mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 21:47:59 +00:00
Code Issues Releases Wiki Activity

RSA and ECDSA cryptography is now mandatory; remove the checks for those

Browse Source
This commit is contained in:
Ondřej Surý 2018-06-18 12:07:06 +02:00
parent 9d1f4696ec
commit c40425d0f6
46 changed files with 35 additions and 898 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
bin/tests/system/autosign/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

15
bin/tests/system/cds/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

2
bin/tests/system/chain/prereq.sh
View File

@ -12,8 +12,6 @@
SYSTEMTESTTOP=.. SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
$SHELL ../testcrypto.sh || exit 255
if test -n "$PYTHON" if test -n "$PYTHON"
then then
if $PYTHON -c "import dns" 2> /dev/null if $PYTHON -c "import dns" 2> /dev/null

15
bin/tests/system/coverage/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

15
bin/tests/system/dlv/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

15
bin/tests/system/dns64/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

2
bin/tests/system/dnssec/prereq.sh
View File

@ -23,4 +23,4 @@ then
fi fi
fi fi
exec $SHELL ../testcrypto.sh exit 0

23
bin/tests/system/dsdigest/prereq.sh
View File

@ -1,23 +0,0 @@
#!/bin/sh -e
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
ecdsafail=0
$SHELL ../testcrypto.sh -q ecdsa || ecdsafail=1
if [ $ecdsafail = 1 ]; then
echo_i "This test requires support for ECDSA cryptography." >&2
exit 255
else
echo ecdsa > supported
fi

15
bin/tests/system/dupsigs/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

15
bin/tests/system/ecdsa/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh -e
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh ecdsa

