+3431. [bug] ddns-confgen: Some valid key algorithms were
+ not accepted. [RT #31927]
+
3430. [bug] win32: isc_time_formatISO8601 was missing the
'T' between the date and time. [RT #32044]
switch (alg) {
case DST_ALG_HMACMD5:
+ case DST_ALG_HMACSHA512:
if (keysize < 1 || keysize > 512)
fatal("keysize %d out of range (must be 1-512)\n",
keysize);
fatal("keysize %d out of range (must be 1-256)\n",
keysize);
break;
+ case DST_ALG_HMACSHA1:
+ if (keysize < 1 || keysize > 160)
+ fatal("keysize %d out of range (must be 1-160)\n",
+ keysize);
+ break;
+ case DST_ALG_HMACSHA224:
+ if (keysize < 1 || keysize > 224)
+ fatal("keysize %d out of range (must be 1-224)\n",
+ keysize);
+ break;
+ case DST_ALG_HMACSHA384:
+ if (keysize < 1 || keysize > 384)
+ fatal("keysize %d out of range (must be 1-384)\n",
+ keysize);
+ break;
default:
fatal("unsupported algorithm %d\n", alg);
}
#
rm -f ns1/*.jnl ns2/*.jnl
-rm -f ns1/example.db ns1/unixtime.db ns1/update.db ns1/other.db ns1/ddns.key
+rm -f ns1/example.db ns1/unixtime.db ns1/update.db ns1/other.db ns1/keytests.db
+rm -f ns1/md5.key ns1/sha1.key ns1/sha224.key ns1/sha256.key ns1/sha384.key
+rm -f ns1/sha512.key ns1/ddns.key
rm -f nsupdate.out
rm -f random.data
rm -f ns2/example.bk
serial-update-method unixtime;
};
+include "md5.key";
+include "sha1.key";
+include "sha224.key";
+include "sha256.key";
+include "sha384.key";
+include "sha512.key";
+
+zone "keytests.nil" {
+ type master;
+ file "keytests.db";
+ update-policy {
+ grant md5-key name md5.keytests.nil. ANY;
+ grant sha1-key name sha1.keytests.nil. ANY;
+ grant sha224-key name sha224.keytests.nil. ANY;
+ grant sha256-key name sha256.keytests.nil. ANY;
+ grant sha384-key name sha384.keytests.nil. ANY;
+ grant sha512-key name sha512.keytests.nil. ANY;
+ };
+};
cp -f ns1/example1.db ns1/example.db
sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db
sed 's/example.nil/unixtime.nil/g' ns1/example1.db > ns1/unixtime.db
+sed 's/example.nil/keytests.nil/g' ns1/example1.db > ns1/keytests.db
cp -f ns3/example.db.in ns3/example.db
# update_test.pl has its own zone file because it
../../../tools/genrandom 400 random.data
$DDNSCONFGEN -q -r random.data -z example.nil > ns1/ddns.key
+$DDNSCONFGEN -q -r random.data -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
+$DDNSCONFGEN -q -r random.data -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key
+$DDNSCONFGEN -q -r random.data -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
+$DDNSCONFGEN -q -r random.data -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
+$DDNSCONFGEN -q -r random.data -a hmac-sha384 -k sha384-key -z keytests.nil > ns1/sha384.key
+$DDNSCONFGEN -q -r random.data -a hmac-sha512 -k sha512-key -z keytests.nil > ns1/sha512.key
+
(cd ns3; sh -e sign.sh)
status=1
fi
+n=`expr $n + 1`
+ret=0
+echo "I:check TSIG key algorithms ($n)"
+for alg in md5 sha1 sha224 sha256 sha384 sha512; do
+ $NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
+server 10.53.0.1 5300
+update add ${alg}.keytests.nil. 600 A 10.10.10.3
+send
+END
+done
+sleep 2
+for alg in md5 sha1 sha224 sha256 sha384 sha512; do
+ $DIG +short @10.53.0.1 -p 5300 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
+done
+if [ $ret -ne 0 ]; then
+ echo "I:failed"
+ status=1
+fi
+
echo "I:exit status: $status"
exit $status