diff --git a/bin/tests/system/inline/checkdsa.sh.in b/bin/tests/system/inline/checkdsa.sh.in index f9bdcd4f7c..8c1f312873 100644 --- a/bin/tests/system/inline/checkdsa.sh.in +++ b/bin/tests/system/inline/checkdsa.sh.in @@ -12,9 +12,11 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -if test "@CHECK_DSA@" -eq 1 -then - exit 0 -else +if [ "@CHECK_DSA@" -eq 0 ]; then exit 1 fi +if [ ! -r /dev/random -o ! -r /dev/urandom ]; then + exit 1 +fi + +exit 0 diff --git a/bin/tests/system/inline/clean.sh b/bin/tests/system/inline/clean.sh index eb6fe6ff6c..f5fc31da78 100644 --- a/bin/tests/system/inline/clean.sh +++ b/bin/tests/system/inline/clean.sh @@ -75,7 +75,7 @@ rm -f ns5/bits.bk.jnl rm -f ns5/bits.bk.signed rm -f ns5/bits.bk.signed.jnl rm -f */*.jbk -rm -f dig.out.ns*.test* +rm -f dig.out.ns* rm -f signing.out* rm -f freeze.test* rm -f thaw.test* @@ -84,3 +84,4 @@ rm -f ns3/test-?.bk rm -f ns3/test-?.bk.signed rm -f ns3/test-?.bk.signed.jnl rm -f import.key Kimport* +rm -f checkgost checkdsa checkecdsa diff --git a/bin/tests/system/inline/ns3/sign.sh b/bin/tests/system/inline/ns3/sign.sh index abb6882910..8ffb5984aa 100755 --- a/bin/tests/system/inline/ns3/sign.sh +++ b/bin/tests/system/inline/ns3/sign.sh @@ -102,40 +102,44 @@ zone=externalkey rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -for alg in ECDSAP256SHA256 NSEC3RSASHA1 DSA ECCGOST +for alg in ECCGOST ECDSAP256SHA256 NSEC3RSASHA1 DSA do + case $alg in + DSA) + sh ../checkdsa.sh 2> /dev/null || continue + checkfile=../checkdsa + touch $checkfile ;; + ECCGOST) + fail=0 + $KEYGEN -q -r $RANDFILE -a eccgost test > /dev/null 2>&1 || fail=1 + rm -f Ktest* + [ $fail != 0 ] && continue + checkfile=../checkgost + touch $checkfile ;; + ECDSAP256SHA256) + fail=0 + $KEYGEN -q -r $RANDFILE -a ecdsap256sha256 test > /dev/null 2>&1 || fail=1 + rm -f Ktest* + [ $fail != 0 ] && continue + sh ../checkdsa.sh 2> /dev/null || continue + checkfile=../checkecdsa + touch $checkfile ;; + *) ;; + esac -if test $alg = DSA -then - sh ../checkdsa.sh 2> /dev/null || continue -fi -if test $alg = ECCGOST -then - sh ../../gost/prereq.sh 2> /dev/null || continue -fi -if test $alg = ECDSAP256SHA256 -then - sh ../../ecdsa/prereq.sh 2> /dev/null || continue - sh ../checkdsa.sh 2> /dev/null || continue -fi + k1=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone` + k2=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone` + k3=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone` + k4=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone` + $DSFROMKEY -T 1200 $k4 >> ../ns1/root.db -test $alg = DSA -a ! -r /dev/random -a ! -r /dev/urandom && continue - -k1=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone` -k2=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone` -k3=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone` -k4=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone` -keyname=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone` -keyname=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone` -$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db -rm -f ${k3}.* ${k4}.