125
bin/tests/system/filter-aaaa/ns1/signed.db.presigned
View File

@ -1,125 +0,0 @@
; File written on Mon Oct 16 09:16:28 2017
; dnssec_signzone version 9.11.2
signed. 120 IN SOA ns.signed. hostmaster.ns.signed. (
1 ; serial
3600 ; refresh (1 hour)
1200 ; retry (20 minutes)
604800 ; expire (1 week)
60 ; minimum (1 minute)
)
120 RRSIG SOA 3 1 120 (
20820519023008 20140501011600 17876 signed.
BJDbUrXS4UzBrTeNUMA0sSGYd+h9M5d8qzsE
q7RJyDtUNJIwP5vAnSQ= )
120 NS ns.signed.
120 RRSIG NS 3 1 120 (
20820519023008 20140501011600 17876 signed.
BGoYuOkkcTAYnym27q2BgqkjUgP/0/Tip1yc
txRS1D0CipTUZhCNrXc= )
120 MX 10 mx.signed.
120 RRSIG MX 3 1 120 (
20820519023008 20140501011600 17876 signed.
BOUPCSEEJ8dZ0oWeiYEvGIonjagvM1OS+mEY
i5VUmysn7kArWqeFERs= )
60 NSEC a-only.signed. NS SOA MX RRSIG NSEC DNSKEY
60 RRSIG NSEC 3 1 60 (
20820519023008 20140501011600 17876 signed.
BBzvCsFw4EgfrIsFOu5IjP2gncm8dntwHaMD
IeJ6g6s7IOwFT5nyrOU= )
120 DNSKEY 256 3 3 (
BPXo3mJOeCCuorn7Hc7bxR3QDHrJvq9gUpPS
s8QYF3eiSpB97c8Br7fFzFYHQCJWWnCtpt1E
h7SveJSl1ASNl9W2KE6hDNXfDX+ixDOtFZ/7
PCh/obX36VK86EH+ZBNLxxEy9tHHCGO08zy8
3lWI3E5bk9a1sks2dy6hbQfMmyXWI5QwYS9D
j5Vs5yeUQ5e6SPmIqgqpn6VnDtAIfR2My7/r
/Jgf73gpZugZmn6wDbzNCyGIvtOJCHAY2OEg
ZfACKVdJrXZ42NKcJCgSTd1xY81UyMI9QAMq
64Lx/tENCo1GKBCk/1HMdiO6WKeXCJd1SYzN
VM+n4fRzEkmVT9wfyiSmoq6SxjeqrRebDz8G
42d4lsm2/0bmOlle+fva7LwtGOaS+tBqtD8K
kexFaixL5iY+LB0Q
) ; ZSK; alg = DSA ; key id = 17876
120 DNSKEY 257 3 3 (
BOOhXnn+YV6RQ+jRPdayrnC2cd9x5P77c1/6
Ev41qaWl1N7QRDXYh7VDS1UowoPbvQOvgQU0
X7+zKWrB8UQcdsUe96IH/wPab1qkJlKanZni
uFdB/2sTvQ6yabIC41dItnGeuN9VY1qwCa7T
4QFRVYyDPKgxo7MRLq9YoUN8RTcB6lY1BH9Z
QgcHZljAFVgU1Zc/6DZlQeBZyJafwIR+I7Eq
Oe+rR44ZeD5JRgI1OwGyw/b1wKUxFhM+4XJi
i8mQ1mrvzZ27iQbYP4WEzaskU6P5X+nPrTFi
tLEaPugt8Oe7+lHLjpHvHzSOJZ5Radfiqgzg
GGOzj1qmLfKLdRmp4VuBQ+1kguiz9D3ev89d
pzP7dYHuSdCjc9X0fLmPjU1xD6RyLCDEmUm7
eeRP55SiTiQCzJFr
) ; KSK; alg = DSA ; key id = 3746
120 RRSIG DNSKEY 3 1 120 (
20820519023008 20140501011600 3746 signed.
BFuLN7ACQrD6/3WaieXRD1JpSXW9s+/xCZ1x
0ihUT1iKNvJS8F4Pafc= )
120 RRSIG DNSKEY 3 1 120 (
