b/bin/tests/system/dlv/ns3/sign.sh
|
|
|
24159a |
@@ -34,8 +34,8 @@ zonefile=child1.utld.db
|
|
|
24159a |
outfile=child1.signed
|
|
|
24159a |
dlvsets="$dlvsets dlvset-$zone"
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -49,8 +49,8 @@ zonefile=child3.utld.db
|
|
|
24159a |
outfile=child3.signed
|
|
|
24159a |
dlvsets="$dlvsets dlvset-$zone"
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -64,8 +64,8 @@ zonefile=child4.utld.db
|
|
|
24159a |
outfile=child4.signed
|
|
|
24159a |
dlvsets="$dlvsets dlvset-$zone"
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -79,8 +79,8 @@ zonefile=child5.utld.db
|
|
|
24159a |
outfile=child5.signed
|
|
|
24159a |
dlvsets="$dlvsets dlvset-$zone"
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -93,8 +93,8 @@ infile=child.db.in
|
|
|
24159a |
zonefile=child7.utld.db
|
|
|
24159a |
outfile=child7.signed
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -107,8 +107,8 @@ infile=child.db.in
|
|
|
24159a |
zonefile=child8.utld.db
|
|
|
24159a |
outfile=child8.signed
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -122,8 +122,8 @@ zonefile=child9.utld.db
|
|
|
24159a |
outfile=child9.signed
|
|
|
24159a |
dlvsets="$dlvsets dlvset-$zone"
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -136,8 +136,8 @@ zonefile=child10.utld.db
|
|
|
24159a |
outfile=child10.signed
|
|
|
24159a |
dlvsets="$dlvsets dlvset-$zone"
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -151,8 +151,8 @@ outfile=child1.druz.signed
|
|
|
24159a |
dlvsets="$dlvsets dlvset-$zone"
|
|
|
24159a |
dssets="$dssets dsset-$zone"
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -167,8 +167,8 @@ outfile=child3.druz.signed
|
|
|
24159a |
dlvsets="$dlvsets dlvset-$zone"
|
|
|
24159a |
dssets="$dssets dsset-$zone"
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -183,8 +183,8 @@ outfile=child4.druz.signed
|
|
|
24159a |
dlvsets="$dlvsets dlvset-$zone"
|
|
|
24159a |
dssets="$dssets dsset-$zone"
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -199,8 +199,8 @@ outfile=child5.druz.signed
|
|
|
24159a |
dlvsets="$dlvsets dlvset-$zone"
|
|
|
24159a |
dssets="$dssets dsset-$zone"
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -214,8 +214,8 @@ zonefile=child7.druz.db
|
|
|
24159a |
outfile=child7.druz.signed
|
|
|
24159a |
dssets="$dssets dsset-$zone"
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -228,8 +228,8 @@ infile=child.db.in
|
|
|
24159a |
zonefile=child8.druz.db
|
|
|
24159a |
outfile=child8.druz.signed
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -243,8 +243,8 @@ zonefile=child9.druz.db
|
|
|
24159a |
outfile=child9.druz.signed
|
|
|
24159a |
dlvsets="$dlvsets dlvset-$zone"
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -258,8 +258,8 @@ outfile=child10.druz.signed
|
|
|
24159a |
dlvsets="$dlvsets dlvset-$zone"
|
|
|
24159a |
dssets="$dssets dsset-$zone"
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -272,8 +272,8 @@ infile=dlv.db.in
|
|
|
24159a |
zonefile=dlv.utld.db
|
|
|
24159a |
outfile=dlv.signed
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh
|
|
|
24159a |
index 2bc133e5d6..227c1cb69f 100755
|
|
|
24159a |
--- a/bin/tests/system/dlv/ns6/sign.sh
|
|
|
24159a |
+++ b/bin/tests/system/dlv/ns6/sign.sh
|
|
|
24159a |
@@ -28,8 +28,8 @@ infile=child.db.in
|
|
|
24159a |
zonefile=grand.child1.utld.db
|
|
|
24159a |
outfile=grand.child1.signed
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -43,8 +43,8 @@ zonefile=grand.child3.utld.db
|
|
|
24159a |
outfile=grand.child3.signed
|
|
|
24159a |
dlvzone=dlv.utld.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -58,8 +58,8 @@ zonefile=grand.child4.utld.db
|
|
|
24159a |
outfile=grand.child4.signed
|
|
|
24159a |
dlvzone=dlv.utld.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -73,8 +73,8 @@ zonefile=grand.child5.utld.db
|
|
|
24159a |
outfile=grand.child5.signed
|
|
|
24159a |
dlvzone=dlv.utld.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -88,8 +88,8 @@ zonefile=grand.child7.utld.db
|
|
|
24159a |
outfile=grand.child7.signed
|
|
|
24159a |
dlvzone=dlv.utld.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -103,8 +103,8 @@ zonefile=grand.child8.utld.db
|
|
|
24159a |
outfile=grand.child8.signed
|
|
|
24159a |
dlvzone=dlv.utld.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -118,8 +118,8 @@ zonefile=grand.child9.utld.db
|
|
|
24159a |
outfile=grand.child9.signed
|
|
|
24159a |
dlvzone=dlv.utld.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -132,8 +132,8 @@ zonefile=grand.child10.utld.db
|
|
|
24159a |
outfile=grand.child10.signed
|
|
|
24159a |
dlvzone=dlv.utld.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -145,8 +145,8 @@ infile=child.db.in
|
|
|
24159a |
zonefile=grand.child1.druz.db
|
|
|
24159a |
outfile=grand.child1.druz.signed
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -160,8 +160,8 @@ zonefile=grand.child3.druz.db
|
|
|
24159a |
outfile=grand.child3.druz.signed
|
|
|
24159a |
dlvzone=dlv.druz.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -175,8 +175,8 @@ zonefile=grand.child4.druz.db
|
|
|
24159a |
outfile=grand.child4.druz.signed
|
|
|
24159a |
dlvzone=dlv.druz.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -190,8 +190,8 @@ zonefile=grand.child5.druz.db
|
|
|
24159a |
outfile=grand.child5.druz.signed
|
|
|
24159a |
dlvzone=dlv.druz.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -205,8 +205,8 @@ zonefile=grand.child7.druz.db
|
|
|
24159a |
outfile=grand.child7.druz.signed
|
|
|
24159a |
dlvzone=dlv.druz.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -220,8 +220,8 @@ zonefile=grand.child8.druz.db
|
|
|
24159a |
outfile=grand.child8.druz.signed
|
|
|
24159a |
dlvzone=dlv.druz.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -235,8 +235,8 @@ zonefile=grand.child9.druz.db
|
|
|
24159a |
outfile=grand.child9.druz.signed
|
|
|
24159a |
dlvzone=dlv.druz.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -249,8 +249,8 @@ zonefile=grand.child10.druz.db
|
|
|
24159a |
outfile=grand.child10.druz.signed
|
|
|
24159a |
dlvzone=dlv.druz.
