diff --git a/CHANGES b/CHANGES index 49a222655a..f2789a4e73 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +5918. [test] Convert system tests to use a default HMAC algorithm + where the test is not HMAC specific. [GL #3433] + 5917. [bug] Update ifconfig.sh script as is miscomputed interface identifiers when destroying interfaces. [GL #3061] diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in index 745048af40..682ba97f57 100644 --- a/bin/tests/system/acl/ns2/named1.conf.in +++ b/bin/tests/system/acl/ns2/named1.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { @@ -35,12 +35,12 @@ options { }; key one { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; key two { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in index 21aa991566..7b1cea6fcd 100644 --- a/bin/tests/system/acl/ns2/named2.conf.in +++ b/bin/tests/system/acl/ns2/named2.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { @@ -35,12 +35,12 @@ options { }; key one { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; key two { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in index 3208c92096..6b35ba5a98 100644 --- a/bin/tests/system/acl/ns2/named3.conf.in +++ b/bin/tests/system/acl/ns2/named3.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { @@ -35,17 +35,17 @@ options { }; key one { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; key two { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; key three { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in index 14e82ed266..b23a1cab58 100644 --- a/bin/tests/system/acl/ns2/named4.conf.in +++ b/bin/tests/system/acl/ns2/named4.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { @@ -35,12 +35,12 @@ options { }; key one { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; key two { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in index f43f33cba8..52791aa2a1 100644 --- a/bin/tests/system/acl/ns2/named5.conf.in +++ b/bin/tests/system/acl/ns2/named5.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { @@ -37,12 +37,12 @@ options { }; key one { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; key two { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; diff --git a/bin/tests/system/acl/ns3/named.conf.in b/bin/tests/system/acl/ns3/named.conf.in index fceed385ae..396b1a9eb1 100644 --- a/bin/tests/system/acl/ns3/named.conf.in +++ b/bin/tests/system/acl/ns3/named.conf.in @@ -31,5 +31,5 @@ controls { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/acl/ns4/named.conf.in b/bin/tests/system/acl/ns4/named.conf.in index 6389c33b3c..951c61e8f5 100644 --- a/bin/tests/system/acl/ns4/named.conf.in +++ b/bin/tests/system/acl/ns4/named.conf.in @@ -31,7 +31,7 @@ controls { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; zone "existing" { diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh index 9ee39843ae..fe54ef57f1 100644 --- a/bin/tests/system/acl/tests.sh +++ b/bin/tests/system/acl/tests.sh @@ -23,14 +23,14 @@ echo_i "testing basic ACL processing" # key "one" should fail t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } # any other key should be fine t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } copy_setports ns2/named2.conf.in ns2/named.conf @@ -40,18 +40,18 @@ sleep 5 # prefix 10/8 should fail t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } # any other address should work, as long as it sends key "one" t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } echo_i "testing nested ACL processing" @@ -63,31 +63,31 @@ sleep 5 # should succeed t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 10.53.0.2 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should succeed t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 10.53.0.2 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should succeed t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should succeed t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # but only one or the other should fail t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } t=`expr $t + 1` @@ -109,31 +109,31 @@ sleep 5 # should succeed t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 10.53.0.2 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should succeed t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; } # should fail t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 10.53.0.2 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } # should fail t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 10.53.0.1 axfr -y "${DEFAULT_HMAC}:two:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } # should fail t=`expr $t + 1` $DIG $DIGOPTS tsigzone. \ - @10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 > dig.out.${t} + @10.53.0.2 -b 10.53.0.3 axfr -y "${DEFAULT_HMAC}:one:1234abcd8765" > dig.out.${t} grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } echo_i "testing allow-query-on ACL processing" diff --git a/bin/tests/system/addzone/ns1/named.conf.in b/bin/tests/system/addzone/ns1/named.conf.in index afd7c316d7..b2d5e05dbb 100644 --- a/bin/tests/system/addzone/ns1/named.conf.in +++ b/bin/tests/system/addzone/ns1/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in index b91d19a940..ae485e82ad 100644 --- a/bin/tests/system/allow-query/ns2/named10.conf.in +++ b/bin/tests/system/allow-query/ns2/named10.conf.in @@ -12,7 +12,7 @@ */ key one { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in index 308c4ca19e..8a5e806745 100644 --- a/bin/tests/system/allow-query/ns2/named11.conf.in +++ b/bin/tests/system/allow-query/ns2/named11.conf.in @@ -12,12 +12,12 @@ */ key one { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; key two { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234efgh8765"; }; diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in index 6b0fe552a4..a10c6d0f98 100644 --- a/bin/tests/system/allow-query/ns2/named12.conf.in +++ b/bin/tests/system/allow-query/ns2/named12.conf.in @@ -12,7 +12,7 @@ */ key one { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in index aefc4740aa..52981a7a0b 100644 --- a/bin/tests/system/allow-query/ns2/named30.conf.in +++ b/bin/tests/system/allow-query/ns2/named30.conf.in @@ -12,7 +12,7 @@ */ key one { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in index 27eccc2956..f6278703d7 100644 --- a/bin/tests/system/allow-query/ns2/named31.conf.in +++ b/bin/tests/system/allow-query/ns2/named31.conf.in @@ -12,12 +12,12 @@ */ key one { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; key two { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234efgh8765"; }; diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in index adbb203de0..6fd516bced 100644 --- a/bin/tests/system/allow-query/ns2/named32.conf.in +++ b/bin/tests/system/allow-query/ns2/named32.conf.in @@ -12,7 +12,7 @@ */ key one { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in index 364f94b2fc..de37915e67 100644 --- a/bin/tests/system/allow-query/ns2/named40.conf.in +++ b/bin/tests/system/allow-query/ns2/named40.conf.in @@ -16,12 +16,12 @@ acl accept { 10.53.0.2; }; acl badaccept { 10.53.0.1; }; key one { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; key two { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234efgh8765"; }; diff --git a/bin/tests/system/allow-query/ns3/named1.conf.in