20820519023008 20140501011600 17876 signed.
BN+8hbh1FGTNqHds0In57dPr5fVRU/P28dZa
zIP19bAwTH/ZvgrqUF0= )
a-only.signed. 120 IN NS 1.0.0.1.signed.
60 NSEC aaaa-only.signed. NS RRSIG NSEC
60 RRSIG NSEC 3 2 60 (
20820519023008 20140501011600 17876 signed.
BHpGpjMihpoIykHTpK1XmkVn0jqSST3/K6Fx
vTaIb24rpkTriaXxChM= )
aaaa-only.signed. 120 IN AAAA 2001:db8::2
120 RRSIG AAAA 3 2 120 (
20820519023008 20140501011600 17876 signed.
BOvYax/3CDnEKTtbc6zoP4hYwhMe5SoXZh0w
muzBWw9bEH+Bdt1ZEQ4= )
60 NSEC dual.signed. AAAA RRSIG NSEC
60 RRSIG NSEC 3 2 60 (
20820519023008 20140501011600 17876 signed.
BIqxE79TUnT2DUuocTitGhTNGnLs0+3sLJdz
8haJbyH8pig1h7mqimU= )
dual.signed. 120 IN A 1.0.0.3
120 RRSIG A 3 2 120 (
20820519023008 20140501011600 17876 signed.
BIGL70eEIGVDW0gcYpEWgCFv4ne14hutQCMh
gQ6kcEbl2qszosJA60E= )
120 AAAA 2001:db8::3
120 RRSIG AAAA 3 2 120 (
20820519023008 20140501011600 17876 signed.
BCmwk+ng/x1O7MhheK8MgAXYFVDDbyiZ76RV
iwQrPRm0ThNRtsQU+UY= )
60 NSEC mx.signed. A AAAA RRSIG NSEC
60 RRSIG NSEC 3 2 60 (
20820519023008 20140501011600 17876 signed.
BLlLAIHF4SX/eWMCkUvj0XTFmaOp3xnifqkL
nSWOAqtzJ5fwAdbNBdM= )
ns.signed. 120 IN A 10.53.0.1
120 RRSIG A 3 2 120 (
20820519023008 20140501011600 17876 signed.
BJ+Wll7VfNEjM4EfLY2rlx74oIwKRg9pjcJO
Zxt6GHQIJ2D6EfyMZ00= )
120 AAAA fd92:7065:b8e:ffff::1
120 RRSIG AAAA 3 2 120 (
20820519023008 20140501011600 17876 signed.
BGT/agHn4qcHzLV2hYcGeLJ6Tz1to9sTB8LI
lMwkV/KUu6UO7yvrnYk= )
60 NSEC signed. A AAAA RRSIG NSEC
60 RRSIG NSEC 3 2 60 (
20820519023008 20140501011600 17876 signed.
BNe3XmEGd/xxoh8FN3T3V9G1enCzNQJ7l3G+
D3QPrp7mYtPAGMxCLlc= )
mx.signed. 120 IN A 1.0.0.3
120 RRSIG A 3 2 120 (
20820519023008 20140501011600 17876 signed.
BMlIQp1acUSUvgzV1CWlM0+cS1bGkFsbS6HQ
d0S6TbNV+uNw0S1q0Dk= )
120 AAAA 2001:db8::3
120 RRSIG AAAA 3 2 120 (
20820519023008 20140501011600 17876 signed.
BGtSuYQF7sRVT5OdVHPJjm0PERzSp4v+d/DP
Vp2UD0vSVSr3Vj2Wi4M= )
60 NSEC ns.signed. A AAAA RRSIG NSEC
60 RRSIG NSEC 3 2 60 (
20820519023008 20140501011600 17876 signed.
BMzQWws37wYfHvLnqgvjd+j5dkzBb2RYhrQk
ykM0GnTAR6ZpmgQO6jc= )

