Start using DEFAULT_HMAC configured variable
Do not replace hmac-md5 with fixed algorithm. But use default variable used by more recent versions.
This commit is contained in:
parent
99fd53a106
commit
21fe71bc46
@ -1,4 +1,4 @@
|
|||||||
From 2ad42c7c23858f12d977526d6ebc3465907d7b1b Mon Sep 17 00:00:00 2001
|
From f7d0320466815001b0fdf85f85a436f39463287e Mon Sep 17 00:00:00 2001
|
||||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||||
Date: Thu, 2 Aug 2018 23:46:45 +0200
|
Date: Thu, 2 Aug 2018 23:46:45 +0200
|
||||||
Subject: [PATCH] FIPS tests changes
|
Subject: [PATCH] FIPS tests changes
|
||||||
@ -57,6 +57,8 @@ Date: Wed Mar 7 10:44:23 2018 +0100
|
|||||||
Change tests to not use hmac-md5 algorithms if not required
|
Change tests to not use hmac-md5 algorithms if not required
|
||||||
|
|
||||||
Use hmac-sha256 instead of default hmac-md5 for allow-query
|
Use hmac-sha256 instead of default hmac-md5 for allow-query
|
||||||
|
|
||||||
|
Use DEFAULT_HMAC configured variable
|
||||||
---
|
---
|
||||||
bin/tests/system/acl/ns2/named1.conf.in | 4 +-
|
bin/tests/system/acl/ns2/named1.conf.in | 4 +-
|
||||||
bin/tests/system/acl/ns2/named2.conf.in | 4 +-
|
bin/tests/system/acl/ns2/named2.conf.in | 4 +-
|
||||||
@ -73,26 +75,35 @@ Date: Wed Mar 7 10:44:23 2018 +0100
|
|||||||
.../system/allow-query/ns2/named40.conf.in | 4 +-
|
.../system/allow-query/ns2/named40.conf.in | 4 +-
|
||||||
bin/tests/system/allow-query/tests.sh | 18 ++---
|
bin/tests/system/allow-query/tests.sh | 18 ++---
|
||||||
bin/tests/system/catz/ns1/named.conf.in | 2 +-
|
bin/tests/system/catz/ns1/named.conf.in | 2 +-
|
||||||
|
bin/tests/system/catz/ns2/named1.conf.in | 2 +-
|
||||||
|
bin/tests/system/catz/ns2/named2.conf.in | 2 +-
|
||||||
bin/tests/system/checkconf/bad-tsig.conf | 2 +-
|
bin/tests/system/checkconf/bad-tsig.conf | 2 +-
|
||||||
bin/tests/system/checkconf/good.conf | 2 +-
|
bin/tests/system/checkconf/good.conf | 2 +-
|
||||||
|
bin/tests/system/cookie/ns1/named.conf.in | 2 +-
|
||||||
|
bin/tests/system/dnssec/ns4/named5.conf.in | 2 +-
|
||||||
bin/tests/system/feature-test.c | 14 ++++
|
bin/tests/system/feature-test.c | 14 ++++
|
||||||
bin/tests/system/notify/ns5/named.conf.in | 6 +-
|
bin/tests/system/notify/ns5/named.conf.in | 6 +-
|
||||||
bin/tests/system/notify/tests.sh | 6 +-
|
bin/tests/system/notify/tests.sh | 6 +-
|
||||||
bin/tests/system/nsupdate/ns1/named.conf.in | 2 +-
|
bin/tests/system/nsupdate/ns1/named.conf.in | 2 +-
|
||||||
bin/tests/system/nsupdate/ns2/named.conf.in | 2 +-
|
bin/tests/system/nsupdate/ns2/named.conf.in | 2 +-
|
||||||
|
bin/tests/system/nsupdate/ns9/named.conf.in | 2 +-
|
||||||
bin/tests/system/nsupdate/setup.sh | 6 +-
|
bin/tests/system/nsupdate/setup.sh | 6 +-
|
||||||
bin/tests/system/nsupdate/tests.sh | 9 ++-
|
bin/tests/system/nsupdate/tests.sh | 9 ++-
|
||||||
|
bin/tests/system/rndc/ns2/named.conf.in | 2 +-
|
||||||
|
bin/tests/system/rndc/ns3/named.conf.in | 2 +-
|
||||||
bin/tests/system/rndc/setup.sh | 2 +-
|
bin/tests/system/rndc/setup.sh | 2 +-
|
||||||
bin/tests/system/rndc/tests.sh | 22 +++---
|
bin/tests/system/rndc/tests.sh | 22 +++---
|
||||||
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
|
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
|
||||||
|
bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++
|
||||||
bin/tests/system/tsig/setup.sh | 5 ++
|
bin/tests/system/tsig/setup.sh | 5 ++
|
||||||
bin/tests/system/tsig/tests.sh | 67 ++++++++++++-------
|
bin/tests/system/tsig/tests.sh | 67 ++++++++++++-------
|
||||||
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
|
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
|
||||||
bin/tests/system/upforwd/tests.sh | 2 +-
|
bin/tests/system/upforwd/tests.sh | 2 +-
|
||||||
31 files changed, 147 insertions(+), 106 deletions(-)
|
39 files changed, 164 insertions(+), 113 deletions(-)
|
||||||
|
create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||||
|
|
||||||
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
|
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
|
||||||
index 8787c6a..b781d0b 100644
|
index 8787c6a..682ba97 100644
|
||||||
--- a/bin/tests/system/acl/ns2/named1.conf.in
|
--- a/bin/tests/system/acl/ns2/named1.conf.in
|
||||||
+++ b/bin/tests/system/acl/ns2/named1.conf.in
|
+++ b/bin/tests/system/acl/ns2/named1.conf.in
|
||||||
@@ -35,12 +35,12 @@ options {
|
@@ -35,12 +35,12 @@ options {
|
||||||
@ -100,18 +111,18 @@ index 8787c6a..b781d0b 100644
|
|||||||
|
|
||||||
key one {
|
key one {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
key two {
|
key two {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
|
diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
|
||||||
index a95b4c1..3f3f471 100644
|
index a95b4c1..7b1cea6 100644
|
||||||
--- a/bin/tests/system/acl/ns2/named2.conf.in
|
--- a/bin/tests/system/acl/ns2/named2.conf.in
|
||||||
+++ b/bin/tests/system/acl/ns2/named2.conf.in
|
+++ b/bin/tests/system/acl/ns2/named2.conf.in
|
||||||
@@ -35,12 +35,12 @@ options {
|
@@ -35,12 +35,12 @@ options {
|
||||||
@ -119,18 +130,18 @@ index a95b4c1..3f3f471 100644
|
|||||||
|
|
||||||
key one {
|
key one {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
key two {
|
key two {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
|
diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
|
||||||
index 14cc3fe..9507706 100644
|
index 14cc3fe..6b35ba5 100644
|
||||||
--- a/bin/tests/system/acl/ns2/named3.conf.in
|
--- a/bin/tests/system/acl/ns2/named3.conf.in
|
||||||
+++ b/bin/tests/system/acl/ns2/named3.conf.in
|
+++ b/bin/tests/system/acl/ns2/named3.conf.in
|
||||||
@@ -35,17 +35,17 @@ options {
|
@@ -35,17 +35,17 @@ options {
|
||||||
@ -138,24 +149,24 @@ index 14cc3fe..9507706 100644
|
|||||||
|
|
||||||
key one {
|
key one {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
key two {
|
key two {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
key three {
|
key three {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
|
diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
|
||||||
index 77cf110..029c91b 100644
|
index 77cf110..b23a1ca 100644
|
||||||
--- a/bin/tests/system/acl/ns2/named4.conf.in
|
--- a/bin/tests/system/acl/ns2/named4.conf.in
|
||||||
+++ b/bin/tests/system/acl/ns2/named4.conf.in
|
+++ b/bin/tests/system/acl/ns2/named4.conf.in
|
||||||
@@ -35,12 +35,12 @@ options {
|
@@ -35,12 +35,12 @@ options {
|
||||||
@ -163,18 +174,18 @@ index 77cf110..029c91b 100644
|
|||||||
|
|
||||||
key one {
|
key one {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
key two {
|
key two {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
|
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
|
||||||
index 5ccabf9..6154797 100644
|
index 5ccabf9..52791aa 100644
|
||||||
--- a/bin/tests/system/acl/ns2/named5.conf.in
|
--- a/bin/tests/system/acl/ns2/named5.conf.in
|
||||||
+++ b/bin/tests/system/acl/ns2/named5.conf.in
|
+++ b/bin/tests/system/acl/ns2/named5.conf.in
|
||||||
@@ -37,12 +37,12 @@ options {
|
@@ -37,12 +37,12 @@ options {
|
||||||
@ -182,13 +193,13 @@ index 5ccabf9..6154797 100644
|
|||||||
|
|
||||||
key one {
|
key one {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
key two {
|
key two {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -319,7 +330,7 @@ index ad98fa1..7a7ff4a 100644