b/bin/tests/system/allow-query/ns3/named1.conf.in index 68af61f6f5..74b9885bcc 100644 --- a/bin/tests/system/allow-query/ns3/named1.conf.in +++ b/bin/tests/system/allow-query/ns3/named1.conf.in @@ -22,7 +22,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/allow-query/ns3/named2.conf.in b/bin/tests/system/allow-query/ns3/named2.conf.in index d3f220512c..c4a4e8fb88 100644 --- a/bin/tests/system/allow-query/ns3/named2.conf.in +++ b/bin/tests/system/allow-query/ns3/named2.conf.in @@ -25,7 +25,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/allow-query/ns3/named3.conf.in b/bin/tests/system/allow-query/ns3/named3.conf.in index 32e1e0d2b7..0e1f7b0211 100644 --- a/bin/tests/system/allow-query/ns3/named3.conf.in +++ b/bin/tests/system/allow-query/ns3/named3.conf.in @@ -25,7 +25,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/allow-query/ns3/named4.conf.in b/bin/tests/system/allow-query/ns3/named4.conf.in index e8ab737302..36ff9114f3 100644 --- a/bin/tests/system/allow-query/ns3/named4.conf.in +++ b/bin/tests/system/allow-query/ns3/named4.conf.in @@ -25,7 +25,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh index bbffe07cc1..97a0859637 100644 --- a/bin/tests/system/allow-query/tests.sh +++ b/bin/tests/system/allow-query/tests.sh @@ -200,7 +200,7 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: key allowed - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -213,7 +213,7 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: key not allowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:two:1234efgh8765" a.normal.example a > dig.out.ns2.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 @@ -227,7 +227,7 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: key disallowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a > dig.out.ns2.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 @@ -366,7 +366,7 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views key allowed - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -379,7 +379,7 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views key not allowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:two:1234efgh8765" a.normal.example a > dig.out.ns2.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 @@ -393,7 +393,7 @@ rndc_reload ns2 10.53.0.2 echo_i "test $n: views key disallowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.normal.example a > dig.out.ns2.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1 @@ -533,7 +533,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "test $n: zone key allowed - query allowed" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.keyallow.example a > dig.out.ns2.$n || ret=1 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -543,7 +543,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "test $n: zone key not allowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:two:1234efgh8765" a.keyallow.example a > dig.out.ns2.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1 @@ -554,7 +554,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "test $n: zone key disallowed - query refused" ret=0 -$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1 +$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y "${DEFAULT_HMAC}:one:1234abcd8765" a.keydisallow.example a > dig.out.ns2.$n || ret=1 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1 grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1 grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1 diff --git a/bin/tests/system/ans.pl b/bin/tests/system/ans.pl index 899a32596e..b74333b255 100644 --- a/bin/tests/system/ans.pl +++ b/bin/tests/system/ans.pl @@ -95,6 +95,8 @@ my $mainport = int($ENV{'PORT'}); if (!$mainport) { $mainport = 5300; } my $ctrlport = int($ENV{'EXTRAPORT1'}); if (!$ctrlport) { $ctrlport = 5301; } +my $hmac_algorithm = $ENV{'DEFAULT_HMAC'}; +if (!defined($hmac_algorithm)) { $hmac_algorithm = "hmac-sha256"; } # XXX: we should also be able to set the port numbers to listen on. my $ctlsock = IO::Socket::INET->new(LocalAddr => "$server_addr", @@ -174,6 +176,7 @@ sub handleUDP { } else { $tsig = Net::DNS::RR->new( name => $key_name, + algorithm => $hmac_algorithm, type => 'TSIG', key => $key_data); } @@ -390,6 +393,7 @@ sub handleTCP { if ($Net::DNS::VERSION < 0.69) { $tsig = Net::DNS::RR->new( "$key_name TSIG $key_data"); + $tsig->algorithm = $hmac_algorithm; } elsif ($Net::DNS::VERSION >= 0.81 && $continuation) { } elsif ($Net::DNS::VERSION >= 0.75 && @@ -398,6 +402,7 @@ sub handleTCP { } else { $tsig = Net::DNS::RR->new( name => $key_name, + algorithm => $hmac_algorithm, type => 'TSIG', key => $key_data); } diff --git a/bin/tests/system/autosign/ns1/named.conf.in b/bin/tests/system/autosign/ns1/named.conf.in index 6295404f26..2a5548349f 100644 --- a/bin/tests/system/autosign/ns1/named.conf.in +++ b/bin/tests/system/autosign/ns1/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/autosign/ns2/named.conf.in b/bin/tests/system/autosign/ns2/named.conf.in index 460bf75c39..32c565d682 100644 --- a/bin/tests/system/autosign/ns2/named.conf.in +++ b/bin/tests/system/autosign/ns2/named.conf.in @@ -29,7 +29,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/autosign/ns3/named.conf.in b/bin/tests/system/autosign/ns3/named.conf.in index 29dfad6312..21d3191c9f 100644 --- a/bin/tests/system/autosign/ns3/named.conf.in +++ b/bin/tests/system/autosign/ns3/named.conf.in @@ -33,7 +33,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/cacheclean/ns2/named.conf.in b/bin/tests/system/cacheclean/ns2/named.conf.in index 554730e6ae..0b5cd29813 100644 --- a/bin/tests/system/cacheclean/ns2/named.conf.in +++ b/bin/tests/system/cacheclean/ns2/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in index 142128131c..e5d688cf51 100644 --- a/bin/tests/system/catz/ns1/named.conf.in +++ b/bin/tests/system/catz/ns1/named.conf.in @@ -122,5 +122,5 @@ view "ch" ch { key tsig_key. { secret "LSAnCU+Z"; - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/catz/ns2/named1.conf.in b/bin/tests/system/catz/ns2/named1.conf.in index a587b383af..ba21963625 100644 --- a/bin/tests/system/catz/ns2/named1.conf.in +++ b/bin/tests/system/catz/ns2/named1.conf.in @@ -165,5 +165,5 @@ view "ch" ch { key tsig_key. { secret "LSAnCU+Z"; - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/catz/ns2/named2.conf.in b/bin/tests/system/catz/ns2/named2.conf.in index 62b76a600e..cd5f2b97c7 100644 --- a/bin/tests/system/catz/ns2/named2.conf.in +++ b/bin/tests/system/catz/ns2/named2.conf.in @@ -122,5 +122,5 @@ view "ch" ch { key tsig_key. { secret "LSAnCU+Z"; - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/chain/ns7/named.conf.in b/bin/tests/system/chain/ns7/named.conf.in index 31ca3ef532..32c9b5f569 100644 --- a/bin/tests/system/chain/ns7/named.conf.in +++ b/bin/tests/system/chain/ns7/named.conf.in @@ -32,7 +32,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/checkconf/bad-kasp-keydir1.conf b/bin/tests/system/checkconf/bad-kasp-keydir1.conf.in similarity index 95% rename from bin/tests/system/checkconf/bad-kasp-keydir1.conf rename to bin/tests/system/checkconf/bad-kasp-keydir1.conf.in index eea10308b0..b0deaeae33 100644 --- a/bin/tests/system/checkconf/bad-kasp-keydir1.conf +++ b/bin/tests/system/checkconf/bad-kasp-keydir1.conf.in @@ -18,12 +18,12 @@ key "keyforview1" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; }; key "keyforview2" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; }; diff --git a/bin/tests/system/checkconf/bad-kasp-keydir2.conf b/bin/tests/system/checkconf/bad-kasp-keydir2.conf.in similarity index 94% rename from bin/tests/system/checkconf/bad-kasp-keydir2.conf rename to bin/tests/system/checkconf/bad-kasp-keydir2.conf.in index 2ccf4397d7..699c193aaa 100644 --- a/bin/tests/system/checkconf/bad-kasp-keydir2.conf +++ b/bin/tests/system/checkconf/bad-kasp-keydir2.conf.in @@ -18,12 +18,12 @@ */ key "keyforview1" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; }; key "keyforview2" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; }; diff --git a/bin/tests/system/checkconf/bad-kasp-keydir3.conf b/bin/tests/system/checkconf/bad-kasp-keydir3.conf.in similarity index 95% rename from bin/tests/system/checkconf/bad-kasp-keydir3.conf rename to bin/tests/system/checkconf/bad-kasp-keydir3.conf.in index e057877438..0dbd7e2265 100644 --- a/bin/tests/system/checkconf/bad-kasp-keydir3.conf +++ b/bin/tests/system/checkconf/bad-kasp-keydir3.conf.in @@ -19,12 +19,12 @@ */ key "keyforview1" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; }; key "keyforview2" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; }; diff --git a/bin/tests/system/checkconf/bad-kasp-keydir4.conf b/bin/tests/system/checkconf/bad-kasp-keydir4.conf.in similarity index 95% rename from bin/tests/system/checkconf/bad-kasp-keydir4.conf rename to bin/tests/system/checkconf/bad-kasp-keydir4.conf.in index 44f867f33e..af4a8f907b 100644 --- a/bin/tests/system/checkconf/bad-kasp-keydir4.conf +++ b/bin/tests/system/checkconf/bad-kasp-keydir4.conf.in @@ -18,12 +18,12 @@ */ key "keyforview1" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; }; key "keyforview2" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; }; diff --git a/bin/tests/system/checkconf/bad-kasp-keydir5.conf b/bin/tests/system/checkconf/bad-kasp-keydir5.conf.in similarity index 95% rename from bin/tests/system/checkconf/bad-kasp-keydir5.conf rename to bin/tests/system/checkconf/bad-kasp-keydir5.conf.in index 9373a079c7..1cca608326 100644 --- a/bin/tests/system/checkconf/bad-kasp-keydir5.conf +++ b/bin/tests/system/checkconf/bad-kasp-keydir5.conf.in @@ -19,12 +19,12 @@ */ key "keyforview1" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; }; key "keyforview2" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; }; diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf.in similarity index 94% rename from bin/tests/system/checkconf/bad-tsig.conf rename to bin/tests/system/checkconf/bad-tsig.conf.in index 4af25b0f1c..3e3023c5df 100644 --- a/bin/tests/system/checkconf/bad-tsig.conf +++ b/bin/tests/system/checkconf/bad-tsig.conf.in @@ -13,7 +13,6 @@ /* Bad secret */ key "badtsig" { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "jEdD+BPKg=="; }; - diff --git a/bin/tests/system/checkconf/clean.sh b/bin/tests/system/checkconf/clean.sh index 5bdcb6e8e1..3b424be321 100644 --- a/bin/tests/system/checkconf/clean.sh +++ b/bin/tests/system/checkconf/clean.sh @@ -11,10 +11,16 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -rm -f good.conf.in good.conf.out badzero.conf *.out -rm -f good-kasp.conf.in -rm -rf test.keydir +rm -f bad-kasp-keydir1.conf +rm -f bad-kasp-keydir2.conf +rm -f bad-kasp-keydir3.conf +rm -f bad-kasp-keydir4.conf +rm -f bad-kasp-keydir5.conf +rm -f bad-tsig.conf rm -f checkconf.out* rm -f diff.out* -rm -f ns*/named.lock +rm -f good-kasp.conf.in rm -f good-server-christmas-tree.conf +rm -f good.conf good.conf.raw good.conf.out badzero.conf *.out +rm -f ns*/named.lock +rm -rf test.keydir diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf.in similarity index 99% rename from bin/tests/system/checkconf/good.conf rename to bin/tests/system/checkconf/good.conf.in index 100ec3a827..1c136c703e 100644 --- a/bin/tests/system/checkconf/good.conf +++ b/bin/tests/system/checkconf/good.conf.in @@ -267,6 +267,6 @@ dyndb "name" "library.so" { system; }; key "mykey" { - algorithm "hmac-md5"; + algorithm "@DEFAULT_HMAC@"; secret "qwertyuiopasdfgh"; }; diff --git a/bin/tests/system/checkconf/setup.sh b/bin/tests/system/checkconf/setup.sh index 85eca861b1..77707226c9 100644 --- a/bin/tests/system/checkconf/setup.sh +++ b/bin/tests/system/checkconf/setup.sh @@ -10,4 +10,13 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +. ../conf.sh + +copy_setports bad-kasp-keydir1.conf.in bad-kasp-keydir1.conf +copy_setports bad-kasp-keydir2.conf.in bad-kasp-keydir2.conf +copy_setports bad-kasp-keydir3.conf.in bad-kasp-keydir3.conf +copy_setports bad-kasp-keydir4.conf.in bad-kasp-keydir4.conf +copy_setports bad-kasp-keydir5.conf.in bad-kasp-keydir5.conf +copy_setports bad-tsig.conf.in bad-tsig.conf +copy_setports good.conf.in good.conf cp -f good-server-christmas-tree.conf.in good-server-christmas-tree.conf diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index e1131dab51..5d6108ecd2 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -26,11 +26,11 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking that named-checkconf prints a known good config ($n)" ret=0 -awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.in -[ -s good.conf.in ] || ret=1 -$CHECKCONF -p good.conf.in > checkconf.out$n || ret=1 -grep -v '^good.conf.in:' < checkconf.out$n > good.conf.out 2>&1 || ret=1 -cmp good.conf.in good.conf.out || ret=1 +awk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.raw +[ -s good.conf.raw ] || ret=1 +$CHECKCONF -p good.conf.raw > checkconf.out$n || ret=1 +grep -v '^good.conf.raw:' < checkconf.out$n > good.conf.out 2>&1 || ret=1 +cmp good.conf.raw good.conf.out || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -38,10 +38,10 @@ n=`expr $n + 1` echo_i "checking that named-checkconf -x removes secrets ($n)" ret=0 # ensure there is a secret and that it is not the check string. -grep 'secret "' good.conf.in > /dev/null || ret=1 -grep 'secret "????????????????"' good.conf.in > /dev/null 2>&1 && ret=1 -$CHECKCONF -p -x good.conf.in > checkconf.out$n || ret=1 -grep -v '^good.conf.in:' < checkconf.out$n > good.conf.out 2>&1 || ret=1 +grep 'secret "' good.conf.raw > /dev/null || ret=1 +grep 'secret "????????????????"' good.conf.raw > /dev/null 2>&1 && ret=1 +$CHECKCONF -p -x good.conf.raw > checkconf.out$n || ret=1 +grep -v '^good.conf.raw:' < checkconf.out$n > good.conf.out 2>&1 || ret=1 grep 'secret "????????????????"' good.conf.out > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` diff --git a/bin/tests/system/checkds/ns2/named.conf.in b/bin/tests/system/checkds/ns2/named.conf.in index 44a577617d..8086055d75 100644 --- a/bin/tests/system/checkds/ns2/named.conf.in +++ b/bin/tests/system/checkds/ns2/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/checkds/ns4/named.conf.in b/bin/tests/system/checkds/ns4/named.conf.in index b5421eb1be..84aabde456 100644 --- a/bin/tests/system/checkds/ns4/named.conf.in +++ b/bin/tests/system/checkds/ns4/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/checkds/ns5/named.conf.in b/bin/tests/system/checkds/ns5/named.conf.in index baab6be82e..2a306776cb 