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh
|
|
|
24159a |
index 118b8a6d6b..0c4dcb4b19 100644
|
|
|
24159a |
--- a/bin/tests/system/dnssec/ns2/sign.sh
|
|
|
24159a |
+++ b/bin/tests/system/dnssec/ns2/sign.sh
|
|
|
24159a |
@@ -38,8 +38,8 @@ do
|
|
|
24159a |
cp ../ns3/dsset-$subdomain.example. .
|
|
|
24159a |
done
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
|
|
24159a |
-keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
|
|
24159a |
+keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 1024 -n zone $zone`
|
|
|
24159a |
+keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 1024 -n zone $zone`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -98,7 +98,7 @@ privzone=private.secure.example.
|
|
|
24159a |
privinfile=private.secure.example.db.in
|
|
|
24159a |
privzonefile=private.secure.example.db
|
|
|
24159a |
|
|
|
24159a |
-privkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $privzone`
|
|
|
24159a |
+privkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $privzone`
|
|
|
24159a |
|
|
|
24159a |
cat $privinfile $privkeyname.key >$privzonefile
|
|
|
24159a |
|
|
|
24159a |
@@ -111,7 +111,7 @@ dlvzone=dlv.
|
|
|
24159a |
dlvinfile=dlv.db.in
|
|
|
24159a |
dlvzonefile=dlv.db
|
|
|
24159a |
|
|
|
24159a |
-dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone`
|
|
|
24159a |
+dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $dlvzone`
|
|
|
24159a |
|
|
|
24159a |
cat $dlvinfile $dlvkeyname.key dlvset-$privzone > $dlvzonefile
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/dnssec/prereq.sh b/bin/tests/system/dnssec/prereq.sh
|
|
|
24159a |
index 113e372c28..84630d8abc 100644
|
|
|
24159a |
--- a/bin/tests/system/dnssec/prereq.sh
|
|
|
24159a |
+++ b/bin/tests/system/dnssec/prereq.sh
|
|
|
24159a |
@@ -17,13 +17,4 @@
|
|
|
24159a |
|
|
|
24159a |
# $Id: prereq.sh,v 1.13 2009/10/28 00:27:10 marka Exp $
|
|
|
24159a |
|
|
|
24159a |
-../../../tools/genrandom 400 random.data
|
|
|
24159a |
-
|
|
|
24159a |
-if $KEYGEN -q -a RSAMD5 -b 512 -n zone -r random.data foo > /dev/null 2>&1
|
|
|
24159a |
-then
|
|
|
24159a |
- rm -f Kfoo*
|
|
|
24159a |
-else
|
|
|
24159a |
- echo "I:This test requires cryptography" >&2
|
|
|
24159a |
- echo "I:--with-openssl, or --with-pkcs11 and --enable-native-pkcs11" >&2
|
|
|
24159a |
- exit 1
|
|
|
24159a |
-fi
|
|
|
24159a |
+exec $SHELL ../testcrypto.sh
|
|
|
24159a |
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
|
|
|
24159a |
new file mode 100644
|
|
|
24159a |
index 0000000000..495f46a32a
|
|
|
24159a |
--- /dev/null
|
|
|
24159a |
+++ b/bin/tests/system/feature-test.c
|
|
|
24159a |
@@ -0,0 +1,159 @@
|
|
|
24159a |
+/*
|
|
|
24159a |
+ * Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
|
|
|
24159a |
+ *
|
|
|
24159a |
+ * This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
24159a |
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
24159a |
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
24159a |
+ */
|
|
|
24159a |
+
|
|
|
24159a |
+#include <config.h>
|
|
|
24159a |
+
|
|
|
24159a |
+#include <unistd.h>
|
|
|
24159a |
+#include <stdio.h>
|
|
|
24159a |
+#include <stdlib.h>
|
|
|
24159a |
+#include <string.h>
|
|
|
24159a |
+
|
|
|
24159a |
+#include <isc/print.h>
|
|
|
24159a |
+#include <isc/util.h>
|
|
|
24159a |
+#include <isc/md5.h>
|
|
|
24159a |
+
|
|
|
24159a |
+#ifdef WIN32
|
|
|
24159a |
+#include <Winsock2.h>
|
|
|
24159a |
+#endif
|
|
|
24159a |
+
|
|
|
24159a |
+#ifndef MAXHOSTNAMELEN
|
|
|
24159a |
+#ifdef HOST_NAME_MAX
|
|
|
24159a |
+#define MAXHOSTNAMELEN HOST_NAME_MAX
|
|
|
24159a |
+#else
|
|
|
24159a |
+#define MAXHOSTNAMELEN 256
|
|
|
24159a |
+#endif
|
|
|
24159a |
+#endif
|
|
|
24159a |
+
|
|
|
24159a |
+static void
|
|
|
24159a |
+usage() {
|
|
|
24159a |
+ fprintf(stderr, "usage: feature-test <arg>\n");
|
|
|
24159a |
+ fprintf(stderr, "args:\n");
|
|
|
24159a |
+ fprintf(stderr, " --enable-filter-aaaa\n");
|
|
|
24159a |
+ fprintf(stderr, " --gethostname\n");
|
|
|
24159a |
+ fprintf(stderr, " --gssapi\n");
|
|
|
24159a |
+ fprintf(stderr, " --have-dlopen\n");
|
|
|
24159a |
+ fprintf(stderr, " --have-geoip\n");
|
|
|
24159a |
+ fprintf(stderr, " --have-libxml2\n");
|
|
|
24159a |
+ fprintf(stderr, " --md5\n");
|
|
|
24159a |
+ fprintf(stderr, " --rpz-nsip\n");
|
|
|
24159a |
+ fprintf(stderr, " --rpz-nsdname\n");
|
|
|
24159a |
+ fprintf(stderr, " --with-idn\n");
|
|
|
24159a |
+}
|
|
|
24159a |
+
|
|
|
24159a |
+int
|
|
|
24159a |
+main(int argc, char **argv) {
|
|
|
24159a |
+ if (argc != 2) {
|
|
|
24159a |
+ usage();
|
|
|
24159a |
+ return (1);
|
|
|
24159a |
+ }
|
|
|
