BIND 10 master, updated. e219a9fb24d6efe15066526ded67093f1a59c8ad Merge branch 'trac951'
BIND 10 source code commits
bind10-changes at lists.isc.org
Mon May 30 07:03:58 UTC 2011
The branch, master has been updated
via e219a9fb24d6efe15066526ded67093f1a59c8ad (commit)
via 54c201f10077610d7e09a7787d89d17264761f5d (commit)
via 5637b1961aafcdc6950d22aa7a3637221a57e99a (commit)
via 76ae47d1f6061a09f4a8e20852a9874ea28a4e19 (commit)
via bfaafb81eac3c4ea98cb63e2c0bdb8fc02105b6c (commit)
from 432a1a86cea043993348f31d14628548e267e3b8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e219a9fb24d6efe15066526ded67093f1a59c8ad
Merge: 432a1a86cea043993348f31d14628548e267e3b8 54c201f10077610d7e09a7787d89d17264761f5d
Author: Jelte Jansen <jelte at isc.org>
Date: Mon May 30 08:58:13 2011 +0200
Merge branch 'trac951'
-----------------------------------------------------------------------
Summary of changes:
src/lib/cryptolink/crypto_hmac.cc | 6 +++---
src/lib/cryptolink/tests/Makefile.am | 2 +-
src/lib/cryptolink/tests/crypto_unittests.cc | 2 +-
src/lib/dns/tests/Makefile.am | 6 +++++-
src/lib/dns/tests/tsig_unittest.cc | 23 +++++++++++++++++++++++
5 files changed, 33 insertions(+), 6 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/lib/cryptolink/crypto_hmac.cc b/src/lib/cryptolink/crypto_hmac.cc
index af0c18e..277b036 100644
--- a/src/lib/cryptolink/crypto_hmac.cc
+++ b/src/lib/cryptolink/crypto_hmac.cc
@@ -183,9 +183,9 @@ public:
try {
Botan::SecureVector<Botan::byte> our_mac = hmac_->final();
if (len < getOutputLength()) {
- // Currently we don't support truncated signature. To avoid
- // validating too short signature accidently, we enforce the
- // standard signature size for the moment.
+ // Currently we don't support truncated signature in TSIG (see
+ // #920). To avoid validating too short signature accidently,
+ // we enforce the standard signature size for the moment.
// Once we support truncation correctly, this if-clause should
// (and the capitalized comment above) be removed.
return (false);
diff --git a/src/lib/cryptolink/tests/Makefile.am b/src/lib/cryptolink/tests/Makefile.am
index 1b029d5..c2c2a5c 100644
--- a/src/lib/cryptolink/tests/Makefile.am
+++ b/src/lib/cryptolink/tests/Makefile.am
@@ -16,7 +16,7 @@ TESTS += run_unittests
run_unittests_SOURCES = run_unittests.cc
run_unittests_SOURCES += crypto_unittests.cc
run_unittests_CPPFLAGS = $(AM_CPPFLAGS) $(GTEST_INCLUDES)
-run_unittests_LDFLAGS = $(AM_LDFLAGS) $(GTEST_LDFLAGS)
+run_unittests_LDFLAGS = ${BOTAN_LDFLAGS} $(AM_LDFLAGS) $(GTEST_LDFLAGS)
run_unittests_LDADD = $(GTEST_LDADD)
run_unittests_LDADD += $(top_builddir)/src/lib/cryptolink/libcryptolink.la
run_unittests_LDADD += $(top_builddir)/src/lib/util/unittests/libutil_unittests.la
