+12 February 2020: Wouter
+ - Fix with libnettle make test with dsa disabled.
+
10 February 2020: George
- Document 'ub_result.was_ratelimited' in libunbound.
- Fix use after free on log-identity after a reload; Fixes #163.
OUTYY(("P(server_fake_dsa:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
yyerror("expected yes or no.");
-#ifdef HAVE_SSL
+#if defined(HAVE_SSL) || defined(HAVE_NETTLE)
else fake_dsa = (strcmp((yyvsp[0].str), "yes")==0);
if(fake_dsa)
log_warn("test option fake_dsa is enabled");
OUTYY(("P(server_fake_sha1:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
yyerror("expected yes or no.");
-#ifdef HAVE_SSL
+#if defined(HAVE_SSL) || defined(HAVE_NETTLE)
else fake_sha1 = (strcmp((yyvsp[0].str), "yes")==0);
if(fake_sha1)
log_warn("test option fake_sha1 is enabled");
OUTYY(("P(server_fake_dsa:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
-#ifdef HAVE_SSL
+#if defined(HAVE_SSL) || defined(HAVE_NETTLE)
else fake_dsa = (strcmp($2, "yes")==0);
if(fake_dsa)
log_warn("test option fake_dsa is enabled");
OUTYY(("P(server_fake_sha1:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
-#ifdef HAVE_SSL
+#if defined(HAVE_SSL) || defined(HAVE_NETTLE)
else fake_sha1 = (strcmp($2, "yes")==0);
if(fake_sha1)
log_warn("test option fake_sha1 is enabled");
#error "Need crypto library to do digital signature cryptography"
#endif
+/** fake DSA support for unit tests */
+int fake_dsa = 0;
+/** fake SHA1 support for unit tests */
+int fake_sha1 = 0;
+
/* OpenSSL implementation */
#ifdef HAVE_SSL
#ifdef HAVE_OPENSSL_ERR_H
#include <openssl/engine.h>
#endif
-/** fake DSA support for unit tests */
-int fake_dsa = 0;
-/** fake SHA1 support for unit tests */
-int fake_sha1 = 0;
-
/**
* Output a libcrypto openssl error to the logfile.
* @param str: string to add to it.
{
/* uses libnettle */
switch(id) {
-#if defined(USE_DSA) && defined(USE_SHA1)
case LDNS_DSA:
case LDNS_DSA_NSEC3:
+#if defined(USE_DSA) && defined(USE_SHA1)
+ return 1;
+#else
+ if(fake_dsa || fake_sha1) return 1;
+ return 0;
#endif
-#ifdef USE_SHA1
case LDNS_RSASHA1:
case LDNS_RSASHA1_NSEC3:
+#ifdef USE_SHA1
+ return 1;
+#else
+ if(fake_sha1) return 1;
+ return 0;
#endif
#ifdef USE_SHA2
case LDNS_RSASHA256:
return sec_status_bogus;
}
+#ifndef USE_DSA
+ if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) &&(fake_dsa||fake_sha1))
+ return sec_status_secure;
+#endif
+#ifndef USE_SHA1
+ if(fake_sha1 && (algo == LDNS_DSA || algo == LDNS_DSA_NSEC3 || algo == LDNS_RSASHA1 || algo == LDNS_RSASHA1_NSEC3))
+ return sec_status_secure;
+#endif
+
switch(algo) {
#if defined(USE_DSA) && defined(USE_SHA1)
case LDNS_DSA:
projects / thirdparty / unbound.git / commitdiff