24159a |
+
|
|
|
24159a |
+ if (strcmp(argv[1], "--enable-filter-aaaa") == 0) {
|
|
|
24159a |
+#ifdef ALLOW_FILTER_AAAA
|
|
|
24159a |
+ return (0);
|
|
|
24159a |
+#else
|
|
|
24159a |
+ return (1);
|
|
|
24159a |
+#endif
|
|
|
24159a |
+ }
|
|
|
24159a |
+
|
|
|
24159a |
+ if (strcmp(argv[1], "--gethostname") == 0) {
|
|
|
24159a |
+ char hostname[MAXHOSTNAMELEN];
|
|
|
24159a |
+ int n;
|
|
|
24159a |
+#ifdef WIN32
|
|
|
24159a |
+ /* From lwres InitSocket() */
|
|
|
24159a |
+ WORD wVersionRequested;
|
|
|
24159a |
+ WSADATA wsaData;
|
|
|
24159a |
+ int err;
|
|
|
24159a |
+
|
|
|
24159a |
+ wVersionRequested = MAKEWORD(2, 0);
|
|
|
24159a |
+ err = WSAStartup( wVersionRequested, &wsaData );
|
|
|
24159a |
+ if (err != 0) {
|
|
|
24159a |
+ fprintf(stderr, "WSAStartup() failed: %d\n", err);
|
|
|
24159a |
+ exit(1);
|
|
|
24159a |
+ }
|
|
|
24159a |
+#endif
|
|
|
24159a |
+
|
|
|
24159a |
+ n = gethostname(hostname, sizeof(hostname));
|
|
|
24159a |
+ if (n == -1) {
|
|
|
24159a |
+ perror("gethostname");
|
|
|
24159a |
+ return(1);
|
|
|
24159a |
+ }
|
|
|
24159a |
+ fprintf(stdout, "%s\n", hostname);
|
|
|
24159a |
+#ifdef WIN32
|
|
|
24159a |
+ WSACleanup();
|
|
|
24159a |
+#endif
|
|
|
24159a |
+ return (0);
|
|
|
24159a |
+ }
|
|
|
24159a |
+
|
|
|
24159a |
+ if (strcmp(argv[1], "--gssapi") == 0) {
|
|
|
24159a |
+#if defined(GSSAPI)
|
|
|
24159a |
+ return (0);
|
|
|
24159a |
+#else
|
|
|
24159a |
+ return (1);
|
|
|
24159a |
+#endif
|
|
|
24159a |
+ }
|
|
|
24159a |
+
|
|
|
24159a |
+ if (strcmp(argv[1], "--have-dlopen") == 0) {
|
|
|
24159a |
+#if defined(HAVE_DLOPEN) && defined(ISC_DLZ_DLOPEN)
|
|
|
24159a |
+ return (0);
|
|
|
24159a |
+#else
|
|
|
24159a |
+ return (1);
|
|
|
24159a |
+#endif
|
|
|
24159a |
+ }
|
|
|
24159a |
+
|
|
|
24159a |
+ if (strcmp(argv[1], "--have-geoip") == 0) {
|
|
|
24159a |
+#ifdef HAVE_GEOIP
|
|
|
24159a |
+ return (0);
|
|
|
24159a |
+#else
|
|
|
24159a |
+ return (1);
|
|
|
24159a |
+#endif
|
|
|
24159a |
+ }
|
|
|
24159a |
+
|
|
|
24159a |
+ if (strcmp(argv[1], "--have-libxml2") == 0) {
|
|
|
24159a |
+#ifdef HAVE_LIBXML2
|
|
|
24159a |
+ return (0);
|
|
|
24159a |
+#else
|
|
|
24159a |
+ return (1);
|
|
|
24159a |
+#endif
|
|
|
24159a |
+ }
|
|
|
24159a |
+
|
|
|
24159a |
+ if (strcmp(argv[1], "--md5") == 0) {
|
|
|
24159a |
+ if (isc_md5_available()) {
|
|
|
24159a |
+ return (0);
|
|
|
24159a |
+ } else {
|
|
|
24159a |
+ return (1);
|
|
|
24159a |
+ }
|
|
|
24159a |
+ }
|
|
|
24159a |
+
|
|
|
24159a |
+ if (strcmp(argv[1], "--rpz-nsip") == 0) {
|
|
|
24159a |
+#ifdef ENABLE_RPZ_NSIP
|
|
|
24159a |
+ return (0);
|
|
|
24159a |
+#else
|
|
|
24159a |
+ return (1);
|
|
|
24159a |
+#endif
|
|
|
24159a |
+ }
|
|
|
24159a |
+
|
|
|
24159a |
+ if (strcmp(argv[1], "--rpz-nsdname") == 0) {
|
|
|
24159a |
+#ifdef ENABLE_RPZ_NSDNAME
|
|
|
24159a |
+ return (0);
|
|
|
24159a |
+#else
|
|
|
24159a |
+ return (1);
|
|
|
24159a |
+#endif
|
|
|
24159a |
+ }
|
|
|
24159a |
+
|
|
|
24159a |
+ if (strcmp(argv[1], "--with-idn") == 0) {
|
|
|
24159a |
+#ifdef WITH_IDN
|
|
|
24159a |
+ return (0);
|
|
|
24159a |
+#else
|
|
|
24159a |
+ return (1);
|
|
|
24159a |
+#endif
|
|
|
24159a |
+ }
|
|
|
24159a |
+
|
|
|
24159a |
+ fprintf(stderr, "unknown arg: %s\n", argv[1]);
|
|
|
24159a |
+ usage();
|
|
|
24159a |
+ return (1);
|
|
|
24159a |
+}
|
|
|
24159a |
diff --git a/bin/tests/system/filter-aaaa/ns1/sign.sh b/bin/tests/system/filter-aaaa/ns1/sign.sh
|
|
|
24159a |
index 203e37ebfb..e0c696b986 100755
|
|
|
24159a |
--- a/bin/tests/system/filter-aaaa/ns1/sign.sh
|
|
|
24159a |
+++ b/bin/tests/system/filter-aaaa/ns1/sign.sh
|
|
|
24159a |
@@ -27,8 +27,8 @@ infile=signed.db.in
|
|
|
24159a |
zonefile=signed.db.signed
|
|
|
24159a |
outfile=signed.db.signed
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/filter-aaaa/ns4/sign.sh b/bin/tests/system/filter-aaaa/ns4/sign.sh
|
|
|
24159a |
index ff33b10a19..74d755763a 100755
|
|
|
24159a |
--- a/bin/tests/system/filter-aaaa/ns4/sign.sh
|
|
|
24159a |
+++ b/bin/tests/system/filter-aaaa/ns4/sign.sh
|
|
|
24159a |
@@ -27,8 +27,8 @@ infile=signed.db.in
|
|
|
24159a |
zonefile=signed.db.signed
|
|
|
24159a |
outfile=signed.db.signed
|
|
|
24159a |
|
|
|
24159a |
-keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
-keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
+keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 1024 -n zone $zone 2> /dev/null`
|
|
|
24159a |
|
|
|
24159a |
cat $infile $keyname1.key $keyname2.key >$zonefile
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/keymgr/prereq.sh b/bin/tests/system/keymgr/prereq.sh