110
bin/tests/system/filter-aaaa/ns4/signed.db.presigned
View File

@ -1,110 +0,0 @@
; File written on Thu May 1 12:22:01 2014
; dnssec_signzone version 9.8.5-P1
signed. 120 IN SOA ns.utld. hostmaster.ns.utld. (
1 ; serial
3600 ; refresh (1 hour)
1200 ; retry (20 minutes)
604800 ; expire (1 week)
60 ; minimum (1 minute)
)
120 RRSIG SOA 3 1 120 20820519033608 (
20140501012201 20366 signed.
BMC1gbQgLgNsb9G6rElwoY6Krb6lV/WFsd/j
LO3aVnPXgU/noM1IBjs= )
120 NS ns.utld.
120 RRSIG NS 3 1 120 20820519033608 (
20140501012201 20366 signed.
BF9dWcW8GHL4QMp7rbeQgfUQmwEvskiMFqgt
GJqepDLkV4WXtw3TRK4= )
120 MX 10 mx.signed.
120 RRSIG MX 3 1 120 20820519033608 (
20140501012201 20366 signed.
BJ7bngL8eZ9GrjQvHj0FDOgk2M6+YoW+cIAh
ZjGKcK431aUFMS3YSGE= )
60 NSEC a-only.signed. NS SOA MX RRSIG NSEC DNSKEY
60 RRSIG NSEC 3 1 60 20820519033608 (
20140501012201 20366 signed.
BHMei3tCaM9eYTPLRn93c6qp9ADL1Hxy+HlN
cLTyzzC+UxjUoI9O2VI= )
120 DNSKEY 256 3 3 (
BPLuLs4Ylbx3WZ8Ebj6GF+uEfI+J+RcaI1G3
TW4JHqVqeBa0gkPjnCDsK9VeUx5CR8i/T18f
YrOSojvASvdvG+TLNN9Jx+5A7c/43WzDOe2B
jeAlfZSl1Bie/ccGL6W1+lVvlO0OHI54EoKs
KxRub2izdouH4867a8dwahBlm14oWYXjqk3+
/ubDCPdXdTUvvLnDd9zyDpWYBXisb/3F8R1v
IcqyKDfJSTQSofLK+JlD+n7cv7U7pQWQn2qA
t/NkGcwF8EAbiQPmcF1BY6NnEMQ5XxNayAF5
Eza+i/kf3hLtS12cqW8hWm7aRYZWbzC4uUZL
WGK0XfAK2d/vT8ZMZo1oaYEvy3xHwfsFgrFV
qebm2ZFEomHpQ4KOSL1UhVI8uegUgnnovHjC
eS4q72Fh+LZTD8C4
) ; key id = 20366
120 DNSKEY 257 3 3 (
BPLuLs4Ylbx3WZ8Ebj6GF+uEfI+J+RcaI1G3
TW4JHqVqeBa0gkPjnCDsK9VeUx5CR8i/T18f
YrOSojvASvdvG+TLNN9Jx+5A7c/43WzDOe2B
jeAlfZSl1Bie/ccGL6W1+lVvlO0OHI54EoKs
KxRub2izdouH4867a8dwahBlm14oWYXjqk3+
/ubDCPdXdTUvvLnDd9zyDpWYBXisb/3F8R1v
IcqyKDfJSTQSofLK+JlD+n7cv7U7pQWQn2qA
t/NkGcwF8EAbiQPmcF1BY6NnEMQ5XxNayAF5
Eza+i/kf3hLtS12cqW8hWm7aRYZWbzC4uUZL
WGK0XfAK2d/vT8ZMZo1oaYEvy3xHwfsFgrFV
qebm2ZFEomHpQ4KOSL1UhVI8uegUgnnovHjC
eS4q72Fh+LZTD8C4
) ; key id = 20367
120 RRSIG DNSKEY 3 1 120 20820519033608 (
20140501012201 20366 signed.
BBhlUYWd3f00zsSl+UJTxeVZUimQP8iMjf6j
Q7uPoI37BUz9NbZhTCg= )
120 RRSIG DNSKEY 3 1 120 20820519033608 (
20140501012201 20367 signed.
BHPcogpnebYByfzp/KT53GsIiT3yPk/4atwj
NNsPFmVLqb/6yjotWQ0= )
a-only.signed. 120 IN NS 1.0.0.1.signed.
60 NSEC aaaa-only.signed. NS RRSIG NSEC
60 RRSIG NSEC 3 2 60 20820519033608 (
20140501012201 20366 signed.
BF1Wt+NtJ1Cuoj1H1D9BCS33ImdgkZeyEKuz
8FT66wAFigkXQ1zNofw= )
aaaa-only.signed. 120 IN AAAA 2001:db8::2
120 RRSIG AAAA 3 2 120 20820519033608 (
20140501012201 20366 signed.
BJFHllFzB91E/NWN1KjgmLuXQgDsGqBOuMuk
eNEc0RmToi3wV+TZwt0= )
60 NSEC dual.signed. AAAA RRSIG NSEC
60 RRSIG NSEC 3 2 60 20820519033608 (
20140501012201 20366 signed.
BGfjvmN9LAHU2r9hXKgZRwyL4mZt4N/uBR1y
TKOGBOyx6b0hVHmGPnw= )
dual.signed. 120 IN A 1.0.0.3
120 RRSIG A 3 2 120 20820519033608 (
20140501012201 20366 signed.
BEHMwkdjcbK++gvR/a36hSHf+uLwNUpbwKiw
PpmEz0be+gavwU0qSmY= )
120 AAAA 2001:db8::3
120 RRSIG AAAA 3 2 120 20820519033608 (
20140501012201 20366 signed.
BPKR07CI/4KFd5L7aLMvQifiYDb1EbAP2BIp
SgErW40i5qkFz9u588s= )
60 NSEC mx.signed. A AAAA RRSIG NSEC
60 RRSIG NSEC 3 2 60 20820519033608 (
20140501012201 20366 signed.
BGJ0Ei6QbWJva3NwVSE/Bojcodsbu0sSVVLJ
QE8F5puTbx6qZ2dqrv4= )
mx.signed. 120 IN A 1.0.0.3
120 RRSIG A 3 2 120 20820519033608 (
20140501012201 20366 signed.
BOyL/Pi5Ih/Xt3b1icWIqoagM7ZKXzPKrmbQ
VOZIvn0nmCj/gjShka4= )
120 AAAA 2001:db8::3
120 RRSIG AAAA 3 2 120 20820519033608 (
20140501012201 20366 signed.
BL1n80SXkdcDRaFa66xHIrMMFiYUnrM0zoGj
ArI7APPAxthUKN+ptAQ= )
60 NSEC signed. A AAAA RRSIG NSEC
60 RRSIG NSEC 3 2 60 20820519033608 (
20140501012201 20366 signed.
BG6+zIJRFY4HqyUzPLcErSJibgtxxqfuHGYP
kXX9V0coQ3zBC92s2jo= )

11
bin/tests/system/filter-aaaa/setup.sh
View File

@ -19,12 +19,5 @@ copy_setports ns2/named1.conf.in ns2/named.conf
copy_setports ns3/named1.conf.in ns3/named.conf copy_setports ns3/named1.conf.in ns3/named.conf
copy_setports ns4/named1.conf.in ns4/named.conf copy_setports ns4/named1.conf.in ns4/named.conf
if $SHELL ../testcrypto.sh -q (cd ns1 && $SHELL -e sign.sh)
then (cd ns4 && $SHELL -e sign.sh)
(cd ns1 && $SHELL -e sign.sh)
(cd ns4 && $SHELL -e sign.sh)
else
echo_i "using pre-signed zones"
cp -f ns1/signed.db.presigned ns1/signed.db.signed
cp -f ns4/signed.db.presigned ns4/signed.db.signed
fi