diff --git a/src/lib/cryptolink/tests/crypto_unittests.cc b/src/lib/cryptolink/tests/crypto_unittests.cc
index 339eb1b..9cc4a14 100644
--- a/src/lib/cryptolink/tests/crypto_unittests.cc
+++ b/src/lib/cryptolink/tests/crypto_unittests.cc
@@ -473,7 +473,7 @@ TEST(CryptoLinkTest, HMAC_SHA256_RFC4231_SIGN) {
//
// Test values taken from RFC 4231, test optional algorithm 224,384,512
//
-TEST(CryptoLinkTest, DISABLED_HMAC_SHA224_RFC4231_SIGN) {
+TEST(CryptoLinkTest, HMAC_SHA224_RFC4231_SIGN) {
const uint8_t hmac_expected1[] = {
0x89,0x6f,0xb1,0x12,0x8a,0xbb,0xdf,0x19,0x68,0x32,0x10,0x7c,
0xd4,0x9d,0xf3,0x3f,0x47,0xb4,0xb1,0x16,0x99,0x12,0xba,0x4f,
diff --git a/src/lib/dns/tests/Makefile.am b/src/lib/dns/tests/Makefile.am
index b0a9672..3a249c1 100644
--- a/src/lib/dns/tests/Makefile.am
+++ b/src/lib/dns/tests/Makefile.am
@@ -53,7 +53,11 @@ run_unittests_SOURCES += tsigkey_unittest.cc
run_unittests_SOURCES += tsigrecord_unittest.cc
run_unittests_SOURCES += run_unittests.cc
run_unittests_CPPFLAGS = $(AM_CPPFLAGS) $(GTEST_INCLUDES)
-run_unittests_LDFLAGS = $(AM_LDFLAGS) $(GTEST_LDFLAGS)
+# We shouldn't need to include BOTAN_LDFLAGS here, but there
+# is one test system where the path for GTEST_LDFLAGS contains
+# an older version of botan, and somehow that version gets
+# linked if we don't
+run_unittests_LDFLAGS = $(AM_LDFLAGS) $(BOTAN_LDFLAGS) $(GTEST_LDFLAGS)
run_unittests_LDADD = $(GTEST_LDADD)
run_unittests_LDADD += $(top_builddir)/src/lib/dns/libdns++.la
run_unittests_LDADD += $(top_builddir)/src/lib/util/libutil.la
diff --git a/src/lib/dns/tests/tsig_unittest.cc b/src/lib/dns/tests/tsig_unittest.cc
index 55c3ac2..ba17e70 100644
--- a/src/lib/dns/tests/tsig_unittest.cc
+++ b/src/lib/dns/tests/tsig_unittest.cc
@@ -425,6 +425,29 @@ TEST_F(TSIGTest, signUsingHMACSHA1) {
}
}
+TEST_F(TSIGTest, signUsingHMACSHA224) {
+ isc::util::detail::gettimeFunction = testGetTime<0x4dae7d5f>;
+
+ secret.clear();
+ decodeBase64("MA+QDhXbyqUak+qnMFyTyEirzng=", secret);
+ TSIGContext sha1_ctx(TSIGKey(test_name, TSIGKey::HMACSHA224_NAME(),
+ &secret[0], secret.size()));
+
+ const uint16_t sha1_qid = 0x0967;
+ const uint8_t expected_mac[] = {
+ 0x3b, 0x93, 0xd3, 0xc5, 0xf9, 0x64, 0xb9, 0xc5, 0x00, 0x35,
+ 0x02, 0x69, 0x9f, 0xfc, 0x44, 0xd6, 0xe2, 0x66, 0xf4, 0x08,
+ 0xef, 0x33, 0xa2, 0xda, 0xa1, 0x48, 0x71, 0xd3
+ };
+ {
+ SCOPED_TRACE("Sign test using HMAC-SHA1");
+ commonSignChecks(createMessageAndSign(sha1_qid, test_name, &sha1_ctx),
+ sha1_qid, 0x4dae7d5f, expected_mac,
+ sizeof(expected_mac), 0, 0, NULL,
+ TSIGKey::HMACSHA224_NAME());
+ }
+}
+
// The first part of this test checks verifying the signed query used for
// the "sign" test.
// The second part of this test generates a signed response to the signed
More information about the bind10-changes
mailing list