|
|
|
24159a |
index be2546ec59..e71cc9f03a 100644
|
|
|
24159a |
--- a/bin/tests/system/keymgr/prereq.sh
|
|
|
24159a |
+++ b/bin/tests/system/keymgr/prereq.sh
|
|
|
24159a |
@@ -14,17 +14,4 @@
|
|
|
24159a |
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
|
24159a |
# PERFORMANCE OF THIS SOFTWARE.
|
|
|
24159a |
|
|
|
24159a |
-SYSTEMTESTTOP=..
|
|
|
24159a |
-. $SYSTEMTESTTOP/conf.sh
|
|
|
24159a |
-
|
|
|
24159a |
-../../../tools/genrandom 400 random.data
|
|
|
24159a |
-
|
|
|
24159a |
-if $KEYGEN -q -a RSAMD5 -b 512 -n zone -r random.data foo > /dev/null 2>&1
|
|
|
24159a |
-then
|
|
|
24159a |
- rm -f Kfoo*
|
|
|
24159a |
-else
|
|
|
24159a |
- echo "I:This test requires cryptography" >&2
|
|
|
24159a |
- echo "I:--with-openssl, or --with-pkcs11 and --enable-native-pkcs11" >&2
|
|
|
24159a |
- exit 1
|
|
|
24159a |
-fi
|
|
|
24159a |
-#exec $SHELL ../testcrypto.sh
|
|
|
24159a |
+exec $SHELL ../testcrypto.sh
|
|
|
24159a |
diff --git a/bin/tests/system/nsupdate/ns1/named.conf b/bin/tests/system/nsupdate/ns1/named.conf
|
|
|
24159a |
index 86fe91d070..c53da11685 100644
|
|
|
24159a |
--- a/bin/tests/system/nsupdate/ns1/named.conf
|
|
|
24159a |
+++ b/bin/tests/system/nsupdate/ns1/named.conf
|
|
|
24159a |
@@ -42,7 +42,7 @@ controls {
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
key altkey {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha512;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/nsupdate/ns2/named.conf b/bin/tests/system/nsupdate/ns2/named.conf
|
|
|
24159a |
index 6db32202ff..68022656ec 100644
|
|
|
24159a |
--- a/bin/tests/system/nsupdate/ns2/named.conf
|
|
|
24159a |
+++ b/bin/tests/system/nsupdate/ns2/named.conf
|
|
|
24159a |
@@ -33,7 +33,7 @@ options {
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
key altkey {
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
+ algorithm hmac-sha512;
|
|
|
24159a |
secret "1234abcd8765";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
|
|
|
24159a |
index bb015142da..e97406956a 100644
|
|
|
24159a |
--- a/bin/tests/system/nsupdate/setup.sh
|
|
|
24159a |
+++ b/bin/tests/system/nsupdate/setup.sh
|
|
|
24159a |
@@ -53,8 +53,13 @@ EOF
|
|
|
24159a |
|
|
|
24159a |
../../../tools/genrandom 400 random.data
|
|
|
24159a |
$DDNSCONFGEN -q -r random.data -z example.nil > ns1/ddns.key
|
|
|
24159a |
+if $FEATURETEST --md5; then
|
|
|
24159a |
+ $DDNSCONFGEN -q -r random.data -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
|
|
|
24159a |
+else
|
|
|
24159a |
+ echo -n > ns1/md5.key
|
|
|
24159a |
+fi
|
|
|
24159a |
+
|
|
|
24159a |
|
|
|
24159a |
-$DDNSCONFGEN -q -r random.data -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
|
|
|
24159a |
$DDNSCONFGEN -q -r random.data -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key
|
|
|
24159a |
$DDNSCONFGEN -q -r random.data -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
|
|
|
24159a |
$DDNSCONFGEN -q -r random.data -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
|
|
|
24159a |
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
|
|
|
24159a |
index b9a1c90536..821d7a65e2 100644
|
|
|
24159a |
--- a/bin/tests/system/nsupdate/tests.sh
|
|
|
24159a |
+++ b/bin/tests/system/nsupdate/tests.sh
|
|
|
24159a |
@@ -516,7 +516,14 @@ fi
|
|
|
24159a |
n=`expr $n + 1`
|
|
|
24159a |
ret=0
|
|
|
24159a |
echo "I:check TSIG key algorithms ($n)"
|
|
|
24159a |
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
|
|
24159a |
+if $FEATURETEST --md5
|
|
|
24159a |
+then
|
|
|
24159a |
+ ALGS="md5 sha1 sha224 sha256 sha384 sha512"
|
|
|
24159a |
+else
|
|
|
24159a |
+ ALGS="sha1 sha224 sha256 sha384 sha512"
|
|
|
24159a |
+ echo_i "skipping disabled md5 algorithm"
|
|
|
24159a |
+fi
|
|
|
24159a |
+for alg in $ALGS; do
|
|
|
24159a |
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
|
|
|
24159a |
server 10.53.0.1 5300
|
|
|
24159a |
update add ${alg}.keytests.nil. 600 A 10.10.10.3
|
|
|
24159a |
@@ -524,7 +531,7 @@ send
|
|
|
24159a |
END
|
|
|
24159a |
done
|
|
|
24159a |
sleep 2
|
|
|
24159a |
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
|
|
24159a |
+for alg in $ALGS; do
|
|
|
24159a |
$DIG +short @10.53.0.1 -p 5300 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
|
|
|
24159a |
done
|
|
|
24159a |
if [ $ret -ne 0 ]; then
|
|
|
24159a |
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
|
|
|
24159a |
index ce80005faf..a7c66841cc 100644
|
|
|
24159a |
--- a/bin/tests/system/rndc/setup.sh
|
|
|
24159a |
+++ b/bin/tests/system/rndc/setup.sh
|
|
|
24159a |
@@ -22,7 +22,7 @@ SYSTEMTESTTOP=..