15
bin/tests/system/inline/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

15
bin/tests/system/keymgr/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

27
bin/tests/system/legacy/tests.sh
View File

@ -142,25 +142,20 @@ grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
if $SHELL ../testcrypto.sh > /dev/null 2>&1 $PERL $SYSTEMTESTTOP/stop.pl . ns1
then
$PERL $SYSTEMTESTTOP/stop.pl . ns1
copy_setports ns1/named2.conf.in ns1/named.conf copy_setports ns1/named2.conf.in ns1/named.conf
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns1 $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns1
n=`expr $n + 1` n=`expr $n + 1`
echo_i "checking recursive lookup to edns 512 + no tcp + trust anchor fails ($n)" echo_i "checking recursive lookup to edns 512 + no tcp + trust anchor fails ($n)"
ret=0 ret=0
$DIG $DIGOPTS +tcp @10.53.0.1 edns512-notcp soa > dig.out.test$n $DIG $DIGOPTS +tcp @10.53.0.1 edns512-notcp soa > dig.out.test$n
grep "status: SERVFAIL" dig.out.test$n > /dev/null || grep "status: SERVFAIL" dig.out.test$n > /dev/null ||
grep "connection timed out;" dig.out.test$n > /dev/null || ret=1 grep "connection timed out;" dig.out.test$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
else
echo_i "skipping checking recursive lookup to edns 512 + no tcp + trust anchor fails as crypto not enabled"
fi
echo_i "exit status: $status" echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1 [ $status -eq 0 ] || exit 1

15
bin/tests/system/masterformat/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

15
bin/tests/system/metadata/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

15
bin/tests/system/mkeys/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

2
bin/tests/system/nsupdate/prereq.sh
View File

@ -23,4 +23,4 @@ then
fi fi
fi fi
exec $SHELL ../testcrypto.sh exit 0

15
bin/tests/system/pending/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

16
bin/tests/system/pkcs11/prereq.sh
View File

@ -13,24 +13,14 @@ SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
echo "I:(Native PKCS#11)" >&2 echo "I:(Native PKCS#11)" >&2
rsafail=0 eccfail=0 ecxfail=0 ecxfail=0
$SHELL ../testcrypto.sh -q rsa || rsafail=1
$SHELL ../testcrypto.sh -q ecdsa || eccfail=1
$SHELL ../testcrypto.sh -q eddsa || ecxfail=1 $SHELL ../testcrypto.sh -q eddsa || ecxfail=1
if [ $rsafail = 1 -a $eccfail = 1 ]; then
echo "I:This test requires PKCS#11 support for either RSA or ECDSA cryptography." >&2
exit 255
fi
rm -f supported rm -f supported
touch supported touch supported
if [ $rsafail = 0 ]; then echo rsa >> supported
echo rsa >> supported echo ecc >> supported
fi
if [ $eccfail = 0 ]; then
echo ecc >> supported
fi
if [ $ecxfail = 0 ]; then if [ $ecxfail = 0 ]; then
echo ecx >> supported echo ecx >> supported
fi fi

17
bin/tests/system/pkcs11ssl/clean.sh
View File

@ -1,17 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
rm -f K* ns1/K* keyset-* dsset-* ns1/*.db ns1/*.signed ns1/*.jnl
rm -f dig.out pin
rm -f ns1/*.key ns1/named.memstats
rm -f supported
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*

22
bin/tests/system/pkcs11ssl/ns1/example.db.in
View File

@ -1,22 +0,0 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 300 ; 5 minutes
@ IN SOA ns root (
2000082401 ; serial
1800 ; refresh (30 minutes)
1800 ; retry (30 minutes)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns
ns A 10.53.0.1
txt TXT "recursed"

46
bin/tests/system/pkcs11ssl/ns1/named.conf
View File

@ -1,46 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
controls { /* empty */ };
options {
query-source address 10.53.0.1;
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
dnssec-validation no;
notify no;
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-md5;
};
controls {
inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
};
zone "rsa.example." {
type master;
file "rsa.example.db.signed";
allow-update { any; };
};
zone "ecc.example." {
type master;
file "ecc.example.db.signed";
allow-update { any; };
};