|
|||||||
|
|
||||||
echo_i "testing allow-query-on ACL processing"
|
echo_i "testing allow-query-on ACL processing"
|
||||||
diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in
|
diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||||
index b91d19a..7d777c2 100644
|
index b91d19a..ae485e8 100644
|
||||||
--- a/bin/tests/system/allow-query/ns2/named10.conf.in
|
--- a/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||||
+++ b/bin/tests/system/allow-query/ns2/named10.conf.in
|
+++ b/bin/tests/system/allow-query/ns2/named10.conf.in
|
||||||
@@ -12,7 +12,7 @@
|
@@ -12,7 +12,7 @@
|
||||||
@ -327,12 +338,12 @@ index b91d19a..7d777c2 100644
|
|||||||
|
|
||||||
key one {
|
key one {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in
|
diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||||
index 308c4ca..00f6f40 100644
|
index 308c4ca..8a5e806 100644
|
||||||
--- a/bin/tests/system/allow-query/ns2/named11.conf.in
|
--- a/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||||
+++ b/bin/tests/system/allow-query/ns2/named11.conf.in
|
+++ b/bin/tests/system/allow-query/ns2/named11.conf.in
|
||||||
@@ -12,12 +12,12 @@
|
@@ -12,12 +12,12 @@
|
||||||
@ -340,18 +351,18 @@ index 308c4ca..00f6f40 100644
|
|||||||
|
|
||||||
key one {
|
key one {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
key two {
|
key two {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234efgh8765";
|
secret "1234efgh8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in
|
diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||||
index 6b0fe55..491e514 100644
|
index 6b0fe55..a10c6d0 100644
|
||||||
--- a/bin/tests/system/allow-query/ns2/named12.conf.in
|
--- a/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||||
+++ b/bin/tests/system/allow-query/ns2/named12.conf.in
|
+++ b/bin/tests/system/allow-query/ns2/named12.conf.in
|
||||||
@@ -12,7 +12,7 @@
|
@@ -12,7 +12,7 @@
|
||||||
@ -359,12 +370,12 @@ index 6b0fe55..491e514 100644
|
|||||||
|
|
||||||
key one {
|
key one {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in
|
diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||||
index aefc474..7c06596 100644
|
index aefc474..52981a7 100644
|
||||||
--- a/bin/tests/system/allow-query/ns2/named30.conf.in
|
--- a/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||||
+++ b/bin/tests/system/allow-query/ns2/named30.conf.in
|
+++ b/bin/tests/system/allow-query/ns2/named30.conf.in
|
||||||
@@ -12,7 +12,7 @@
|
@@ -12,7 +12,7 @@
|
||||||
@ -372,12 +383,12 @@ index aefc474..7c06596 100644
|
|||||||
|
|
||||||
key one {
|
key one {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in
|
diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||||
index 27eccc2..eecb990 100644
|
index 27eccc2..f627870 100644
|
||||||
--- a/bin/tests/system/allow-query/ns2/named31.conf.in
|
--- a/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||||
+++ b/bin/tests/system/allow-query/ns2/named31.conf.in
|
+++ b/bin/tests/system/allow-query/ns2/named31.conf.in
|
||||||
@@ -12,12 +12,12 @@
|
@@ -12,12 +12,12 @@
|
||||||
@ -385,18 +396,18 @@ index 27eccc2..eecb990 100644
|
|||||||
|
|
||||||
key one {
|
key one {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
key two {
|
key two {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234efgh8765";
|
secret "1234efgh8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in
|
diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||||
index adbb203..744d122 100644
|
index adbb203..6fd516b 100644
|
||||||
--- a/bin/tests/system/allow-query/ns2/named32.conf.in
|
--- a/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||||
+++ b/bin/tests/system/allow-query/ns2/named32.conf.in
|
+++ b/bin/tests/system/allow-query/ns2/named32.conf.in
|
||||||
@@ -12,7 +12,7 @@
|
@@ -12,7 +12,7 @@
|
||||||
@ -404,12 +415,12 @@ index adbb203..744d122 100644
|
|||||||
|
|
||||||
key one {
|
key one {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in
|
diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||||
index 364f94b..9518f82 100644
|
index 364f94b..de37915 100644
|
||||||
--- a/bin/tests/system/allow-query/ns2/named40.conf.in
|
--- a/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||||
+++ b/bin/tests/system/allow-query/ns2/named40.conf.in
|
+++ b/bin/tests/system/allow-query/ns2/named40.conf.in
|
||||||
@@ -16,12 +16,12 @@ acl accept { 10.53.0.2; };
|
@@ -16,12 +16,12 @@ acl accept { 10.53.0.2; };
|
||||||
@ -417,13 +428,13 @@ index 364f94b..9518f82 100644
|
|||||||
|
|
||||||
key one {
|
key one {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
key two {
|
key two {
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
secret "1234efgh8765";
|
secret "1234efgh8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -513,7 +524,7 @@ index 01a13cf..3711c63 100644
|
|||||||
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
||||||
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
||||||
diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in
|
diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in
|
||||||
index 3a8e401..82e720d 100644
|
index 3a8e401..052ae3f 100644
|
||||||
--- a/bin/tests/system/catz/ns1/named.conf.in
|
--- a/bin/tests/system/catz/ns1/named.conf.in
|
||||||
+++ b/bin/tests/system/catz/ns1/named.conf.in
|
+++ b/bin/tests/system/catz/ns1/named.conf.in
|
||||||
@@ -122,7 +122,7 @@ view "ch" ch {
|
@@ -122,7 +122,7 @@ view "ch" ch {
|
||||||
@ -521,10 +532,34 @@ index 3a8e401..82e720d 100644
|
|||||||
key tsig_key. {
|
key tsig_key. {
|
||||||
secret "LSAnCU+Z";
|
secret "LSAnCU+Z";
|
||||||
- algorithm hmac-md5;
|
- algorithm hmac-md5;
|
||||||
+ algorithm hmac-sha256;
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
};
|
};
|
||||||
|
|
||||||
key next_key. {
|
key next_key. {
|
||||||
|
diff --git a/bin/tests/system/catz/ns2/named1.conf.in b/bin/tests/system/catz/ns2/named1.conf.in
|
||||||
|
index 23383ed..5a7babd 100644
|
||||||
|
--- a/bin/tests/system/catz/ns2/named1.conf.in
|
||||||
|
+++ b/bin/tests/system/catz/ns2/named1.conf.in
|
||||||
|
@@ -165,7 +165,7 @@ view "ch" ch {
|
||||||
|
|
||||||
|
key tsig_key. {
|
||||||
|
secret "LSAnCU+Z";
|
||||||
|
- algorithm hmac-md5;
|
||||||
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
|
};
|
||||||
|
|
||||||
|
key next_key. {
|
||||||
|
diff --git a/bin/tests/system/catz/ns2/named2.conf.in b/bin/tests/system/catz/ns2/named2.conf.in
|
||||||
|
index 62b76a6..cd5f2b9 100644
|
||||||
|
--- a/bin/tests/system/catz/ns2/named2.conf.in
|
||||||
|
+++ b/bin/tests/system/catz/ns2/named2.conf.in
|
||||||
|
@@ -122,5 +122,5 @@ view "ch" ch {
|
||||||
|
|
||||||
|
key tsig_key. {
|
||||||
|
secret "LSAnCU+Z";
|
||||||
|
- algorithm hmac-md5;
|
||||||
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
|
};
|
||||||
diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
|
diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
|
||||||
index 4af25b0..9f202d5 100644
|
index 4af25b0..9f202d5 100644
|
||||||
--- a/bin/tests/system/checkconf/bad-tsig.conf
|
--- a/bin/tests/system/checkconf/bad-tsig.conf
|
||||||
@ -550,6 +585,30 @@ index 154bf75..e7a05cd 100644
|
|||||||
+ algorithm "hmac-sha256";
|
+ algorithm "hmac-sha256";
|
||||||
secret "qwertyuiopasdfgh";
|
secret "qwertyuiopasdfgh";
|
||||||
};
|
};
|
||||||
|
diff --git a/bin/tests/system/cookie/ns1/named.conf.in b/bin/tests/system/cookie/ns1/named.conf.in
|
||||||
|
index 1304303..e9c28c6 100644
|
||||||
|
--- a/bin/tests/system/cookie/ns1/named.conf.in
|
||||||
|
+++ b/bin/tests/system/cookie/ns1/named.conf.in
|
||||||
|
@@ -18,7 +18,7 @@ key rndc_key {
|
||||||
|
|
||||||
|
key foo {
|
||||||
|
secret "aaaaaaaaaaaa";
|
||||||
|
- algorithm hmac-sha256;
|
||||||
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
|
};
|
||||||
|
|
||||||
|
server 10.53.0.10 {
|
||||||
|
diff --git a/bin/tests/system/dnssec/ns4/named5.conf.in b/bin/tests/system/dnssec/ns4/named5.conf.in
|
||||||
|
index f1b817a..e457062 100644
|
||||||
|
--- a/bin/tests/system/dnssec/ns4/named5.conf.in
|
||||||
|
+++ b/bin/tests/system/dnssec/ns4/named5.conf.in
|
||||||
|
@@ -35,5 +35,5 @@ controls {
|
||||||
|
|
||||||
|
key auth {
|
||||||
|
secret "1234abcd8765";
|
||||||
|
- algorithm hmac-sha256;
|
||||||
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
|
};
|
||||||
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
|
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
|
||||||
index 3435c91..aaaa264 100644
|
index 3435c91..aaaa264 100644
|
||||||
--- a/bin/tests/system/feature-test.c
|
--- a/bin/tests/system/feature-test.c
|
||||||
@ -583,7 +642,7 @@ index 3435c91..aaaa264 100644
|
|||||||
#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
|
#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
|
||||||
int s;
|
int s;
|
||||||
diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in
|
diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in
|
||||||
index 5cab276..d4a7bf3 100644
|
index 5cab276..c0492e1 100644
|
||||||
--- a/bin/tests/system/notify/ns5/named.conf.in
|
--- a/bin/tests/system/notify/ns5/named.conf.in
|
||||||
+++ b/bin/tests/system/notify/ns5/named.conf.in
|
+++ b/bin/tests/system/notify/ns5/named.conf.in
|
||||||
@@ -12,17 +12,17 @@
|
@@ -12,17 +12,17 @@
|
||||||
@ -591,19 +650,19 @@ index 5cab276..d4a7bf3 100644
|
|||||||
|
|
||||||
key "a" {
|
key "a" {
|
||||||
- algorithm "hmac-md5";
|
- algorithm "hmac-md5";
|
||||||
+ algorithm "hmac-sha256";
|
+ algorithm "@DEFAULT_HMAC@";
|
||||||
secret "aaaaaaaaaaaaaaaaaaaa";
|
secret "aaaaaaaaaaaaaaaaaaaa";
|
||||||
};
|
};
|
||||||
|
|
||||||
key "b" {
|
key "b" {
|
||||||
- algorithm "hmac-md5";
|
- algorithm "hmac-md5";
|
||||||
+ algorithm "hmac-sha256";
|
+ algorithm "@DEFAULT_HMAC@";
|
||||||
secret "bbbbbbbbbbbbbbbbbbbb";
|
secret "bbbbbbbbbbbbbbbbbbbb";
|
||||||
};
|
};
|
||||||
|
|
||||||
key "c" {
|
key "c" {
|
||||||
- algorithm "hmac-md5";
|
- algorithm "hmac-md5";
|
||||||
+ algorithm "hmac-sha256";
|
+ algorithm "@DEFAULT_HMAC@";
|
||||||
secret "cccccccccccccccccccc";
|
secret "cccccccccccccccccccc";
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -658,6 +717,19 @@ index c85eef5..428b6b1 100644
|
|||||||
secret "1234abcd8765";
|
secret "1234abcd8765";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
diff --git a/bin/tests/system/nsupdate/ns9/named.conf.in b/bin/tests/system/nsupdate/ns9/named.conf.in
|
||||||
|
index 6a7ff88..0b70745 100644
|
||||||
|
--- a/bin/tests/system/nsupdate/ns9/named.conf.in
|
||||||
|
+++ b/bin/tests/system/nsupdate/ns9/named.conf.in
|
||||||
|
@@ -32,7 +32,7 @@ key rndc_key {
|
||||||
|
|
||||||
|
key subkey {
|
||||||
|
secret "1234abcd8765";
|
||||||
|
- algorithm hmac-sha256;
|
||||||
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
|
};
|
||||||
|
|
||||||
|
controls {
|
||||||
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
|
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
|
||||||
index 50056dc..a4a1a3f 100644
|
index 50056dc..a4a1a3f 100644
|
||||||