|
|
|
24159a |
|
|
|
24159a |
sh clean.sh
|
|
|
24159a |
|
|
|
24159a |
-../../../tools/genrandom 400 random.data
|
|
|
24159a |
+../../../tools/genrandom 800 random.data
|
|
|
24159a |
|
|
|
24159a |
sh ../genzone.sh 2 >ns2/nil.db
|
|
|
24159a |
sh ../genzone.sh 2 >ns2/other.db
|
|
|
24159a |
@@ -37,7 +37,7 @@ make_key () {
|
|
|
24159a |
sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf
|
|
|
24159a |
}
|
|
|
24159a |
|
|
|
24159a |
-make_key 1 hmac-md5
|
|
|
24159a |
+$FEATURETEST --md5 && make_key 1 hmac-md5
|
|
|
24159a |
make_key 2 hmac-sha1
|
|
|
24159a |
make_key 3 hmac-sha224
|
|
|
24159a |
make_key 4 hmac-sha256
|
|
|
24159a |
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
|
|
|
24159a |
index 01dbc811ae..20a90850d1 100644
|
|
|
24159a |
--- a/bin/tests/system/rndc/tests.sh
|
|
|
24159a |
+++ b/bin/tests/system/rndc/tests.sh
|
|
|
24159a |
@@ -246,14 +246,20 @@ if [ $ret != 0 ]; then echo "I:failed"; fi
|
|
|
24159a |
status=`expr $status + $ret`
|
|
|
24159a |
|
|
|
24159a |
echo "I:testing rndc with hmac-md5"
|
|
|
24159a |
-ret=0
|
|
|
24159a |
-$RNDC -s 10.53.0.4 -p 9951 -c ns4/key1.conf status > /dev/null 2>&1 || ret=1
|
|
|
24159a |
-for i in 2 3 4 5 6
|
|
|
24159a |
-do
|
|
|
24159a |
- $RNDC -s 10.53.0.4 -p 9951 -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
|
|
|
24159a |
-done
|
|
|
24159a |
-if [ $ret != 0 ]; then echo "I:failed"; fi
|
|
|
24159a |
-status=`expr $status + $ret`
|
|
|
24159a |
+if $FEATURETEST --md5
|
|
|
24159a |
+then
|
|
|
24159a |
+ echo "I:testing rndc with hmac-md5"
|
|
|
24159a |
+ ret=0
|
|
|
24159a |
+ $RNDC -s 10.53.0.4 -p 9951 -c ns4/key1.conf status > /dev/null 2>&1 || ret=1
|
|
|
24159a |
+ for i in 2 3 4 5 6
|
|
|
24159a |
+ do
|
|
|
24159a |
+ $RNDC -s 10.53.0.4 -p 9951 -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
|
|
|
24159a |
+ done
|
|
|
24159a |
+ if [ $ret != 0 ]; then echo_i "failed"; fi
|
|
|
24159a |
+ status=`expr $status + $ret`
|
|
|
24159a |
+else
|
|
|
24159a |
+ echo "W:skipping rndc with hmac-md5"
|
|
|
24159a |
+fi
|
|
|
24159a |
|
|
|
24159a |
echo "I:testing rndc with hmac-sha1"
|
|
|
24159a |
ret=0
|
|
|
24159a |
diff --git a/bin/tests/system/testcrypto.sh b/bin/tests/system/testcrypto.sh
|
|
|
24159a |
new file mode 100644
|
|
|
24159a |
index 0000000000..e21f18b5f5
|
|
|
24159a |
--- /dev/null
|
|
|
24159a |
+++ b/bin/tests/system/testcrypto.sh
|
|
|
24159a |
@@ -0,0 +1,71 @@
|
|
|
24159a |
+#!/bin/sh
|
|
|
24159a |
+#
|
|
|
24159a |
+# Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC")
|
|
|
24159a |
+#
|
|
|
24159a |
+# Permission to use, copy, modify, and/or distribute this software for any
|
|
|
24159a |
+# purpose with or without fee is hereby granted, provided that the above
|
|
|
24159a |
+# copyright notice and this permission notice appear in all copies.
|
|
|
24159a |
+#
|
|
|
24159a |
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
|
|
24159a |
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
|
24159a |
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
|
24159a |
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
|
24159a |
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
|
|
24159a |
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
|
24159a |
+# PERFORMANCE OF THIS SOFTWARE.
|
|
|
24159a |
+
|
|
|
24159a |
+SYSTEMTESTTOP=${SYSTEMTESTTOP:=..}
|
|
|
24159a |
+. $SYSTEMTESTTOP/conf.sh
|
|
|
24159a |
+
|
|
|
24159a |
+# Unlike 9.11, keep generated data in current directory
|
|
|
24159a |
+RANDFILE=random.data
|
|
|
24159a |
+
|
|
|
24159a |
+test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
|
|
24159a |
+
|
|
|
24159a |
+prog=$0
|
|
|
24159a |
+
|
|
|
24159a |
+args="-r $RANDFILE"
|
|
|
24159a |
+alg="-a RSASHA1 -b 2048"
|
|
|
24159a |
+quiet=0
|
|
|
24159a |
+
|
|
|
24159a |
+msg1="cryptography"
|
|
|
24159a |
+msg2="--with-openssl, or --enable-native-pkcs11 --with-pkcs11"
|
|
|
24159a |
+while test "$#" -gt 0; do
|
|
|
24159a |
+ case $1 in
|
|
|
24159a |
+ -q)
|
|
|
24159a |
+ args="$args -q"
|
|
|
24159a |
+ quiet=1
|
|
|
24159a |
+ ;;
|
|
|
24159a |
+ rsa|RSA)
|
|
|
24159a |
+ alg=""
|
|
|
24159a |
+ msg1="RSA cryptography"
|
|
|
24159a |
+ ;;
|
|
|
24159a |
+ gost|GOST)
|
|
|
24159a |
+ alg="-a eccgost"
|
|
|
24159a |
+ msg1="GOST cryptography"
|
|
|
24159a |
+ msg2="--with-gost"
|
|
|
24159a |
+ ;;
|
|
|
24159a |
+ ecdsa|ECDSA)
|
|
|
24159a |
+ alg="-a ecdsap256sha256"
|
|
|
24159a |
+ msg1="ECDSA cryptography"
|
|
|
24159a |
+ msg2="--with-ecdsa"
|
|
|
24159a |
+ ;;
|
|
|
24159a |
+ *)
|
|
|
24159a |
+ echo "${prog}: unknown argument"
|
|
|
24159a |
+ exit 1
|
|
|
24159a |
+ ;;
|
|
|
24159a |
+ esac
|
|
|
24159a |
+ shift
|
|
|
24159a |
+done
|
|
|
24159a |
+
|
|
|
24159a |
+
|
|
|
24159a |
+if $KEYGEN $args $alg foo > /dev/null 2>&1
|
|
|
24159a |
+then
|
|
|
24159a |
+ rm -f Kfoo*
|
|
|
24159a |
+else
|
|
|
24159a |
+ if test $quiet -eq 0; then
|
|
|
24159a |
+ echo "I:This test requires support for $msg1" >&2
|
|
|
24159a |
+ echo "I:configure with $msg2" >&2
|
|
|
24159a |
+ fi
|
|
|
24159a |
+ exit 255
|
|
|
24159a |
+fi
|
|
|
24159a |
diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c
|
|
|
24159a |
index af17582096..b61b5d0796 100644
|
|
|
24159a |
--- a/bin/tests/system/tkey/keycreate.c
|
|
|
24159a |
+++ b/bin/tests/system/tkey/keycreate.c
|
|
|
24159a |
@@ -27,6 +27,7 @@
|
|
|
24159a |
#include <isc/entropy.h>
|
|
|