16
bin/tests/system/pkcs11ssl/prereq.sh
View File

@ -1,16 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
echo "I:(PKCS#11 via OpenSSL)" >&2
exec $SHELL ../testcrypto.sh rsa

40
bin/tests/system/pkcs11ssl/setup.sh
View File

@ -1,40 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
infile=ns1/example.db.in
/bin/echo -n ${HSMPIN:-1234}> pin
PWD=`pwd`
zone=rsa.example
zonefile=ns1/rsa.example.db
$PK11GEN -a RSA -b 1024 -l robie-rsa-zsk1 -i 01
$PK11GEN -a RSA -b 1024 -l robie-rsa-zsk2 -i 02
$PK11GEN -a RSA -b 2048 -l robie-rsa-ksk
rsazsk1=`$KEYFRLAB -a RSASHA1 \
-l "robie-rsa-zsk1" rsa.example`
rsazsk2=`$KEYFRLAB -a RSASHA1 \
-l "robie-rsa-zsk2" rsa.example`
rsaksk=`$KEYFRLAB -a RSASHA1 -f ksk \
-l "robie-rsa-ksk" rsa.example`
cat $infile $rsazsk1.key $rsaksk.key > $zonefile
$SIGNER -a -P -g -o $zone $zonefile \
> /dev/null 2> signer.err || cat signer.err
cp $rsazsk2.key ns1/rsa.key
mv Krsa* ns1
rm -f signer.err

62
bin/tests/system/pkcs11ssl/tests.sh
View File

@ -1,62 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
status=0
ret=0
alg=rsa
zonefile=ns1/rsa.example.db
echo "I:testing PKCS#11 key generation (rsa)"
count=`$PK11LIST | grep robie-rsa-ksk | wc -l`
if [ $count != 2 ]; then echo "I:failed"; status=1; fi
echo "I:testing offline signing with PKCS#11 keys (rsa)"
count=`grep RRSIG $zonefile.signed | wc -l`
if [ $count != 12 ]; then echo "I:failed"; status=1; fi
echo "I:testing inline signing with PKCS#11 keys (rsa)"
$NSUPDATE > /dev/null <<END || status=1
server 10.53.0.1 5300
ttl 300
zone rsa.example.
update add `grep -v ';' ns1/${alg}.key`
send
END
echo "I:waiting 20 seconds for key changes to take effect"
sleep 20
$DIG $DIGOPTS ns.rsa.example. @10.53.0.1 a > dig.out || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
count=`grep RRSIG dig.out | wc -l`
if [ $count != 4 ]; then echo "I:failed"; status=1; fi
echo "I:testing PKCS#11 key destroy (rsa)"
ret=0
$PK11DEL -l robie-rsa-ksk -w0 > /dev/null 2>&1 || ret=1
$PK11DEL -l robie-rsa-zsk1 -w0 > /dev/null 2>&1 || ret=1
$PK11DEL -i $id -w0 > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
count=`$PK11LIST | grep robie-rsa | wc -l`
if [ $count != 0 ]; then echo "I:failed"; fi
status=`expr $status + $count`
echo "I:exit status: $status"
[ $status -eq 0 ] || exit 1

1
bin/tests/system/pkcs11ssl/usepkcs11
View File

@ -1 +0,0 @@
This test relies on PKCS#11!

4
bin/tests/system/qmin/prereq.sh
View File

@ -12,8 +12,6 @@
SYSTEMTESTTOP=.. SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
$SHELL ../testcrypto.sh || exit 255
if test -n "$PYTHON" if test -n "$PYTHON"
then then
if $PYTHON -c "import dns" 2> /dev/null if $PYTHON -c "import dns" 2> /dev/null
@ -27,3 +25,5 @@ else
echo_i "This test requires Python and the dnspython module." >&2 echo_i "This test requires Python and the dnspython module." >&2
exit 1 exit 1
fi fi
exit 0

15
bin/tests/system/redirect/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

2
bin/tests/system/resolver/prereq.sh
View File

@ -26,4 +26,4 @@ else
exit 1 exit 1
fi fi
exec $SHELL ../testcrypto.sh exit 0

15
bin/tests/system/rootkeysentinel/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