--- a/bin/tests/system/nsupdate/setup.sh
|
--- a/bin/tests/system/nsupdate/setup.sh
|
||||||
@ -702,6 +774,32 @@ index 0bb9d00..ecbc0df 100755
|
|||||||
$DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
|
$DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
|
||||||
done
|
done
|
||||||
if [ $ret -ne 0 ]; then
|
if [ $ret -ne 0 ]; then
|
||||||
|
diff --git a/bin/tests/system/rndc/ns2/named.conf.in b/bin/tests/system/rndc/ns2/named.conf.in
|
||||||
|
index 117a5f4..be1af25 100644
|
||||||
|
--- a/bin/tests/system/rndc/ns2/named.conf.in
|
||||||
|
+++ b/bin/tests/system/rndc/ns2/named.conf.in
|
||||||
|
@@ -27,7 +27,7 @@ key rndc_key {
|
||||||
|
|
||||||
|
key secondkey {
|
||||||
|
secret "abcd1234abcd8765";
|
||||||
|
- algorithm hmac-sha256;
|
||||||
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
|
};
|
||||||
|
|
||||||
|
controls {
|
||||||
|
diff --git a/bin/tests/system/rndc/ns3/named.conf.in b/bin/tests/system/rndc/ns3/named.conf.in
|
||||||
|
index 3078e90..fd97ca2 100644
|
||||||
|
--- a/bin/tests/system/rndc/ns3/named.conf.in
|
||||||
|
+++ b/bin/tests/system/rndc/ns3/named.conf.in
|
||||||
|
@@ -25,7 +25,7 @@ key rndc_key {
|
||||||
|
|
||||||
|
key secondkey {
|
||||||
|
secret "abcd1234abcd8765";
|
||||||
|
- algorithm hmac-sha256;
|
||||||
|
+ algorithm @DEFAULT_HMAC@;
|
||||||
|
};
|
||||||
|
|
||||||
|
controls {
|
||||||
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
|
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
|
||||||
index 4dd6fa7..1b79263 100644
|
index 4dd6fa7..1b79263 100644
|
||||||
--- a/bin/tests/system/rndc/setup.sh
|
--- a/bin/tests/system/rndc/setup.sh
|
||||||
@ -776,6 +874,22 @@ index 76cf970..22637af 100644
|
|||||||
|
|
||||||
key "sha1-trunc" {
|
key "sha1-trunc" {
|
||||||
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
||||||
|
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000..0682194
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
||||||
|
@@ -0,0 +1,10 @@
|
||||||
|
+# Conditionally included when support for MD5 is available
|
||||||
|
+key "md5" {
|
||||||
|
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
||||||
|
+ algorithm hmac-md5;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+key "md5-trunc" {
|
||||||
|
+ secret "97rnFx24Tfna4mHPfgnerA==";
|
||||||
|
+ algorithm hmac-md5-80;
|
||||||
|
+};
|
||||||
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
|
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
|
||||||
index 34cc73b..d51ff21 100644
|
index 34cc73b..d51ff21 100644
|
||||||
--- a/bin/tests/system/tsig/setup.sh
|
--- a/bin/tests/system/tsig/setup.sh
|
||||||
@ -882,7 +996,7 @@ index 1067227..ee05e83 100644
|
|||||||
|
|
||||||
echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
|
echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
|
||||||
diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in
|
diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in
|
||||||
index c2b57dd..cb13aa1 100644
|
index c2b57dd..ea744f8 100644
|
||||||
--- a/bin/tests/system/upforwd/ns1/named.conf.in
|
--- a/bin/tests/system/upforwd/ns1/named.conf.in
|
||||||
+++ b/bin/tests/system/upforwd/ns1/named.conf.in
|
+++ b/bin/tests/system/upforwd/ns1/named.conf.in
|
||||||
@@ -12,7 +12,7 @@
|
@@ -12,7 +12,7 @@
|
||||||
@ -890,7 +1004,7 @@ index c2b57dd..cb13aa1 100644
|
|||||||
|
|
||||||
key "update.example." {
|
key "update.example." {
|
||||||
- algorithm "hmac-md5";
|
- algorithm "hmac-md5";
|
||||||
+ algorithm "hmac-sha256";
|
+ algorithm "@DEFAULT_HMAC@";
|
||||||
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
|
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user