* - -# -# Convert k1 and k2 in to External Keys. -rm -f $k1.private -mv $k1.key a-file -$IMPORTKEY -P now -D now+3600 -f a-file $zone > /dev/null 2>&1 -rm -f $k2.private -mv $k2.key a-file -$IMPORTKEY -f a-file $zone > /dev/null 2>&1 + # Convert k1 and k2 in to External Keys. + rm -f $k1.private + mv $k1.key a-file + $IMPORTKEY -P now -D now+3600 -f a-file $zone > /dev/null 2>&1 || + ( echo "importkey failed: $alg"; rm -f $checkfile ) + rm -f $k2.private + mv $k2.key a-file + $IMPORTKEY -f a-file $zone > /dev/null 2>&1 || + ( echo "importkey failed: $alg"; rm -f $checkfile ) done diff --git a/bin/tests/system/inline/tests.sh b/bin/tests/system/inline/tests.sh index 25b6d6c188..330cf147f0 100755 --- a/bin/tests/system/inline/tests.sh +++ b/bin/tests/system/inline/tests.sh @@ -846,7 +846,7 @@ $DIG $DIGOPTS @10.53.0.2 -p 5300 test-$zone SOA > dig.out.ns2.$zone.test$n grep "status: NOERROR," dig.out.ns2.$zone.test$n > /dev/null || { ret=1; cat dig.out.ns2.$zone.test$n; } $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone test-$zone \ '{ type slave; masters { 10.53.0.2; }; file "'test-$zone.bk'"; inline-signing yes; auto-dnssec maintain; allow-transfer { any; }; };' -$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 delzone test-$zone +$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 delzone test-$zone > /dev/null 2>&1 done n=`expr $n + 1` @@ -855,22 +855,9 @@ ret=0 $DIG $DIGOPTS @10.53.0.3 -p 5300 dnskey externalkey > dig.out.ns3.test$n for alg in 3 7 12 13 do - if test $alg = 3 - then - sh checkdsa.sh 2>/dev/null || continue; - fi - if test $alg = 12 - then - sh ../gost/prereq.sh 2>/dev/null || continue; - fi - if test $alg = 13 - then - sh ../ecdsa/prereq.sh 2>/dev/null || continue; - # dsa and ecdsa both require a source of randomness when - # generating signatures - sh checkdsa.sh 2>/dev/null || continue; - fi - test $alg = 3 -a ! -r /dev/random -a ! -r /dev/urandom && continue + [ $alg = 3 -a ! -f checkdsa ] && continue; + [ $alg = 12 -a ! -f checkgost ] && continue; + [ $alg = 13 -a ! -f checkecdsa ] && continue; case $alg in 3) echo "I: checking DSA";; diff --git a/configure b/configure index 8544119a72..bf11302e53 100755 --- a/configure +++ b/configure @@ -803,6 +803,7 @@ THREADOPTSRCS THREADOPTOBJS ISC_PLATFORM_USETHREADS ALWAYS_DEFINES +CHECK_DSA DNS_CRYPTO_LIBS DNS_GSSAPI_LIBS DST_GSSAPI_INC @@ -14347,6 +14348,21 @@ $as_echo "using \"$use_randomdev\"" >&6; } ;; esac +# +# Only check dsa signature generation on these platforms when performing +# system tests. +# +CHECK_DSA=0 +if grep "#define PATH_RANDOMDEV " confdefs.h > /dev/null +then + case "$host" in + *darwin*|*freebsd*) + CHECK_DSA=1 + ;; + esac +fi + + # # Do we have arc4random() ? # diff --git a/configure.in b/configure.in index f47d204dd4..5746f99ada 100644 --- a/configure.in +++ b/configure.in @@ -1245,6 +1245,21 @@ case "$use_randomdev" in ;; esac +# +# Only check dsa signature generation on these platforms when performing +# system tests. +# +CHECK_DSA=0 +if grep "#define PATH_RANDOMDEV " confdefs.h > /dev/null +then + case "$host" in + *darwin*|*freebsd*) + CHECK_DSA=1 + ;; + esac +fi +AC_SUBST(CHECK_DSA) + # # Do we have arc4random() ? #