Convert hmac-sha256 references in system tests to DEFAULT_HMAC

where a future change from hmac-sha256 would be applicable. This change involves dnssec, nsupdate and rndc system tests.
2025-08-30 14:07:59 +00:00 · 2022-07-05 18:39:43 +10:00 · 2022-07-05 18:39:43 +10:00 · 19a7a1e557
commit 19a7a1e557
parent ce324ae8ba
14 changed files with 24 additions and 20 deletions
--- a/bin/tests/system/cookie/ans9/ans.py
+++ b/bin/tests/system/cookie/ans9/ans.py
@ -45,8 +45,8 @@ def logquery(type, qname):
 try:
    keyring = dns.tsigkeyring.from_text(
        {
-            "foo": {"hmac-sha256", "aaaaaaaaaaaa"},
-            "fake": {"hmac-sha256", "aaaaaaaaaaaa"},
+            "foo": {os.getenv("DEFAULT_HMAC", "hmac-sha256"), "aaaaaaaaaaaa"},
+            "fake": {os.getenv("DEFAULT_HMAC", "hmac-sha256"), "aaaaaaaaaaaa"},
        }
    )
 except:
--- a/bin/tests/system/cookie/ns1/named.conf.in
+++ b/bin/tests/system/cookie/ns1/named.conf.in
@ -18,7 +18,7 @@ key rndc_key {

 key foo {
 	secret "aaaaaaaaaaaa";
-	algorithm hmac-sha256;
+	algorithm @DEFAULT_HMAC@;
 };

 server 10.53.0.10 {
--- a/bin/tests/system/cookie/tests.sh
+++ b/bin/tests/system/cookie/tests.sh
@ -474,7 +474,7 @@ then
  echo_i "check that TSIG test server is correctly configured ($n)"
  ret=0
  pat="; COOKIE: ................................ (good)"
-  key=hmac-sha256:foo:aaaaaaaaaaaa
+  key="${DEFAULT_HMAC}:foo:aaaaaaaaaaaa"
  #UDP
  $DIG $DIGOPTS @10.53.0.10 -y $key +notcp tsig. > dig.out.test$n.1
  grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
--- a/bin/tests/system/dnssec/ns4/named5.conf.in
+++ b/bin/tests/system/dnssec/ns4/named5.conf.in
@ -35,5 +35,5 @@ controls {

 key auth {
 	secret "1234abcd8765";
-	algorithm hmac-sha256;
+	algorithm @DEFAULT_HMAC@;
 };
--- a/bin/tests/system/nsupdate/ns9/named.conf.in
+++ b/bin/tests/system/nsupdate/ns9/named.conf.in
@ -32,7 +32,7 @@ key rndc_key {

 key subkey {
 	secret "1234abcd8765";
-	algorithm hmac-sha256;
+	algorithm @DEFAULT_HMAC@;
 };

 controls {
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@ -739,7 +739,7 @@ n=`expr $n + 1`
 ret=0
 echo_i "check 'grant' in deny name + grant subdomain ($n)"
 $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
-key hmac-sha256:subkey 1234abcd8765
+key $DEFAULT_HMAC:subkey 1234abcd8765
 server 10.53.0.9 ${PORT}
 zone denyname.example
 update add foo.denyname.example 3600 IN TXT added
@ -753,7 +753,7 @@ n=`expr $n + 1`
 ret=0
 echo_i "check 'deny' in deny name + grant subdomain ($n)"
 $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
-key hmac-sha256:subkey 1234abcd8765
+key $DEFAULT_HMAC:subkey 1234abcd8765
 server 10.53.0.9 ${PORT}
 zone denyname.example
 update add denyname.example 3600 IN TXT added
--- a/bin/tests/system/rndc/clean.sh
+++ b/bin/tests/system/rndc/clean.sh
@ -12,11 +12,15 @@
 # information regarding copyright ownership.