100644 --- a/bin/tests/system/checkds/ns5/named.conf.in +++ b/bin/tests/system/checkds/ns5/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/checkds/ns6/named.conf.in b/bin/tests/system/checkds/ns6/named.conf.in index 53d3a167ed..90c80cce4c 100644 --- a/bin/tests/system/checkds/ns6/named.conf.in +++ b/bin/tests/system/checkds/ns6/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/checkds/ns7/named.conf.in b/bin/tests/system/checkds/ns7/named.conf.in index a3e3e1527b..9b966ccd05 100644 --- a/bin/tests/system/checkds/ns7/named.conf.in +++ b/bin/tests/system/checkds/ns7/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/checkds/ns9/named.conf.in b/bin/tests/system/checkds/ns9/named.conf.in index 8f0dfeab0d..9942b68d8e 100644 --- a/bin/tests/system/checkds/ns9/named.conf.in +++ b/bin/tests/system/checkds/ns9/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/checkzone/clean.sh b/bin/tests/system/checkzone/clean.sh index 08c016cb40..9a9cde8a9f 100644 --- a/bin/tests/system/checkzone/clean.sh +++ b/bin/tests/system/checkzone/clean.sh @@ -11,4 +11,5 @@ rm -f test.* good1.db.raw named-compilezone rm -f ns*/named.lock +rm -f zones/bad-tsig.db rm -f zones/zone1_*.txt diff --git a/bin/tests/system/checkzone/setup.sh b/bin/tests/system/checkzone/setup.sh index f143347c89..cc2aa996fc 100644 --- a/bin/tests/system/checkzone/setup.sh +++ b/bin/tests/system/checkzone/setup.sh @@ -15,3 +15,5 @@ ln -s $CHECKZONE named-compilezone ./named-compilezone -D -F raw -o good1.db.raw example \ zones/good1.db > /dev/null 2>&1 + +copy_setports zones/bad-tsig.db.in zones/bad-tsig.db diff --git a/bin/tests/system/checkzone/zones/bad-tsig.db b/bin/tests/system/checkzone/zones/bad-tsig.db.in similarity index 84% rename from bin/tests/system/checkzone/zones/bad-tsig.db rename to bin/tests/system/checkzone/zones/bad-tsig.db.in index 53c2f8c114..daef06c394 100644 --- a/bin/tests/system/checkzone/zones/bad-tsig.db +++ b/bin/tests/system/checkzone/zones/bad-tsig.db.in @@ -14,4 +14,4 @@ $TTL 600 NS ns ns A 192.0.2.1 -tsig TSIG hmac-sha1. 1516135665 300 20 thBt8DheAD7qpqSFTiGK999sxGg= 54994 NOERROR 0 +tsig TSIG @DEFAULT_HMAC@ 1516135665 300 20 thBt8DheAD7qpqSFTiGK999sxGg= 54994 NOERROR 0 diff --git a/bin/tests/system/common/controls.conf.in b/bin/tests/system/common/controls.conf.in index 371288560a..1db9286eba 100644 --- a/bin/tests/system/common/controls.conf.in +++ b/bin/tests/system/common/controls.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common index 6df082a74b..d02ae5e766 100644 --- a/bin/tests/system/conf.sh.common +++ b/bin/tests/system/conf.sh.common @@ -283,6 +283,10 @@ DISABLED_ALGORITHM=ECDSAP384SHA384 DISABLED_ALGORITHM_NUMBER=14 DISABLED_BITS=384 +# Default HMAC algorithm. +# also update common/rndc.conf and common/rndc.key when updating DEFAULT_HMAC +DEFAULT_HMAC=hmac-sha256 + # # Useful functions in test scripts # @@ -711,6 +715,7 @@ copy_setports() { -e "s/@ALTERNATIVE_ALGORITHM@/${ALTERNATIVE_ALGORITHM}/g" \ -e "s/@ALTERNATIVE_ALGORITHM_NUMBER@/${ALTERNATIVE_ALGORITHM_NUMBER}/g" \ -e "s/@ALTERNATIVE_BITS@/${ALTERNATIVE_BITS}/g" \ + -e "s/@DEFAULT_HMAC@/${DEFAULT_HMAC}/g" \ -e "s/@DISABLED_ALGORITHM@/${DISABLED_ALGORITHM}/g" \ -e "s/@DISABLED_ALGORITHM_NUMBER@/${DISABLED_ALGORITHM_NUMBER}/g" \ -e "s/@DISABLED_BITS@/${DISABLED_BITS}/g" \ diff --git a/bin/tests/system/cookie/ans9/ans.py b/bin/tests/system/cookie/ans9/ans.py index 550909466a..a508fa5e62 100644 --- a/bin/tests/system/cookie/ans9/ans.py +++ b/bin/tests/system/cookie/ans9/ans.py @@ -45,8 +45,8 @@ def logquery(type, qname): try: keyring = dns.tsigkeyring.from_text( { - "foo": {"hmac-sha256", "aaaaaaaaaaaa"}, - "fake": {"hmac-sha256", "aaaaaaaaaaaa"}, + "foo": {os.getenv("DEFAULT_HMAC", "hmac-sha256"), "aaaaaaaaaaaa"}, + "fake": {os.getenv("DEFAULT_HMAC", "hmac-sha256"), "aaaaaaaaaaaa"}, } ) except: diff --git a/bin/tests/system/cookie/ns1/named.conf.in b/bin/tests/system/cookie/ns1/named.conf.in index 129a9b1009..e9c28c6754 100644 --- a/bin/tests/system/cookie/ns1/named.conf.in +++ b/bin/tests/system/cookie/ns1/named.conf.in @@ -13,12 +13,12 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; key foo { secret "aaaaaaaaaaaa"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; server 10.53.0.10 { diff --git a/bin/tests/system/cookie/ns3/named.conf.in b/bin/tests/system/cookie/ns3/named.conf.in index 8b2ad79571..0382474549 100644 --- a/bin/tests/system/cookie/ns3/named.conf.in +++ b/bin/tests/system/cookie/ns3/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/cookie/ns4/named.conf.in b/bin/tests/system/cookie/ns4/named.conf.in index 0b14272137..c49b87ec10 100644 --- a/bin/tests/system/cookie/ns4/named.conf.in +++ b/bin/tests/system/cookie/ns4/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/cookie/ns5/named.conf.in b/bin/tests/system/cookie/ns5/named.conf.in index 2aabc5a8c3..87210adbf8 100644 --- a/bin/tests/system/cookie/ns5/named.conf.in +++ b/bin/tests/system/cookie/ns5/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/cookie/ns6/named.conf.in b/bin/tests/system/cookie/ns6/named.conf.in index 2bf37936a3..158d8988c5 100644 --- a/bin/tests/system/cookie/ns6/named.conf.in +++ b/bin/tests/system/cookie/ns6/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/cookie/ns8/named.conf.in b/bin/tests/system/cookie/ns8/named.conf.in index 1a9697bafc..99ff66b1a2 100644 --- a/bin/tests/system/cookie/ns8/named.conf.in +++ b/bin/tests/system/cookie/ns8/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/cookie/tests.sh b/bin/tests/system/cookie/tests.sh index ac3bd087cd..2e5de5ae90 100755 --- a/bin/tests/system/cookie/tests.sh +++ b/bin/tests/system/cookie/tests.sh @@ -474,7 +474,7 @@ then echo_i "check that TSIG test server is correctly configured ($n)" ret=0 pat="; COOKIE: ................................ (good)" - key=hmac-sha256:foo:aaaaaaaaaaaa + key="${DEFAULT_HMAC}:foo:aaaaaaaaaaaa" #UDP $DIG $DIGOPTS @10.53.0.10 -y $key +notcp tsig. > dig.out.test$n.1 grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1 diff --git a/bin/tests/system/database/ns1/named1.conf.in b/bin/tests/system/database/ns1/named1.conf.in index 56c6a07d28..5fa7ce5ce4 100644 --- a/bin/tests/system/database/ns1/named1.conf.in +++ b/bin/tests/system/database/ns1/named1.conf.in @@ -15,7 +15,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/database/ns1/named2.conf.in b/bin/tests/system/database/ns1/named2.conf.in index 7eb4930000..80cfab28b8 100644 --- a/bin/tests/system/database/ns1/named2.conf.in +++ b/bin/tests/system/database/ns1/named2.conf.in @@ -15,7 +15,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/delzone/tests.sh b/bin/tests/system/delzone/tests.sh index 0cb22f5790..fcd687d5f8 100755 --- a/bin/tests/system/delzone/tests.sh +++ b/bin/tests/system/delzone/tests.sh @@ -35,7 +35,7 @@ ret=0 import sys sys.path.insert(0, '../../../../bin/python') from isc import rndc -r = rndc(('10.53.0.2', 9953), 'hmac-sha256', '1234abcd8765') +r = rndc(('10.53.0.2', 9953), '${DEFAULT_HMAC}', '1234abcd8765') for i in range(20000): res = r.call('addzone z%d.example { type primary; file "added.db"; };' % i) if 'text' in res: @@ -48,7 +48,7 @@ EOF import sys sys.path.insert(0, '../../../../bin/python') from isc import rndc -r = rndc(('10.53.0.2', 