24159a |
#include <isc/hash.h>
|
|
|
24159a |
#include <isc/log.h>
|
|
|
24159a |
+#include <isc/md5.h>
|
|
|
24159a |
#include <isc/mem.h>
|
|
|
24159a |
#include <isc/sockaddr.h>
|
|
|
24159a |
#include <isc/socket.h>
|
|
|
24159a |
@@ -143,6 +144,8 @@ sendquery(isc_task_t *task, isc_event_t *event) {
|
|
|
24159a |
static char keystr[] = "0123456789ab";
|
|
|
24159a |
|
|
|
24159a |
isc_event_free(&event);
|
|
|
24159a |
+ if (isc_md5_available() == ISC_FALSE)
|
|
|
24159a |
+ CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED);
|
|
|
24159a |
|
|
|
24159a |
result = ISC_R_FAILURE;
|
|
|
24159a |
if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1)
|
|
|
24159a |
diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c
|
|
|
24159a |
index 1bb33e85fe..da4b1c3c09 100644
|
|
|
24159a |
--- a/bin/tests/system/tkey/keydelete.c
|
|
|
24159a |
+++ b/bin/tests/system/tkey/keydelete.c
|
|
|
24159a |
@@ -228,12 +228,18 @@ main(int argc, char **argv) {
|
|
|
24159a |
type = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY;
|
|
|
24159a |
result = dst_key_fromnamedfile(keyname, NULL, type, mctx, &dstkey);
|
|
|
24159a |
CHECK("dst_key_fromnamedfile", result);
|
|
|
24159a |
- result = dns_tsigkey_createfromkey(dst_key_name(dstkey),
|
|
|
24159a |
- DNS_TSIG_HMACMD5_NAME,
|
|
|
24159a |
- dstkey, ISC_TRUE, NULL, 0, 0,
|
|
|
24159a |
- mctx, ring, &tsigkey);
|
|
|
24159a |
- dst_key_free(&dstkey);
|
|
|
24159a |
- CHECK("dns_tsigkey_createfromkey", result);
|
|
|
24159a |
+ if (isc_md5_available()) {
|
|
|
24159a |
+ result = dns_tsigkey_createfromkey(dst_key_name(dstkey),
|
|
|
24159a |
+ DNS_TSIG_HMACMD5_NAME,
|
|
|
24159a |
+ dstkey, ISC_TRUE,
|
|
|
24159a |
+ NULL, 0, 0,
|
|
|
24159a |
+ mctx, ring, &tsigkey);
|
|
|
24159a |
+ dst_key_free(&dstkey);
|
|
|
24159a |
+ CHECK("dns_tsigkey_createfromkey", result);
|
|
|
24159a |
+ } else {
|
|
|
24159a |
+ dst_key_free(&dstkey);
|
|
|
24159a |
+ CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED);
|
|
|
24159a |
+ }
|
|
|
24159a |
|
|
|
24159a |
(void)isc_app_run();
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/tkey/prereq.sh b/bin/tests/system/tkey/prereq.sh
|
|
|
24159a |
index 66295fee90..310849f08e 100644
|
|
|
24159a |
--- a/bin/tests/system/tkey/prereq.sh
|
|
|
24159a |
+++ b/bin/tests/system/tkey/prereq.sh
|
|
|
24159a |
@@ -17,13 +17,4 @@
|
|
|
24159a |
|
|
|
24159a |
# $Id: prereq.sh,v 1.12 2009/03/02 23:47:43 tbox Exp $
|
|
|
24159a |
|
|
|
24159a |
-../../../tools/genrandom 400 random.data
|
|
|
24159a |
-
|
|
|
24159a |
-if $KEYGEN -a RSAMD5 -b 512 -n zone -r random.data foo > /dev/null 2>&1
|
|
|
24159a |
-then
|
|
|
24159a |
- rm -f foo*
|
|
|
24159a |
-else
|
|
|
24159a |
- echo "I:This test requires cryptography" >&2
|
|
|
24159a |
- echo "I:--with-openssl, or --with-pkcs11 and --enable-native-pkcs11" >&2
|
|
|
24159a |
- exit 1
|
|
|
24159a |
-fi
|
|
|
24159a |
+exec $SHELL ../testcrypto.sh
|
|
|
24159a |
diff --git a/bin/tests/system/tsig/clean.sh b/bin/tests/system/tsig/clean.sh
|
|
|
24159a |
index 0e98b4047b..b11a378006 100644
|
|
|
24159a |
--- a/bin/tests/system/tsig/clean.sh
|
|
|
24159a |
+++ b/bin/tests/system/tsig/clean.sh
|
|
|
24159a |
@@ -23,3 +23,4 @@
|
|
|
24159a |
rm -f dig.out.*
|
|
|
24159a |
rm -f */named.memstats
|
|
|
24159a |
rm -f */named.run
|
|
|
24159a |
+rm -f ns1/rndc5.conf
|
|
|
24159a |
diff --git a/bin/tests/system/tsig/ns1/named.conf b/bin/tests/system/tsig/ns1/named.conf
|
|
|
24159a |
index b48de835f4..e7e568acc7 100644
|
|
|
24159a |
--- a/bin/tests/system/tsig/ns1/named.conf
|
|
|
24159a |
+++ b/bin/tests/system/tsig/ns1/named.conf
|
|
|
24159a |
@@ -30,10 +30,7 @@ options {
|
|
|
24159a |
notify no;
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
-key "md5" {
|
|
|
24159a |
- secret "97rnFx24Tfna4mHPfgnerA==";
|
|
|
24159a |
- algorithm hmac-md5;
|
|
|
24159a |
-};
|
|
|
24159a |
+# md5 key included from rndc5.conf
|
|
|
24159a |
|
|
|
24159a |
key "sha1" {
|
|
|
24159a |
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
|
|
24159a |
@@ -60,10 +57,7 @@ key "sha512" {
|
|
|
24159a |
algorithm hmac-sha512;
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
-key "md5-trunc" {
|
|
|
24159a |
- secret "97rnFx24Tfna4mHPfgnerA==";
|
|
|
24159a |
- algorithm hmac-md5-80;
|
|
|
24159a |
-};
|
|
|
24159a |
+# md5-trunc key included from rndc5.conf
|
|
|
24159a |
|
|
|
24159a |
key "sha1-trunc" {
|
|
|
24159a |
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
|
|
24159a |
@@ -94,3 +88,5 @@ zone "example.nil" {
|
|
|
24159a |
type master;
|
|
|
24159a |
file "example.db";
|
|
|
24159a |
};
|
|
|
24159a |
+
|
|
|
24159a |
+include "rndc5.conf";
|
|
|
24159a |
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
|
|
24159a |
new file mode 100644
|
|
|
24159a |
index 0000000000..f9b17d6e8e
|
|
|
24159a |
--- /dev/null
|
|
|
24159a |
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
|
|
24159a |
@@ -0,0 +1,22 @@
|
|
|
24159a |
+/*
|
|
|
24159a |
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
24159a |
+ *
|
|
|
24159a |
+ * This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
24159a |
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
24159a |
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
24159a |
+ *
|
|
|
24159a |
+ * See the COPYRIGHT file distributed with this work for additional
|
|
|
24159a |
+ * information regarding copyright ownership.