 rm -f dig.out.*.test*
+rm -f ns*/*.nta
+rm -f ns*/managed-keys.bind* ns*/*.mkeys*
+rm -f ns*/named.conf
 rm -f ns*/named.lock
 rm -f ns*/named.memstats
 rm -f ns*/named.run ns*/named.run.prev
 rm -f ns2/named.stats
 rm -f ns2/nil.db ns2/other.db ns2/static.db ns2/*.jnl
+rm -f ns2/secondkey.conf
 rm -f ns2/session.key
 rm -f ns3/named_dump.db*
 rm -f ns4/*.nta
@ -25,9 +29,6 @@ rm -f ns4/key?.conf
 rm -f ns6/huge.zone.db
 rm -f ns7/include.db ns7/test.db ns7/*.jnl
 rm -f ns7/named_dump.db*
-rm -f ns*/named.conf
 rm -f nsupdate.out.*.test*
 rm -f python.out.*.test*
 rm -f rndc.out.*.test*
-rm -f ns*/managed-keys.bind* ns*/*.mkeys*
-rm -f ns*/*.nta
--- a/bin/tests/system/rndc/ns2/named.conf.in
+++ b/bin/tests/system/rndc/ns2/named.conf.in
@ -27,7 +27,7 @@ key rndc_key {

 key secondkey {
 	secret "abcd1234abcd8765";
-	algorithm hmac-sha256;
+	algorithm @DEFAULT_HMAC@;
 };

 controls {
--- a/bin/tests/system/rndc/ns2/secondkey.conf.in
+++ b/bin/tests/system/rndc/ns2/secondkey.conf.in
@ -17,5 +17,5 @@ options {

 key secondkey {
 	secret "abcd1234abcd8765";
-	algorithm hmac-sha256;
+	algorithm @DEFAULT_HMAC@;
 };
--- a/bin/tests/system/rndc/ns3/named.conf.in
+++ b/bin/tests/system/rndc/ns3/named.conf.in
@ -25,7 +25,7 @@ key rndc_key {

 key secondkey {
 	secret "abcd1234abcd8765";
-	algorithm hmac-sha256;
+	algorithm @DEFAULT_HMAC@;
 };

 controls {
--- a/bin/tests/system/rndc/setup.sh
+++ b/bin/tests/system/rndc/setup.sh
@ -34,6 +34,7 @@ awk 'END { for (i = 1; i <= '${size}'; i++)
     printf "host%d IN A 10.53.0.6\n", i; }' < /dev/null >> ns6/huge.zone.db

 copy_setports ns2/named.conf.in ns2/named.conf
+copy_setports ns2/secondkey.conf.in ns2/secondkey.conf
 copy_setports ns3/named.conf.in ns3/named.conf
 copy_setports ns4/named.conf.in ns4/named.conf
 copy_setports ns5/named.conf.in ns5/named.conf
--- a/bin/tests/system/rrl/broken.conf.in
+++ b/bin/tests/system/rrl/broken.conf.in
@ -38,9 +38,9 @@ options {

 key rndc_key {
 	secret "1234abcd8765";
-	algorithm hmac-sha256;
+	algorithm @DEFAULT_HMAC@;
 };
+
 controls {
 	inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; };
 };
-
--- a/bin/tests/system/rrl/clean.sh
+++ b/bin/tests/system/rrl/clean.sh
@ -11,10 +11,11 @@

 # Clean up after rrl tests.

-rm -f dig.out* *mdig.out*
 rm -f  */named.memstats */named.run */named.stats */log-* */session.key
-rm -f ns3/bl*.db */*.jnl */*.core */*.pid
-rm -f ns*/named.lock
-rm -f ns*/named.conf
+rm -f broken.conf
 rm -f broken.out
+rm -f dig.out* *mdig.out*
 rm -f ns*/managed-keys.bind*
+rm -f ns*/named.conf
+rm -f ns*/named.lock
+rm -f ns3/bl*.db */*.jnl */*.core */*.pid
--- a/bin/tests/system/rrl/setup.sh
+++ b/bin/tests/system/rrl/setup.sh
@ -15,6 +15,7 @@

 $SHELL clean.sh

+copy_setports broken.conf.in broken.conf
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf