+4645. [bug] Fix PKCS#11 RSA parsing when MD5 is disabled.
+ [RT #45300]
+
--- 9.10.6b1 released ---
4643. [security] An error in TSIG handling could permit unauthorized
# PERFORMANCE OF THIS SOFTWARE.
rm -f K* ns1/K* keyset-* dsset-* ns1/*.db ns1/*.signed ns1/*.jnl
-rm -f dig.out pin
+rm -f dig.out* pin upd.log*
rm -f ns1/*.key ns1/named.memstats
rm -f supported
echo "I:testing inline signing with PKCS#11 keys ($alg)"
- $NSUPDATE > /dev/null <<END || status=1
+ $DIG $DIGOPTS ns.$alg.example. @10.53.0.1 a > dig.out.$alg.0 || ret=1
+ if [ $ret != 0 ]; then echo "I:failed"; fi
+ status=`expr $status + $ret`
+ count0=`grep RRSIG dig.out.$alg.0 | wc -l`
+
+ $NSUPDATE -v > upd.log.$alg <<END || status=1
server 10.53.0.1 5300
ttl 300
zone $alg.example.
echo "I:waiting 20 seconds for key changes to take effect"
sleep 20
- $DIG $DIGOPTS ns.$alg.example. @10.53.0.1 a > dig.out || ret=1
+ $DIG $DIGOPTS ns.$alg.example. @10.53.0.1 a > dig.out.$alg || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
- count=`grep RRSIG dig.out | wc -l`
- if [ $count != 4 ]; then echo "I:failed"; status=1; fi
+ count=`grep RRSIG dig.out.$alg | wc -l`
+ if [ $count -le $count0 ]; then echo "I:failed"; status=1; fi
echo "I:testing PKCS#11 key destroy ($alg)"
ret=0
goto fail;
}
+#ifdef PK11_MD5_DISABLE
+ check = check_data(priv, alg == DST_ALG_RSA ? DST_ALG_RSASHA1 : alg,
+ ISC_TRUE, external);
+#else
check = check_data(priv, alg, ISC_TRUE, external);
+#endif
if (check < 0) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
projects / thirdparty / bind9.git / commitdiff
