nsupdate: use FIPS compatible algorithms

HMACMD5 is not permitted in FIPS mode, use HMACSHA256 instead.

diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
index 25c4cb4d8bb0fcef5cf27c3cc521cbdea6a1e8c8..9c78bc55cd0d972a131862c36633f76c85092257 100644 (file)
--- a/bin/tests/system/nsupdate/setup.sh
+++ b/bin/tests/system/nsupdate/setup.sh
@@ -76,7 +76,7 @@ $TSIGKEYGEN ddns-key.example.nil > ns1/ddns.key
 if $FEATURETEST --md5; then
        $TSIGKEYGEN -a hmac-md5 md5-key > ns1/md5.key
 else
-       echo -n > ns1/md5.key
+       echo "/* MD5 NOT SUPPORTED */" > ns1/md5.key
 fi
 $TSIGKEYGEN -a hmac-sha1 sha1-key > ns1/sha1.key
 $TSIGKEYGEN -a hmac-sha224 sha224-key > ns1/sha224.key

diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 6489542348019f005874fcddba864d6020115770..452a1d8ef8e0d6acf44e94e47f482735390e2b60 100755 (executable)
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -985,7 +985,7 @@ fi
 n=$((n + 1))
 ret=0
 echo_i "check TSIG key algorithms (nsupdate -y) ($n)"
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
+for alg in $ALGS; do
     secret=$(sed -n 's/.*secret "\(.*\)";.*/\1/p' ns1/${alg}.key)
     $NSUPDATE -y "hmac-${alg}:${alg}-key:$secret" <<END > /dev/null || ret=1
 server 10.53.0.1 ${PORT}
@@ -994,7 +994,7 @@ send
 END
 done
 sleep 2
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
+for alg in $ALGS; do
     $DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.50 > /dev/null 2>&1 || ret=1
 done
 if [ $ret -ne 0 ]; then