|
|
|
24159a |
+ */
|
|
|
24159a |
+
|
|
|
24159a |
+/* These md5 keys are used only when MD5 is not disabled in build */
|
|
|
24159a |
+key "md5" {
|
|
|
24159a |
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
|
|
24159a |
+ algorithm hmac-md5;
|
|
|
24159a |
+};
|
|
|
24159a |
+
|
|
|
24159a |
+key "md5-trunc" {
|
|
|
24159a |
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
|
|
24159a |
+ algorithm hmac-md5-80;
|
|
|
24159a |
+};
|
|
|
24159a |
+
|
|
|
24159a |
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
|
|
|
24159a |
new file mode 100644
|
|
|
24159a |
index 0000000000..7f9049ae76
|
|
|
24159a |
--- /dev/null
|
|
|
24159a |
+++ b/bin/tests/system/tsig/setup.sh
|
|
|
24159a |
@@ -0,0 +1,25 @@
|
|
|
24159a |
+#!/bin/sh
|
|
|
24159a |
+#
|
|
|
24159a |
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
24159a |
+#
|
|
|
24159a |
+# This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
24159a |
+# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
24159a |
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
24159a |
+#
|
|
|
24159a |
+# See the COPYRIGHT file distributed with this work for additional
|
|
|
24159a |
+# information regarding copyright ownership.
|
|
|
24159a |
+
|
|
|
24159a |
+SYSTEMTESTTOP=..
|
|
|
24159a |
+. $SYSTEMTESTTOP/conf.sh
|
|
|
24159a |
+
|
|
|
24159a |
+$SHELL clean.sh
|
|
|
24159a |
+
|
|
|
24159a |
+test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
|
|
|
24159a |
+
|
|
|
24159a |
+if $FEATURETEST --md5
|
|
|
24159a |
+then
|
|
|
24159a |
+ # Include MD5 keys only if it is
|
|
|
24159a |
+ cp ns1/rndc5.conf.in ns1/rndc5.conf
|
|
|
24159a |
+else
|
|
|
24159a |
+ echo "# MD5 disabled" > ns1/rndc5.conf
|
|
|
24159a |
+fi
|
|
|
24159a |
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
|
|
|
24159a |
index 50ac8d23e6..bd502dd718 100644
|
|
|
24159a |
--- a/bin/tests/system/tsig/tests.sh
|
|
|
24159a |
+++ b/bin/tests/system/tsig/tests.sh
|
|
|
24159a |
@@ -31,22 +31,27 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
|
|
|
24159a |
|
|
|
24159a |
status=0
|
|
|
24159a |
|
|
|
24159a |
-echo "I:fetching using hmac-md5 (old form)"
|
|
|
24159a |
-ret=0
|
|
|
24159a |
-$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
|
|
|
24159a |
- -y "md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.old || ret=1
|
|
|
24159a |
-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.old > /dev/null || ret=1
|
|
|
24159a |
-if [ $ret -eq 1 ] ; then
|
|
|
24159a |
- echo "I: failed"; status=1
|
|
|
24159a |
-fi
|
|
|
24159a |
-
|
|
|
24159a |
-echo "I:fetching using hmac-md5 (new form)"
|
|
|
24159a |
-ret=0
|
|
|
24159a |
-$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
|
|
|
24159a |
- -y "hmac-md5:md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.new || ret=1
|
|
|
24159a |
-grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
|
|
|
24159a |
-if [ $ret -eq 1 ] ; then
|
|
|
24159a |
- echo "I: failed"; status=1
|
|
|
24159a |
+if $FEATURETEST --md5
|
|
|
24159a |
+then
|
|
|
24159a |
+ echo "I:fetching using hmac-md5 (old form)"
|
|
|
24159a |
+ ret=0
|
|
|
24159a |
+ $DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
|
|
|
24159a |
+ -y "md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.old || ret=1
|
|
|
24159a |
+ grep -i "md5.*TSIG.*NOERROR" dig.out.md5.old > /dev/null || ret=1
|
|
|
24159a |
+ if [ $ret -eq 1 ] ; then
|
|
|
24159a |
+ echo "I: failed"; status=1
|
|
|
24159a |
+ fi
|
|
|
24159a |
+
|
|
|
24159a |
+ echo "I:fetching using hmac-md5 (new form)"
|
|
|
24159a |
+ ret=0
|
|
|
24159a |
+ $DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
|
|
|
24159a |
+ -y "hmac-md5:md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.new || ret=1
|
|
|
24159a |
+ grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
|
|
|
24159a |
+ if [ $ret -eq 1 ] ; then
|
|
|
24159a |
+ echo_i "failed"; status=1
|
|
|
24159a |
+ fi
|
|
|
24159a |
+else
|
|
|
24159a |
+ echo_i "skipping using hmac-md5"
|
|
|
24159a |
fi
|
|
|
24159a |
|
|
|
24159a |
echo "I:fetching using hmac-sha1"
|
|
|
24159a |
@@ -99,13 +104,19 @@ fi
|
|
|
24159a |
# Truncated TSIG
|
|
|
24159a |
#
|
|
|
24159a |
#
|
|
|
24159a |
+
|
|
|
24159a |
+if $FEATURETEST --md5
|
|
|
24159a |
+then
|
|
|
24159a |
echo "I:fetching using hmac-md5 (trunc)"
|
|
|
24159a |
-ret=0