15
bin/tests/system/rpz/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

4
bin/tests/system/rpzrecurse/prereq.sh
View File

@ -12,8 +12,6 @@
SYSTEMTESTTOP=.. SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
$SHELL ../testcrypto.sh || exit 255
if $PERL -e 'use Net::DNS;' 2>/dev/null if $PERL -e 'use Net::DNS;' 2>/dev/null
then then
: :
@ -21,3 +19,5 @@ else
echo "I:This test requires the Net::DNS library." >&2 echo "I:This test requires the Net::DNS library." >&2
exit 1 exit 1
fi fi
exit 0

15
bin/tests/system/smartsign/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

15
bin/tests/system/staticstub/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

15
bin/tests/system/synthfromdnssec/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

15
bin/tests/system/tkey/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

13
bin/tests/system/tsig/tests.sh
View File

@ -208,19 +208,6 @@ if [ $ret -eq 1 ] ; then
echo_i "failed"; status=1 echo_i "failed"; status=1
fi fi
if $SHELL ../testcrypto.sh -q
then
echo_i "check that multiple dnssec-keygen calls don't emit dns_dnssec_findmatchingkeys warning"
ret=0
$KEYGEN -a dh -b 128 -n host example.net > keygen.out1 2>&1 || ret=1
grep dns_dnssec_findmatchingkeys keygen.out1 > /dev/null && ret=1
$KEYGEN -a dh -b 128 -n host example.net > keygen.out2 2>&1 || ret=1
grep dns_dnssec_findmatchingkeys keygen.out2 > /dev/null && ret=1
if [ $ret -eq 1 ] ; then
echo_i "failed"; status=1
fi
fi
echo_i "check that dnssec-keygen won't generate TSIG keys" echo_i "check that dnssec-keygen won't generate TSIG keys"
ret=0 ret=0
$KEYGEN -a hmac-sha256 -b 128 -n host example.net > keygen.out3 2>&1 && ret=1 $KEYGEN -a hmac-sha256 -b 128 -n host example.net > keygen.out3 2>&1 && ret=1

3
bin/tests/system/tsiggss/prereq.sh
View File

@ -18,5 +18,4 @@ $FEATURETEST --gssapi || {
exit 255 exit 255
} }
# ... and crypto exit 0
exec $SHELL ../testcrypto.sh

15
bin/tests/system/unknown/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

15
bin/tests/system/verify/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

25
bin/tests/system/views/tests.sh
View File

@ -115,20 +115,17 @@ fi
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
if $SHELL ../testcrypto.sh echo_i "verifying inline zones work with views"
then ret=0
echo_i "verifying inline zones work with views" $DIG -p ${PORT} @10.53.0.2 -b 10.53.0.2 +dnssec DNSKEY inline > dig.out.internal
ret=0 $DIG -p ${PORT} @10.53.0.2 -b 10.53.0.5 +dnssec DNSKEY inline > dig.out.external
$DIG -p ${PORT} @10.53.0.2 -b 10.53.0.2 +dnssec DNSKEY inline > dig.out.internal grep "ANSWER: 4," dig.out.internal > /dev/null || ret=1
$DIG -p ${PORT} @10.53.0.2 -b 10.53.0.5 +dnssec DNSKEY inline > dig.out.external grep "ANSWER: 4," dig.out.external > /dev/null || ret=1
grep "ANSWER: 4," dig.out.internal > /dev/null || ret=1 int=`awk '$4 == "DNSKEY" { print $8 }' dig.out.internal | sort`
grep "ANSWER: 4," dig.out.external > /dev/null || ret=1 ext=`awk '$4 == "DNSKEY" { print $8 }' dig.out.external | sort`
int=`awk '$4 == "DNSKEY" { print $8 }' dig.out.internal | sort` test "$int" != "$ext" || ret=1
ext=`awk '$4 == "DNSKEY" { print $8 }' dig.out.external | sort` if [ $ret != 0 ]; then echo_i "failed"; fi
test "$int" != "$ext" || ret=1 status=`expr $status + $ret`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
fi
echo_i "exit status: $status" echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1 [ $status -eq 0 ] || exit 1

15
bin/tests/system/wildcard/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh

15
bin/tests/system/zonechecks/prereq.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
exec $SHELL ../testcrypto.sh