| From d0433a314534e104f52acf2a0a96a68dd84305ae Mon Sep 17 00:00:00 2001 |
| From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> |
| Date: Tue, 2 Jan 2018 18:13:07 +0100 |
| Subject: [PATCH] Fix pkcs11 variants atf tests |
| |
| Add dns-pkcs11 tests Makefile to configure |
| |
| Add pkcs11 Kyuafile, fix dh_test to pass in pkcs11 mode |
| |
| configure.in | 1 + |
| lib/Atffile | 2 ++ |
| lib/Kyuafile | 2 ++ |
| lib/dns-pkcs11/tests/Makefile.in | 10 +++++----- |
| lib/dns-pkcs11/tests/dh_test.c | 3 ++- |
| lib/isc-pkcs11/tests/Makefile.in | 6 +++--- |
| lib/isc-pkcs11/tests/hash_test.c | 32 +++++++++++++++++++++++++------- |
| 7 files changed, 40 insertions(+), 16 deletions(-) |
| |
| diff --git a/configure.in b/configure.in |
| index 67b3aab..4767eeb 100644 |
| |
| |
| @@ -5579,6 +5579,7 @@ AC_CONFIG_FILES([ |
| lib/dns-pkcs11/include/Makefile |
| lib/dns-pkcs11/include/dns/Makefile |
| lib/dns-pkcs11/include/dst/Makefile |
| + lib/dns-pkcs11/tests/Makefile |
| lib/irs/Makefile |
| lib/irs/include/Makefile |
| lib/irs/include/irs/Makefile |
| diff --git a/lib/Atffile b/lib/Atffile |
| index 93bbb01..4db3dce 100644 |
| |
| |
| @@ -3,7 +3,9 @@ Content-Type: application/X-atf-atffile; version="1" |
| prop: test-suite = bind9 |
| |
| tp: dns |
| +tp: dns-pkcs11 |
| tp: irs |
| tp: isc |
| +tp: isc-pkcs11 |
| tp: isccfg |
| tp: lwres |
| diff --git a/lib/Kyuafile b/lib/Kyuafile |
| index ff9fc56..eaaf0dc 100644 |
| |
| |
| @@ -2,7 +2,9 @@ syntax(2) |
| test_suite('bind9') |
| |
| include('dns/Kyuafile') |
| +include('dns-pkcs11/Kyuafile') |
| include('irs/Kyuafile') |
| include('isc/Kyuafile') |
| +include('isc-pkcs11/Kyuafile') |
| include('isccfg/Kyuafile') |
| include('lwres/Kyuafile') |
| diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in |
| index 2a6571b..f25a784 100644 |
| |
| |
| @@ -20,12 +20,12 @@ VERSION=@BIND9_VERSION@ |
| |
| CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \ |
| @DST_OPENSSL_INC@ |
| -CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns/tests/\"" |
| +CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\"" |
| |
| -ISCLIBS = ../../isc/libisc.@A@ |
| -ISCDEPLIBS = ../../isc/libisc.@A@ |
| -DNSLIBS = ../libdns.@A@ @DNS_CRYPTO_LIBS@ |
| -DNSDEPLIBS = ../libdns.@A@ |
| +ISCLIBS = ../../isc-pkcs11/libisc-pkcs11.@A@ |
| +ISCDEPLIBS = ../../isc-pkcs11/libisc-pkcs11.@A@ |
| +DNSLIBS = ../libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@ |
| +DNSDEPLIBS = ../libdns-pkcs11.@A@ |
| |
| LIBS = @LIBS@ @ATFLIBS@ |
| |
| diff --git a/lib/dns-pkcs11/tests/dh_test.c b/lib/dns-pkcs11/tests/dh_test.c |
| index 036d27a..eb6554f 100644 |
| |
| |
| @@ -63,7 +63,8 @@ ATF_TC_BODY(isc_dh_computesecret, tc) { |
| ret = dst_key_computesecret(key, key, &buf); |
| ATF_REQUIRE_EQ(ret, DST_R_NOTPRIVATEKEY); |
| ret = key->func->computesecret(key, key, &buf); |
| - ATF_REQUIRE_EQ(ret, DST_R_COMPUTESECRETFAILURE); |
| + /* PKCS11 variant gives different result, accept both */ |
| + ATF_REQUIRE(ret == DST_R_COMPUTESECRETFAILURE || ret == DST_R_INVALIDPRIVATEKEY); |
| |
| dst_key_free(&key); |
| dns_test_end(); |
| diff --git a/lib/isc-pkcs11/tests/Makefile.in b/lib/isc-pkcs11/tests/Makefile.in |
| index f7fa538..818dae4 100644 |
| |
| |
| @@ -17,10 +17,10 @@ VERSION=@BIND9_VERSION@ |
| @BIND9_MAKE_INCLUDES@ |
| |
| CINCLUDES = -I. -Iinclude ${ISC_INCLUDES} @ISC_OPENSSL_INC@ |
| -CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/isc/tests/\"" |
| +CDEFINES = @CRYPTO@ -DTESTS="\"${top_builddir}/lib/isc-pkcs11/tests/\"" |
| |
| -ISCLIBS = ../libisc.@A@ @ISC_OPENSSL_LIBS@ |
| -ISCDEPLIBS = ../libisc.@A@ |
| +ISCLIBS = ../libisc-pkcs11.@A@ @ISC_OPENSSL_LIBS@ |
| +ISCDEPLIBS = ../libisc-pkcs11.@A@ |
| |
| LIBS = @LIBS@ @ATFLIBS@ |
| |