9953), 'hmac-sha256', '1234abcd8765') +r = rndc(('10.53.0.2', 9953), '${DEFAULT_HMAC}', '1234abcd8765') for i in range(20000): res = r.call('delzone z%d.example' % i) if 'text' in res: diff --git a/bin/tests/system/dispatch/ns1/named.conf.in b/bin/tests/system/dispatch/ns1/named.conf.in index a4a2f61249..794312497e 100644 --- a/bin/tests/system/dispatch/ns1/named.conf.in +++ b/bin/tests/system/dispatch/ns1/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dispatch/ns2/named.conf.in b/bin/tests/system/dispatch/ns2/named.conf.in index 231e5a6c32..8e79ac483d 100644 --- a/bin/tests/system/dispatch/ns2/named.conf.in +++ b/bin/tests/system/dispatch/ns2/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dlzexternal/ns1/named.conf.in b/bin/tests/system/dlzexternal/ns1/named.conf.in index 51a2f86f37..87f8a7fe32 100644 --- a/bin/tests/system/dlzexternal/ns1/named.conf.in +++ b/bin/tests/system/dlzexternal/ns1/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; include "ddns.key"; diff --git a/bin/tests/system/dnssec/ns2/named.conf.in b/bin/tests/system/dnssec/ns2/named.conf.in index ebfde14872..94928c1f1d 100644 --- a/bin/tests/system/dnssec/ns2/named.conf.in +++ b/bin/tests/system/dnssec/ns2/named.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dnssec/ns3/named.conf.in b/bin/tests/system/dnssec/ns3/named.conf.in index 08875f953b..cdc6e02007 100644 --- a/bin/tests/system/dnssec/ns3/named.conf.in +++ b/bin/tests/system/dnssec/ns3/named.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dnssec/ns4/named1.conf.in b/bin/tests/system/dnssec/ns4/named1.conf.in index 212ef85666..09a32921f1 100644 --- a/bin/tests/system/dnssec/ns4/named1.conf.in +++ b/bin/tests/system/dnssec/ns4/named1.conf.in @@ -41,7 +41,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dnssec/ns4/named2.conf.in b/bin/tests/system/dnssec/ns4/named2.conf.in index 3369b6bdf4..5742871a4f 100644 --- a/bin/tests/system/dnssec/ns4/named2.conf.in +++ b/bin/tests/system/dnssec/ns4/named2.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dnssec/ns4/named3.conf.in b/bin/tests/system/dnssec/ns4/named3.conf.in index d6eaa01419..3a64e9d27a 100644 --- a/bin/tests/system/dnssec/ns4/named3.conf.in +++ b/bin/tests/system/dnssec/ns4/named3.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dnssec/ns4/named4.conf.in b/bin/tests/system/dnssec/ns4/named4.conf.in index db42f234f2..5d3bf3f0c7 100644 --- a/bin/tests/system/dnssec/ns4/named4.conf.in +++ b/bin/tests/system/dnssec/ns4/named4.conf.in @@ -25,7 +25,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { @@ -34,7 +34,7 @@ controls { key auth { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; include "trusted.conf"; diff --git a/bin/tests/system/dnssec/ns4/named5.conf.in b/bin/tests/system/dnssec/ns4/named5.conf.in index 2be2f0262c..e457062d64 100644 --- a/bin/tests/system/dnssec/ns4/named5.conf.in +++ b/bin/tests/system/dnssec/ns4/named5.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { @@ -35,5 +35,5 @@ controls { key auth { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/dnssec/ns5/named1.conf.in b/bin/tests/system/dnssec/ns5/named1.conf.in index deec9c218a..ccb3de919c 100644 --- a/bin/tests/system/dnssec/ns5/named1.conf.in +++ b/bin/tests/system/dnssec/ns5/named1.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dnssec/ns5/named2.conf.in b/bin/tests/system/dnssec/ns5/named2.conf.in index f334e16899..636f4c23fa 100644 --- a/bin/tests/system/dnssec/ns5/named2.conf.in +++ b/bin/tests/system/dnssec/ns5/named2.conf.in @@ -15,7 +15,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dnssec/ns8/named.conf.in b/bin/tests/system/dnssec/ns8/named.conf.in index ef3c91314f..d0278caeb9 100644 --- a/bin/tests/system/dnssec/ns8/named.conf.in +++ b/bin/tests/system/dnssec/ns8/named.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dnssec/ns9/named.conf.in b/bin/tests/system/dnssec/ns9/named.conf.in index d206d56582..06530a08c1 100644 --- a/bin/tests/system/dnssec/ns9/named.conf.in +++ b/bin/tests/system/dnssec/ns9/named.conf.in @@ -29,7 +29,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dnstap/ns1/named.conf.in b/bin/tests/system/dnstap/ns1/named.conf.in index c2c0087753..7f3fb296d7 100644 --- a/bin/tests/system/dnstap/ns1/named.conf.in +++ b/bin/tests/system/dnstap/ns1/named.conf.in @@ -34,7 +34,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dnstap/ns2/named.conf.in b/bin/tests/system/dnstap/ns2/named.conf.in index 1c1713a46d..badc2257bb 100644 --- a/bin/tests/system/dnstap/ns2/named.conf.in +++ b/bin/tests/system/dnstap/ns2/named.conf.in @@ -34,7 +34,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dnstap/ns3/named.conf.in b/bin/tests/system/dnstap/ns3/named.conf.in index 24320ed83f..a5ee2ede8b 100644 --- a/bin/tests/system/dnstap/ns3/named.conf.in +++ b/bin/tests/system/dnstap/ns3/named.conf.in @@ -37,7 +37,7 @@ server 10.53.0.1 { tcp-only yes; }; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dnstap/ns4/named.conf.in b/bin/tests/system/dnstap/ns4/named.conf.in index e821f5ecd4..e2a9207d1f 100644 --- a/bin/tests/system/dnstap/ns4/named.conf.in +++ b/bin/tests/system/dnstap/ns4/named.conf.in @@ -36,7 +36,7 @@ server 10.53.0.1 { tcp-only yes; }; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/dyndb/ns1/named.conf.in b/bin/tests/system/dyndb/ns1/named.conf.in index 4ab3f65328..6bb76ea404 100644 --- a/bin/tests/system/dyndb/ns1/named.conf.in +++ b/bin/tests/system/dyndb/ns1/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/emptyzones/ns1/named1.conf.in b/bin/tests/system/emptyzones/ns1/named1.conf.in index 2cf1286643..582b4fa636 100644 --- a/bin/tests/system/emptyzones/ns1/named1.conf.in +++ b/bin/tests/system/emptyzones/ns1/named1.conf.in @@ -12,7 +12,7 @@ */ key rndc_key { - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; diff --git a/bin/tests/system/emptyzones/ns1/named2.conf.in b/bin/tests/system/emptyzones/ns1/named2.conf.in index f62cfc9497..8d8f0ff1c7 100644 --- a/bin/tests/system/emptyzones/ns1/named2.conf.in +++ b/bin/tests/system/emptyzones/ns1/named2.conf.in @@ -12,7 +12,7 @@ */ key rndc_key { - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; diff --git a/bin/tests/system/engine_pkcs11/ns1/named.conf.in b/bin/tests/system/engine_pkcs11/ns1/named.conf.in index 8f2687d538..985974db81 100644 --- a/bin/tests/system/engine_pkcs11/ns1/named.conf.in +++ b/bin/tests/system/engine_pkcs11/ns1/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/fetchlimit/ns2/named.conf.in b/bin/tests/system/fetchlimit/ns2/named.conf.in index 108877e3ad..1d57632f3a 100644 --- a/bin/tests/system/fetchlimit/ns2/named.conf.in +++ b/bin/tests/system/fetchlimit/ns2/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/fetchlimit/ns3/named1.conf.in b/bin/tests/system/fetchlimit/ns3/named1.conf.in index 3adfe473eb..e493d8a4d7 100644 --- a/bin/tests/system/fetchlimit/ns3/named1.conf.in +++ b/bin/tests/system/fetchlimit/ns3/named1.conf.in @@ -34,7 +34,7 @@ server 10.53.0.4 { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/fetchlimit/ns3/named2.conf.in b/bin/tests/system/fetchlimit/ns3/named2.conf.in index 74374b106f..2d0dcef24b 100644 --- a/bin/tests/system/fetchlimit/ns3/named2.conf.in +++ b/bin/tests/system/fetchlimit/ns3/named2.conf.in @@ -32,7 +32,7 @@ server 10.53.0.4 { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/fetchlimit/ns3/named3.conf.in b/bin/tests/system/fetchlimit/ns3/named3.conf.in index 3df353b07d..f056fbbf7b 100644 --- a/bin/tests/system/fetchlimit/ns3/named3.conf.in +++ b/bin/tests/system/fetchlimit/ns3/named3.conf.in @@ -32,7 +32,7 @@ server 10.53.0.4 { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/filter-aaaa/ns1/named1.conf.in b/bin/tests/system/filter-aaaa/ns1/named1.conf.in index 619a28dee6..f5f0905512 100644 --- a/bin/tests/system/filter-aaaa/ns1/named1.conf.in +++ b/bin/tests/system/filter-aaaa/ns1/named1.conf.in @@ -34,7 +34,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/filter-aaaa/ns1/named2.conf.in b/bin/tests/system/filter-aaaa/ns1/named2.conf.in index e131e04429..3152f96f0e 100644 --- a/bin/tests/system/filter-aaaa/ns1/named2.conf.in +++ b/bin/tests/system/filter-aaaa/ns1/named2.conf.in @@ -32,7 +32,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/filter-aaaa/ns2/named1.conf.in b/bin/tests/system/filter-aaaa/ns2/named1.conf.in index 99e005e2fd..2a1486d56a 100644 --- a/bin/tests/system/filter-aaaa/ns2/named1.conf.in +++ b/bin/tests/system/filter-aaaa/ns2/named1.conf.in @@ -32,7 +32,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/filter-aaaa/ns2/named2.conf.in b/bin/tests/system/filter-aaaa/ns2/named2.conf.in index 171439d456..4e5a1ef095 100644 --- a/bin/tests/system/filter-aaaa/ns2/named2.conf.in +++ b/bin/tests/system/filter-aaaa/ns2/named2.conf.in @@ -32,7 +32,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/filter-aaaa/ns3/named1.conf.in b/bin/tests/system/filter-aaaa/ns3/named1.conf.in index d2172a9958..602859b752 100644 --- a/bin/tests/system/filter-aaaa/ns3/named1.conf.in +++ b/bin/tests/system/filter-aaaa/ns3/named1.conf.in @@ -32,7 +32,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/filter-aaaa/ns3/named2.conf.in b/bin/tests/system/filter-aaaa/ns3/named2.conf.in index 87d8d2429b..db449afb9e 100644 --- a/bin/tests/system/filter-aaaa/ns3/named2.conf.in +++ b/bin/tests/system/filter-aaaa/ns3/named2.conf.in @@ -32,7 +32,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/filter-aaaa/ns4/named1.conf.in b/bin/tests/system/filter-aaaa/ns4/named1.conf.in index 0e237ad13c..0aa30071e8 100644 --- a/bin/tests/system/filter-aaaa/ns4/named1.conf.in +++ b/bin/tests/system/filter-aaaa/ns4/named1.conf.in @@ -32,7 +32,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/filter-aaaa/ns4/named2.conf.in b/bin/tests/system/filter-aaaa/ns4/named2.conf.in index d81ce0a710..e534e54a80 100644 --- a/bin/tests/system/filter-aaaa/ns4/named2.conf.in +++ b/bin/tests/system/filter-aaaa/ns4/named2.conf.in @@ -32,7 +32,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/filter-aaaa/ns5/named.conf.in b/bin/tests/system/filter-aaaa/ns5/named.conf.in index 2b837cf930..36380cd321 100644 --- a/bin/tests/system/filter-aaaa/ns5/named.conf.in +++ b/bin/tests/system/filter-aaaa/ns5/named.conf.in @@ -37,7 +37,7 @@ plugin query "../../../../plugins/.libs/filter-aaaa.so" { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/forward/ns3/named1.conf.in b/bin/tests/system/forward/ns3/named1.conf.in index 88f1eee9b4..ffc0718bfc 100644 --- a/bin/tests/system/forward/ns3/named1.conf.in +++ b/bin/tests/system/forward/ns3/named1.conf.in @@ -29,7 +29,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/forward/ns3/named2.conf.in b/bin/tests/system/forward/ns3/named2.conf.in index b498e87be9..986a60e02d 100644 --- a/bin/tests/system/forward/ns3/named2.conf.in +++ b/bin/tests/system/forward/ns3/named2.conf.in @@ -30,7 +30,7 @@ include "trusted.conf"; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/forward/ns9/named1.conf.in b/bin/tests/system/forward/ns9/named1.conf.in index be9a43842f..54fed8f761 100644 --- a/bin/tests/system/forward/ns9/named1.conf.in +++ b/bin/tests/system/forward/ns9/named1.conf.in @@ -25,7 +25,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/forward/ns9/named2.conf.in b/bin/tests/system/forward/ns9/named2.conf.in index 2c40b42a0c..34f7eeae07 100644 --- a/bin/tests/system/forward/ns9/named2.conf.in +++ b/bin/tests/system/forward/ns9/named2.conf.in @@ -25,7 +25,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/forward/ns9/named3.conf.in b/bin/tests/system/forward/ns9/named3.conf.in index 576f57c10b..c07281fdd1 100644 --- a/bin/tests/system/forward/ns9/named3.conf.in +++ b/bin/tests/system/forward/ns9/named3.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/forward/ns9/named4.conf.in b/bin/tests/system/forward/ns9/named4.conf.in index 5cd7d84109..c06b36133c 100644 --- a/bin/tests/system/forward/ns9/named4.conf.in +++ b/bin/tests/system/forward/ns9/named4.conf.in @@ -25,7 +25,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/geoip2/conf/bad-regiondb.conf b/bin/tests/system/geoip2/conf/bad-regiondb.conf index aebdbed4ff..62a93cdbd6 100644 --- a/bin/tests/system/geoip2/conf/bad-regiondb.conf +++ b/bin/tests/system/geoip2/conf/bad-regiondb.conf @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/geoip2/ns2/named1.conf.in b/bin/tests/system/geoip2/ns2/named1.conf.in index 8c5784a673..2b01a5cd3c 100644 --- a/bin/tests/system/geoip2/ns2/named1.conf.in +++ b/bin/tests/system/geoip2/ns2/named1.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/geoip2/ns2/named10.conf.in b/bin/tests/system/geoip2/ns2/named10.conf.in index da3f9cd221..5cac0f728c 100644 --- a/bin/tests/system/geoip2/ns2/named10.conf.in +++ b/bin/tests/system/geoip2/ns2/named10.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/geoip2/ns2/named11.conf.in b/bin/tests/system/geoip2/ns2/named11.conf.in index 578a484a3d..b6d2a44624 100644 --- a/bin/tests/system/geoip2/ns2/named11.conf.in +++ b/bin/tests/system/geoip2/ns2/named11.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/geoip2/ns2/named12.conf.in b/bin/tests/system/geoip2/ns2/named12.conf.in index 9c90c79a73..25281649cb 100644 --- a/bin/tests/system/geoip2/ns2/named12.conf.in +++ b/bin/tests/system/geoip2/ns2/named12.conf.in @@ -33,7 +33,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/geoip2/ns2/named2.conf.in b/bin/tests/system/geoip2/ns2/named2.conf.in index 5ca5fcf327..c28f15bfdc 100644 --- a/bin/tests/system/geoip2/ns2/named2.conf.in +++ b/bin/tests/system/geoip2/ns2/named2.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/geoip2/ns2/named3.conf.in b/bin/tests/system/geoip2/ns2/named3.conf.in index 295122ac20..f3b35e5b12 100644 --- a/bin/tests/system/geoip2/ns2/named3.conf.in +++ b/bin/tests/system/geoip2/ns2/named3.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/geoip2/ns2/named4.conf.in b/bin/tests/system/geoip2/ns2/named4.conf.in index efdcaeb803..7ccd200917 100644 --- a/bin/tests/system/geoip2/ns2/named4.conf.in +++ b/bin/tests/system/geoip2/ns2/named4.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/geoip2/ns2/named5.conf.in b/bin/tests/system/geoip2/ns2/named5.conf.in index 675dc18788..ec0b3710f8 100644 --- a/bin/tests/system/geoip2/ns2/named5.conf.in +++ b/bin/tests/system/geoip2/ns2/named5.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/geoip2/ns2/named6.conf.in b/bin/tests/system/geoip2/ns2/named6.conf.in index 456462f4e8..b2bb0917c2 100644 --- a/bin/tests/system/geoip2/ns2/named6.conf.in +++ b/bin/tests/system/geoip2/ns2/named6.