BIND 10 master, updated. e4fe1a798cb7d56561c992662d84a2be46af8ae3 [master] Add ChangeLog for #2762
BIND 10 source code commits
bind10-changes at lists.isc.org
Tue Sep 17 05:07:51 UTC 2013
The branch, master has been updated
via e4fe1a798cb7d56561c992662d84a2be46af8ae3 (commit)
via c543008573eba65567e9c189824322954c6dd43b (commit)
via b5fe9ef4194ec0b3c2cec527834e27e3377d903e (commit)
via 6a7aa9cb237b629b548bbf2d8c4041c8ec2b9a02 (commit)
from 68fc48d1f7b01e65aeaadeeffb08785899b023af (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e4fe1a798cb7d56561c992662d84a2be46af8ae3
Author: Mukund Sivaraman <muks at isc.org>
Date: Tue Sep 17 10:19:36 2013 +0530
[master] Add ChangeLog for #2762
commit c543008573eba65567e9c189824322954c6dd43b
Merge: 68fc48d b5fe9ef
Author: Mukund Sivaraman <muks at isc.org>
Date: Tue Sep 17 10:18:13 2013 +0530
Merge branch 'trac2762'
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 7 +++++++
src/lib/dns/rdata/any_255/tsig_250.cc | 22 ++++++++++++++++------
src/lib/dns/tests/rdata_tsig_unittest.cc | 4 ++++
src/lib/dns/tests/tsigkey_unittest.cc | 11 +++++++++++
src/lib/dns/tsigkey.cc | 12 ++++++++++++
src/lib/dns/tsigkey.h | 1 +
6 files changed, 51 insertions(+), 6 deletions(-)
-----------------------------------------------------------------------
diff --git a/ChangeLog b/ChangeLog
index 5d7bbda..a75d547 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+676. [bug] muks
+ We now also allow the short name ("hmac-md5"), along with the long
+ name ("hmac-md5.sig-alg.reg.int") that was allowed before for
+ HMAC-MD5, so that it is more conveninent to configure TSIG keys
+ using it.
+ (Trac #2762, git c543008573eba65567e9c189824322954c6dd43b)
+
675. [func] vorner
If there's an exception not handled in a Python BIND10 component,
it is now stored in a temporary file and properly logged, instead
diff --git a/src/lib/dns/rdata/any_255/tsig_250.cc b/src/lib/dns/rdata/any_255/tsig_250.cc
index 796e320..3252cfd 100644
--- a/src/lib/dns/rdata/any_255/tsig_250.cc
+++ b/src/lib/dns/rdata/any_255/tsig_250.cc
@@ -26,6 +26,7 @@
#include <dns/rdata.h>
#include <dns/rdataclass.h>
#include <dns/rcode.h>
+#include <dns/tsigkey.h>
#include <dns/tsigerror.h>
#include <dns/rdata/generic/detail/lexer_util.h>
@@ -75,6 +76,9 @@ TSIGImpl*
TSIG::constructFromLexer(MasterLexer& lexer, const Name* origin) {
const Name& algorithm =
createNameFromLexer(lexer, origin ? origin : &Name::ROOT_NAME());
+ const Name& canonical_algorithm_name =
+ (algorithm == TSIGKey::HMACMD5_SHORT_NAME()) ?
+ TSIGKey::HMACMD5_NAME() : algorithm;
const string& time_txt =
lexer.getNextToken(MasterToken::STRING).getString();
@@ -154,8 +158,8 @@ TSIG::constructFromLexer(MasterLexer& lexer, const Name* origin) {
// RFC2845 says Other Data is "empty unless Error == BADTIME".
// However, we don't enforce that.
- return (new TSIGImpl(algorithm, time_signed, fudge, mac, orig_id,
- error, other_data));
+ return (new TSIGImpl(canonical_algorithm_name, time_signed, fudge, mac,
+ orig_id, error, other_data));
}
/// \brief Constructor from string.
@@ -302,8 +306,11 @@ TSIG::TSIG(InputBuffer& buffer, size_t) :
buffer.readData(&other_data[0], other_len);
}
- impl_ = new TSIGImpl(algorithm, time_signed, fudge, mac, original_id,
- error, other_data);
+ const Name& canonical_algorithm_name =
+ (algorithm == TSIGKey::HMACMD5_SHORT_NAME()) ?
+ TSIGKey::HMACMD5_NAME() : algorithm;
+ impl_ = new TSIGImpl(canonical_algorithm_name, time_signed, fudge, mac,
+ original_id, error, other_data);
}
TSIG::TSIG(const Name& algorithm, uint64_t time_signed, uint16_t fudge,
@@ -324,8 +331,11 @@ TSIG::TSIG(const Name& algorithm, uint64_t time_signed, uint16_t fudge,
isc_throw(InvalidParameter,
"TSIG Other data length and data inconsistent");
}
- impl_ = new TSIGImpl(algorithm, time_signed, fudge, mac_size, mac,
- original_id, error, other_len, other_data);
+ const Name& canonical_algorithm_name =
+ (algorithm == TSIGKey::HMACMD5_SHORT_NAME()) ?