|
|
|
24159a |
-$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
|
|
|
24159a |
- -y "hmac-md5-80:md5-trunc:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.trunc || ret=1
|
|
|
24159a |
-grep -i "md5-trunc.*TSIG.*NOERROR" dig.out.md5.trunc > /dev/null || ret=1
|
|
|
24159a |
-if [ $ret -eq 1 ] ; then
|
|
|
24159a |
- echo "I: failed"; status=1
|
|
|
24159a |
+ ret=0
|
|
|
24159a |
+ $DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
|
|
|
24159a |
+ -y "hmac-md5-80:md5-trunc:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.trunc || ret=1
|
|
|
24159a |
+ grep -i "md5-trunc.*TSIG.*NOERROR" dig.out.md5.trunc > /dev/null || ret=1
|
|
|
24159a |
+ if [ $ret -eq 1 ] ; then
|
|
|
24159a |
+ echo "I: failed"; status=1
|
|
|
24159a |
+ fi
|
|
|
24159a |
+else
|
|
|
24159a |
+ echo "W:skipping using hmac-md5 (trunc)"
|
|
|
24159a |
fi
|
|
|
24159a |
|
|
|
24159a |
echo "I:fetching using hmac-sha1 (trunc)"
|
|
|
24159a |
@@ -159,13 +170,19 @@ fi
|
|
|
24159a |
# Check for bad truncation.
|
|
|
24159a |
#
|
|
|
24159a |
#
|
|
|
24159a |
-echo "I:fetching using hmac-md5-80 (BADTRUNC)"
|
|
|
24159a |
-ret=0
|
|
|
24159a |
-$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
|
|
|
24159a |
- -y "hmac-md5-80:md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5-80 || ret=1
|
|
|
24159a |
-grep -i "md5.*TSIG.*BADTRUNC" dig.out.md5-80 > /dev/null || ret=1
|
|
|
24159a |
-if [ $ret -eq 1 ] ; then
|
|
|
24159a |
- echo "I: failed"; status=1
|
|
|
24159a |
+
|
|
|
24159a |
+if $FEATURETEST --md5
|
|
|
24159a |
+then
|
|
|
24159a |
+ echo "I:fetching using hmac-md5-80 (BADTRUNC)"
|
|
|
24159a |
+ ret=0
|
|
|
24159a |
+ $DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
|
|
|
24159a |
+ -y "hmac-md5-80:md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5-80 || ret=1
|
|
|
24159a |
+ grep -i "md5.*TSIG.*BADTRUNC" dig.out.md5-80 > /dev/null || ret=1
|
|
|
24159a |
+ if [ $ret -eq 1 ] ; then
|
|
|
24159a |
+ echo "I: failed"; status=1
|
|
|
24159a |
+ fi
|
|
|
24159a |
+else
|
|
|
24159a |
+ echo "W:skipping using hmac-md5-80 (BADTRUNC)"
|
|
|
24159a |
fi
|
|
|
24159a |
|
|
|
24159a |
echo "I:fetching using hmac-sha1-80 (BADTRUNC)"
|
|
|
24159a |
diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh
|
|
|
24159a |
index 00222bad05..e795df3bff 100644
|
|
|
24159a |
--- a/bin/tests/system/tsiggss/setup.sh
|
|
|
24159a |
+++ b/bin/tests/system/tsiggss/setup.sh
|
|
|
24159a |
@@ -26,5 +26,5 @@ rm -f ns1/*.jnl ns1/K*.key ns1/K*.private ns1/_default.tsigkeys
|
|
|
24159a |
|
|
|
24159a |
../../../tools/genrandom 400 $RANDFILE
|
|
|
24159a |
|
|
|
24159a |
-key=`$KEYGEN -Cq -K ns1 -a DSA -b 512 -r $RANDFILE -n HOST -T KEY key.example.nil.`
|
|
|
24159a |
+key=`$KEYGEN -Cq -K ns1 -a DSA -b 1024 -r $RANDFILE -n HOST -T KEY key.example.nil.`
|
|
|
24159a |
cat ns1/example.nil.db.in ns1/${key}.key > ns1/example.nil.db
|
|
|
24159a |
diff --git a/bin/tests/system/upforwd/ns1/named.conf b/bin/tests/system/upforwd/ns1/named.conf
|
|
|
24159a |
index 8d9d2fa0d9..c3c0238073 100644
|
|
|
24159a |
--- a/bin/tests/system/upforwd/ns1/named.conf
|
|
|
24159a |
+++ b/bin/tests/system/upforwd/ns1/named.conf
|
|
|
24159a |
@@ -18,7 +18,7 @@
|
|
|
24159a |
/* $Id: named.conf,v 1.11 2007/06/18 23:47:31 tbox Exp $ */
|
|
|
24159a |
|
|
|
24159a |
key "update.example." {
|
|
|
24159a |
- algorithm "hmac-md5";
|
|
|
24159a |
+ algorithm "hmac-sha256";
|
|
|
24159a |
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
|
|
|
24159a |
};
|
|
|
24159a |
|
|
|
24159a |
diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
|
|
|
24159a |
index a138649ac3..e14a592db6 100644
|
|
|
24159a |
--- a/bin/tests/system/upforwd/tests.sh
|
|
|
24159a |
+++ b/bin/tests/system/upforwd/tests.sh
|
|
|
24159a |
@@ -68,7 +68,7 @@ if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
|
|
|
24159a |
|
|
|
24159a |
echo "I:updating zone (signed)"
|
|
|
24159a |
ret=0
|
|
|
24159a |
-$NSUPDATE -y update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <
|
|
|
24159a |
+$NSUPDATE -y hmac-sha256:update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <
|
|
|
24159a |
server 10.53.0.3 5300
|
|
|
24159a |
update add updated.example. 600 A 10.10.10.1
|
|
|
24159a |
update add updated.example. 600 TXT Foo
|
|
|
24159a |
--
|
|
|
24159a |
2.14.4
|
|
|
24159a |
|