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/geoip2/ns2/named7.conf.in b/bin/tests/system/geoip2/ns2/named7.conf.in index b248e02b6f..99b69608a7 100644 --- a/bin/tests/system/geoip2/ns2/named7.conf.in +++ b/bin/tests/system/geoip2/ns2/named7.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/geoip2/ns2/named8.conf.in b/bin/tests/system/geoip2/ns2/named8.conf.in index 26660b5f61..4470ad6aca 100644 --- a/bin/tests/system/geoip2/ns2/named8.conf.in +++ b/bin/tests/system/geoip2/ns2/named8.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/geoip2/ns2/named9.conf.in b/bin/tests/system/geoip2/ns2/named9.conf.in index 392879b978..5aee39375f 100644 --- a/bin/tests/system/geoip2/ns2/named9.conf.in +++ b/bin/tests/system/geoip2/ns2/named9.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/hooks/ns1/named.conf.in b/bin/tests/system/hooks/ns1/named.conf.in index fc385daf34..956bf41ef4 100644 --- a/bin/tests/system/hooks/ns1/named.conf.in +++ b/bin/tests/system/hooks/ns1/named.conf.in @@ -28,7 +28,7 @@ plugin query "../driver/.libs/test-async.so"; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/ixfr/ns1/named.conf.in b/bin/tests/system/ixfr/ns1/named.conf.in index 497e255083..65f152b471 100644 --- a/bin/tests/system/ixfr/ns1/named.conf.in +++ b/bin/tests/system/ixfr/ns1/named.conf.in @@ -25,7 +25,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/ixfr/ns3/named.conf.in b/bin/tests/system/ixfr/ns3/named.conf.in index 3ff936ed50..e9b9612424 100644 --- a/bin/tests/system/ixfr/ns3/named.conf.in +++ b/bin/tests/system/ixfr/ns3/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/ixfr/ns4/named.conf.in b/bin/tests/system/ixfr/ns4/named.conf.in index 934cbb6e4c..925a28051b 100644 --- a/bin/tests/system/ixfr/ns4/named.conf.in +++ b/bin/tests/system/ixfr/ns4/named.conf.in @@ -25,7 +25,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/ixfr/ns5/named.conf.in b/bin/tests/system/ixfr/ns5/named.conf.in index b2bf6d5a21..45d4f97bf4 100644 --- a/bin/tests/system/ixfr/ns5/named.conf.in +++ b/bin/tests/system/ixfr/ns5/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/journal/ns1/named.conf.in b/bin/tests/system/journal/ns1/named.conf.in index c3e2843b97..9f72a6f084 100644 --- a/bin/tests/system/journal/ns1/named.conf.in +++ b/bin/tests/system/journal/ns1/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/journal/ns2/named.conf.in b/bin/tests/system/journal/ns2/named.conf.in index 4d58c28468..e7f185e722 100644 --- a/bin/tests/system/journal/ns2/named.conf.in +++ b/bin/tests/system/journal/ns2/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/kasp/ns2/named.conf.in b/bin/tests/system/kasp/ns2/named.conf.in index 926bf849c4..df139cd139 100644 --- a/bin/tests/system/kasp/ns2/named.conf.in +++ b/bin/tests/system/kasp/ns2/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/kasp/ns3/named.conf.in b/bin/tests/system/kasp/ns3/named.conf.in index 7b5ab8cf1b..4815967511 100644 --- a/bin/tests/system/kasp/ns3/named.conf.in +++ b/bin/tests/system/kasp/ns3/named.conf.in @@ -31,7 +31,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/kasp/ns4/named.conf.in b/bin/tests/system/kasp/ns4/named.conf.in index d03be88687..c3f19a9396 100644 --- a/bin/tests/system/kasp/ns4/named.conf.in +++ b/bin/tests/system/kasp/ns4/named.conf.in @@ -15,7 +15,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { @@ -38,17 +38,17 @@ key "sha256" { }; key "keyforview1" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; }; key "keyforview2" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; }; key "keyforview3" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "C1Azf+gGPMmxrUg/WQINP6eV9Y0="; }; diff --git a/bin/tests/system/kasp/ns5/named.conf.in b/bin/tests/system/kasp/ns5/named.conf.in index 2131c2c2bb..02b17732d6 100644 --- a/bin/tests/system/kasp/ns5/named.conf.in +++ b/bin/tests/system/kasp/ns5/named.conf.in @@ -15,7 +15,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/kasp/ns6/named.conf.in b/bin/tests/system/kasp/ns6/named.conf.in index 616e332860..b258241185 100644 --- a/bin/tests/system/kasp/ns6/named.conf.in +++ b/bin/tests/system/kasp/ns6/named.conf.in @@ -31,7 +31,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/kasp/ns6/named2.conf.in b/bin/tests/system/kasp/ns6/named2.conf.in index 82e2abca7e..f421b5e662 100644 --- a/bin/tests/system/kasp/ns6/named2.conf.in +++ b/bin/tests/system/kasp/ns6/named2.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh index 8856e2db7d..6d63c5d70d 100644 --- a/bin/tests/system/kasp/tests.sh +++ b/bin/tests/system/kasp/tests.sh @@ -1872,7 +1872,7 @@ dnssec_verify # Test with views. set_zone "example.net" set_server "ns4" "10.53.0.4" -TSIG="hmac-sha1:keyforview1:$VIEW1" +TSIG="$DEFAULT_HMAC:keyforview1:$VIEW1" wait_for_nsec check_keys check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "example1" @@ -1891,7 +1891,7 @@ check_signatures TXT "dig.out.$DIR.test$n.txt" "ZSK" test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -TSIG="hmac-sha1:keyforview2:$VIEW2" +TSIG="$DEFAULT_HMAC:keyforview2:$VIEW2" wait_for_nsec check_keys check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "example2" @@ -1908,7 +1908,7 @@ check_signatures TXT "dig.out.$DIR.test$n.txt" "ZSK" test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -TSIG="hmac-sha1:keyforview3:$VIEW3" +TSIG="$DEFAULT_HMAC:keyforview3:$VIEW3" wait_for_nsec check_keys check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "example2" diff --git a/bin/tests/system/keepalive/ns1/named.conf.in b/bin/tests/system/keepalive/ns1/named.conf.in index 26cf4b3d54..696dc48f98 100644 --- a/bin/tests/system/keepalive/ns1/named.conf.in +++ b/bin/tests/system/keepalive/ns1/named.conf.in @@ -25,7 +25,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/keepalive/ns2/named.conf.in b/bin/tests/system/keepalive/ns2/named.conf.in index befa96f844..5fbd453f87 100644 --- a/bin/tests/system/keepalive/ns2/named.conf.in +++ b/bin/tests/system/keepalive/ns2/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/keepalive/ns3/named.conf.in b/bin/tests/system/keepalive/ns3/named.conf.in index b6b8073bec..873617b600 100644 --- a/bin/tests/system/keepalive/ns3/named.conf.in +++ b/bin/tests/system/keepalive/ns3/named.conf.in @@ -31,7 +31,7 @@ server 10.53.0.2 { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/keymgr2kasp/ns3/named.conf.in b/bin/tests/system/keymgr2kasp/ns3/named.conf.in index 5a71a87bbe..c0f79f1a40 100644 --- a/bin/tests/system/keymgr2kasp/ns3/named.conf.in +++ b/bin/tests/system/keymgr2kasp/ns3/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/keymgr2kasp/ns3/named2.conf.in b/bin/tests/system/keymgr2kasp/ns3/named2.conf.in index 8d5aecb463..c65560e6ab 100644 --- a/bin/tests/system/keymgr2kasp/ns3/named2.conf.in +++ b/bin/tests/system/keymgr2kasp/ns3/named2.conf.in @@ -29,7 +29,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/keymgr2kasp/ns4/named.conf.in b/bin/tests/system/keymgr2kasp/ns4/named.conf.in index 7f0c815bb0..fda402ca31 100644 --- a/bin/tests/system/keymgr2kasp/ns4/named.conf.in +++ b/bin/tests/system/keymgr2kasp/ns4/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { @@ -36,12 +36,12 @@ controls { }; key "external" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; }; key "internal" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; }; diff --git a/bin/tests/system/keymgr2kasp/ns4/named2.conf.in b/bin/tests/system/keymgr2kasp/ns4/named2.conf.in index fc96b90604..09cc032de2 100644 --- a/bin/tests/system/keymgr2kasp/ns4/named2.conf.in +++ b/bin/tests/system/keymgr2kasp/ns4/named2.