+ TSIGKey::HMACMD5_NAME() : algorithm;
+ impl_ = new TSIGImpl(canonical_algorithm_name, time_signed, fudge, mac_size,
+ mac, original_id, error, other_len, other_data);
}
/// \brief The copy constructor.
diff --git a/src/lib/dns/tests/rdata_tsig_unittest.cc b/src/lib/dns/tests/rdata_tsig_unittest.cc
index d351b40..270a1b2 100644
--- a/src/lib/dns/tests/rdata_tsig_unittest.cc
+++ b/src/lib/dns/tests/rdata_tsig_unittest.cc
@@ -143,6 +143,10 @@ TEST_F(Rdata_TSIG_Test, fromText) {
// multi-line rdata
checkFromText_None("hmac-md5.sig-alg.reg.int. ( 1286779327 300 \n"
"0 16020 BADKEY 0 )");
+
+ // short-form HMAC-MD5 name
+ const any::TSIG tsig6("hmac-md5. 1286779327 300 0 16020 BADKEY 0");
+ EXPECT_EQ(0, tsig6.compare(rdata_tsig));
};
TEST_F(Rdata_TSIG_Test, badText) {
diff --git a/src/lib/dns/tests/tsigkey_unittest.cc b/src/lib/dns/tests/tsigkey_unittest.cc
index c1367be..eaf4040 100644
--- a/src/lib/dns/tests/tsigkey_unittest.cc
+++ b/src/lib/dns/tests/tsigkey_unittest.cc
@@ -38,6 +38,7 @@ protected:
TEST_F(TSIGKeyTest, algorithmNames) {
EXPECT_EQ(Name("hmac-md5.sig-alg.reg.int"), TSIGKey::HMACMD5_NAME());
+ EXPECT_EQ(Name("hmac-md5"), TSIGKey::HMACMD5_SHORT_NAME());
EXPECT_EQ(Name("hmac-sha1"), TSIGKey::HMACSHA1_NAME());
EXPECT_EQ(Name("hmac-sha256"), TSIGKey::HMACSHA256_NAME());
EXPECT_EQ(Name("hmac-sha224"), TSIGKey::HMACSHA224_NAME());
@@ -47,6 +48,9 @@ TEST_F(TSIGKeyTest, algorithmNames) {
// Also check conversion to cryptolink definitions
EXPECT_EQ(isc::cryptolink::MD5, TSIGKey(key_name, TSIGKey::HMACMD5_NAME(),
NULL, 0).getAlgorithm());
+ EXPECT_EQ(isc::cryptolink::MD5,
+ TSIGKey(key_name, TSIGKey::HMACMD5_SHORT_NAME(),
+ NULL, 0).getAlgorithm());
EXPECT_EQ(isc::cryptolink::SHA1, TSIGKey(key_name, TSIGKey::HMACSHA1_NAME(),
NULL, 0).getAlgorithm());
EXPECT_EQ(isc::cryptolink::SHA256, TSIGKey(key_name,
@@ -71,6 +75,13 @@ TEST_F(TSIGKeyTest, construct) {
EXPECT_PRED_FORMAT4(UnitTestUtil::matchWireData, secret.c_str(),
secret.size(), key.getSecret(), key.getSecretLength());
+ TSIGKey key_short_md5(key_name, TSIGKey::HMACMD5_SHORT_NAME(),
+ secret.c_str(), secret.size());
+ EXPECT_EQ(key_name, key.getKeyName());
+ EXPECT_EQ(Name("hmac-md5.sig-alg.reg.int"), key.getAlgorithmName());
+ EXPECT_PRED_FORMAT4(UnitTestUtil::matchWireData, secret.c_str(),
+ secret.size(), key.getSecret(), key.getSecretLength());
+
// "unknown" algorithm is only accepted with empty secret.
EXPECT_THROW(TSIGKey(key_name, Name("unknown-alg"),
secret.c_str(), secret.size()),
diff --git a/src/lib/dns/tsigkey.cc b/src/lib/dns/tsigkey.cc
index 7075203..24a6f57 100644
--- a/src/lib/dns/tsigkey.cc
+++ b/src/lib/dns/tsigkey.cc
@@ -36,6 +36,9 @@ namespace {
if (name == TSIGKey::HMACMD5_NAME()) {
return (isc::cryptolink::MD5);
}
+ if (name == TSIGKey::HMACMD5_SHORT_NAME()) {
+ return (isc::cryptolink::MD5);
+ }
if (name == TSIGKey::HMACSHA1_NAME()) {
return (isc::cryptolink::SHA1);
}
@@ -68,6 +71,9 @@ TSIGKey::TSIGKeyImpl {
{
// Convert the key and algorithm names to the canonical form.
key_name_.downcase();
+ if (algorithm == isc::cryptolink::MD5) {
+ algorithm_name_ = TSIGKey::HMACMD5_NAME();
+ }
algorithm_name_.downcase();
}
Name key_name_;
@@ -206,6 +212,12 @@ Name& TSIGKey::HMACMD5_NAME() {
}
const
+Name& TSIGKey::HMACMD5_SHORT_NAME() {
+ static Name alg_name("hmac-md5");
+ return (alg_name);
+}
+
+const
Name& TSIGKey::HMACSHA1_NAME() {
static Name alg_name("hmac-sha1");
return (alg_name);
diff --git a/src/lib/dns/tsigkey.h b/src/lib/dns/tsigkey.h
index b10660c..e623be9 100644
--- a/src/lib/dns/tsigkey.h
+++ b/src/lib/dns/tsigkey.h
@@ -203,6 +203,7 @@ public:
/// We'll add others as we see the need for them.
//@{
static const Name& HMACMD5_NAME(); ///< HMAC-MD5 (RFC2845)
+ static const Name& HMACMD5_SHORT_NAME();
static const Name& HMACSHA1_NAME(); ///< HMAC-SHA1 (RFC4635)
static const Name& HMACSHA256_NAME(); ///< HMAC-SHA256 (RFC4635)
static const Name& HMACSHA224_NAME(); ///< HMAC-SHA256 (RFC4635)
More information about the bind10-changes
mailing list