| diff --git a/lib/isc-pkcs11/tests/hash_test.c b/lib/isc-pkcs11/tests/hash_test.c |
| index 5b8a374..c1891c2 100644 |
| |
| |
| @@ -74,7 +74,7 @@ typedef struct hash_testcase { |
| |
| typedef struct hash_test_key { |
| const char *key; |
| - const int len; |
| + const unsigned len; |
| } hash_test_key_t; |
| |
| /* non-hmac tests */ |
| @@ -957,8 +957,11 @@ ATF_TC_BODY(isc_hmacsha1, tc) { |
| hash_test_key_t *test_key = test_keys; |
| |
| while (testcase->input != NULL && testcase->result != NULL) { |
| + int len = ISC_MAX(test_key->len, ISC_SHA1_DIGESTLENGTH); |
| + |
| + memset(buffer, 0, ISC_SHA1_DIGESTLENGTH); |
| memmove(buffer, test_key->key, test_key->len); |
| - isc_hmacsha1_init(&hmacsha1, buffer, test_key->len); |
| + isc_hmacsha1_init(&hmacsha1, buffer, len); |
| isc_hmacsha1_update(&hmacsha1, |
| (const isc_uint8_t *) testcase->input, |
| testcase->input_len); |
| @@ -1120,8 +1123,11 @@ ATF_TC_BODY(isc_hmacsha224, tc) { |
| hash_test_key_t *test_key = test_keys; |
| |
| while (testcase->input != NULL && testcase->result != NULL) { |
| + int len = ISC_MAX(test_key->len, ISC_SHA224_DIGESTLENGTH); |
| + |
| + memset(buffer, 0, ISC_SHA224_DIGESTLENGTH); |
| memmove(buffer, test_key->key, test_key->len); |
| - isc_hmacsha224_init(&hmacsha224, buffer, test_key->len); |
| + isc_hmacsha224_init(&hmacsha224, buffer, len); |
| isc_hmacsha224_update(&hmacsha224, |
| (const isc_uint8_t *) testcase->input, |
| testcase->input_len); |
| @@ -1283,8 +1289,11 @@ ATF_TC_BODY(isc_hmacsha256, tc) { |
| hash_test_key_t *test_key = test_keys; |
| |
| while (testcase->input != NULL && testcase->result != NULL) { |
| + int len = ISC_MAX(test_key->len, ISC_SHA256_DIGESTLENGTH); |
| + |
| + memset(buffer, 0, ISC_SHA256_DIGESTLENGTH); |
| memmove(buffer, test_key->key, test_key->len); |
| - isc_hmacsha256_init(&hmacsha256, buffer, test_key->len); |
| + isc_hmacsha256_init(&hmacsha256, buffer, len); |
| isc_hmacsha256_update(&hmacsha256, |
| (const isc_uint8_t *) testcase->input, |
| testcase->input_len); |
| @@ -1452,8 +1461,11 @@ ATF_TC_BODY(isc_hmacsha384, tc) { |
| hash_test_key_t *test_key = test_keys; |
| |
| while (testcase->input != NULL && testcase->result != NULL) { |
| + int len = ISC_MAX(test_key->len, ISC_SHA384_DIGESTLENGTH); |
| + |
| + memset(buffer, 0, ISC_SHA384_DIGESTLENGTH); |
| memmove(buffer, test_key->key, test_key->len); |
| - isc_hmacsha384_init(&hmacsha384, buffer, test_key->len); |
| + isc_hmacsha384_init(&hmacsha384, buffer, len); |
| isc_hmacsha384_update(&hmacsha384, |
| (const isc_uint8_t *) testcase->input, |
| testcase->input_len); |
| @@ -1621,8 +1633,11 @@ ATF_TC_BODY(isc_hmacsha512, tc) { |
| hash_test_key_t *test_key = test_keys; |
| |
| while (testcase->input != NULL && testcase->result != NULL) { |
| + int len = ISC_MAX(test_key->len, ISC_SHA512_DIGESTLENGTH); |
| + |
| + memset(buffer, 0, ISC_SHA512_DIGESTLENGTH); |
| memmove(buffer, test_key->key, test_key->len); |
| - isc_hmacsha512_init(&hmacsha512, buffer, test_key->len); |
| + isc_hmacsha512_init(&hmacsha512, buffer, len); |
| isc_hmacsha512_update(&hmacsha512, |
| (const isc_uint8_t *) testcase->input, |
| testcase->input_len); |
| @@ -1765,8 +1780,11 @@ ATF_TC_BODY(isc_hmacmd5, tc) { |
| hash_test_key_t *test_key = test_keys; |
| |
| while (testcase->input != NULL && testcase->result != NULL) { |
| + int len = ISC_MAX(test_key->len, ISC_MD5_DIGESTLENGTH); |
| + |
| + memset(buffer, 0, ISC_MD5_DIGESTLENGTH); |
| memmove(buffer, test_key->key, test_key->len); |
| - isc_hmacmd5_init(&hmacmd5, buffer, test_key->len); |
| + isc_hmacmd5_init(&hmacmd5, buffer, len); |
| isc_hmacmd5_update(&hmacmd5, |
| (const isc_uint8_t *) testcase->input, |
| testcase->input_len); |
| -- |
| 2.14.3 |
| |