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { @@ -57,12 +57,12 @@ dnssec-policy "rsasha256" { }; key "external" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "YPfMoAk6h+3iN8MDRQC004iSNHY="; }; key "internal" { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "4xILSZQnuO1UKubXHkYUsvBRPu8="; }; diff --git a/bin/tests/system/keymgr2kasp/tests.sh b/bin/tests/system/keymgr2kasp/tests.sh index a75dd80639..705054f542 100644 --- a/bin/tests/system/keymgr2kasp/tests.sh +++ b/bin/tests/system/keymgr2kasp/tests.sh @@ -957,7 +957,7 @@ set_server "ns4" "10.53.0.4" init_view_migration set_keyalgorithm "KEY1" "8" "RSASHA256" "2048" set_keyalgorithm "KEY2" "8" "RSASHA256" "1024" -TSIG="hmac-sha1:external:$VIEW1" +TSIG="$DEFAULT_HMAC:external:$VIEW1" wait_for_nsec # Make sure the zone is signed with legacy keys. check_keys @@ -987,7 +987,7 @@ set_server "ns4" "10.53.0.4" init_view_migration set_keyalgorithm "KEY1" "8" "RSASHA256" "2048" set_keyalgorithm "KEY2" "8" "RSASHA256" "1024" -TSIG="hmac-sha1:internal:$VIEW2" +TSIG="$DEFAULT_HMAC:internal:$VIEW2" wait_for_nsec # Make sure the zone is signed with legacy keys. check_keys @@ -1052,7 +1052,7 @@ set_keystate "KEY3" "STATE_DNSKEY" "rumoured" set_keystate "KEY3" "STATE_ZRRSIG" "hidden" # Various signing policy checks (external). -TSIG="hmac-sha1:external:$VIEW1" +TSIG="$DEFAULT_HMAC:external:$VIEW1" check_keys wait_for_done_signing check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "ext" @@ -1113,7 +1113,7 @@ check_apex dnssec_verify # Various signing policy checks (internal). -TSIG="hmac-sha1:internal:$VIEW2" +TSIG="$DEFAULT_HMAC:internal:$VIEW2" check_keys wait_for_done_signing check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "int" diff --git a/bin/tests/system/legacy/ns1/named1.conf.in b/bin/tests/system/legacy/ns1/named1.conf.in index 4e9b888039..5c4b1c400b 100644 --- a/bin/tests/system/legacy/ns1/named1.conf.in +++ b/bin/tests/system/legacy/ns1/named1.conf.in @@ -25,7 +25,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/logfileconfig/ns1/named.dirconf.in b/bin/tests/system/logfileconfig/ns1/named.dirconf.in index 12b3e96257..d6ee1346e7 100644 --- a/bin/tests/system/logfileconfig/ns1/named.dirconf.in +++ b/bin/tests/system/logfileconfig/ns1/named.dirconf.in @@ -39,5 +39,5 @@ controls { key rndc-key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/logfileconfig/ns1/named.iso8601-utc.in b/bin/tests/system/logfileconfig/ns1/named.iso8601-utc.in index 2b4b1819d0..6ac14dfa6c 100644 --- a/bin/tests/system/logfileconfig/ns1/named.iso8601-utc.in +++ b/bin/tests/system/logfileconfig/ns1/named.iso8601-utc.in @@ -39,5 +39,5 @@ controls { key rndc-key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/logfileconfig/ns1/named.iso8601.in b/bin/tests/system/logfileconfig/ns1/named.iso8601.in index 9d520ea562..5a1bd5e31e 100644 --- a/bin/tests/system/logfileconfig/ns1/named.iso8601.in +++ b/bin/tests/system/logfileconfig/ns1/named.iso8601.in @@ -40,5 +40,5 @@ controls { key rndc-key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/logfileconfig/ns1/named.pipeconf.in b/bin/tests/system/logfileconfig/ns1/named.pipeconf.in index 5497b62f10..8f2ec63a44 100644 --- a/bin/tests/system/logfileconfig/ns1/named.pipeconf.in +++ b/bin/tests/system/logfileconfig/ns1/named.pipeconf.in @@ -39,5 +39,5 @@ controls { key rndc-key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/logfileconfig/ns1/named.plain.in b/bin/tests/system/logfileconfig/ns1/named.plain.in index 53a1946374..f31906b76c 100644 --- a/bin/tests/system/logfileconfig/ns1/named.plain.in +++ b/bin/tests/system/logfileconfig/ns1/named.plain.in @@ -46,5 +46,5 @@ controls { key rndc-key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/logfileconfig/ns1/named.plainconf.in b/bin/tests/system/logfileconfig/ns1/named.plainconf.in index 8a70ca061c..d8dd5f5ce1 100644 --- a/bin/tests/system/logfileconfig/ns1/named.plainconf.in +++ b/bin/tests/system/logfileconfig/ns1/named.plainconf.in @@ -30,5 +30,5 @@ controls { key rndc-key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/logfileconfig/ns1/named.symconf.in b/bin/tests/system/logfileconfig/ns1/named.symconf.in index 5b30e5797a..96033651d3 100644 --- a/bin/tests/system/logfileconfig/ns1/named.symconf.in +++ b/bin/tests/system/logfileconfig/ns1/named.symconf.in @@ -39,5 +39,5 @@ controls { key rndc-key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/logfileconfig/ns1/named.tsconf.in b/bin/tests/system/logfileconfig/ns1/named.tsconf.in index 4b0f8af55f..7f761951fe 100644 --- a/bin/tests/system/logfileconfig/ns1/named.tsconf.in +++ b/bin/tests/system/logfileconfig/ns1/named.tsconf.in @@ -48,5 +48,5 @@ controls { key rndc-key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/logfileconfig/ns1/named.unlimited.in b/bin/tests/system/logfileconfig/ns1/named.unlimited.in index 506b49b3c6..f806eddd62 100644 --- a/bin/tests/system/logfileconfig/ns1/named.unlimited.in +++ b/bin/tests/system/logfileconfig/ns1/named.unlimited.in @@ -48,5 +48,5 @@ controls { key rndc-key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/logfileconfig/ns1/named.versconf.in b/bin/tests/system/logfileconfig/ns1/named.versconf.in index 3860ae8c31..c30d8a376e 100644 --- a/bin/tests/system/logfileconfig/ns1/named.versconf.in +++ b/bin/tests/system/logfileconfig/ns1/named.versconf.in @@ -48,5 +48,5 @@ controls { key rndc-key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/masterformat/ns1/named.conf.in b/bin/tests/system/masterformat/ns1/named.conf.in index 0b9b42eb56..28687feda4 100644 --- a/bin/tests/system/masterformat/ns1/named.conf.in +++ b/bin/tests/system/masterformat/ns1/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/masterformat/ns3/named.conf.in b/bin/tests/system/masterformat/ns3/named.conf.in index c53acaa099..eca537d93e 100644 --- a/bin/tests/system/masterformat/ns3/named.conf.in +++ b/bin/tests/system/masterformat/ns3/named.conf.in @@ -24,7 +24,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/mirror/ns2/named.conf.in b/bin/tests/system/mirror/ns2/named.conf.in index 5df56c234b..52999c5325 100644 --- a/bin/tests/system/mirror/ns2/named.conf.in +++ b/bin/tests/system/mirror/ns2/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/mirror/ns3/named.conf.in b/bin/tests/system/mirror/ns3/named.conf.in index 58d8bd5a30..7bc8d5d854 100644 --- a/bin/tests/system/mirror/ns3/named.conf.in +++ b/bin/tests/system/mirror/ns3/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/mkeys/ns1/named1.conf.in b/bin/tests/system/mkeys/ns1/named1.conf.in index 1912ee184e..a63b54b4d2 100644 --- a/bin/tests/system/mkeys/ns1/named1.conf.in +++ b/bin/tests/system/mkeys/ns1/named1.conf.in @@ -34,7 +34,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/mkeys/ns1/named2.conf.in b/bin/tests/system/mkeys/ns1/named2.conf.in index 99ec781b52..729251bb32 100644 --- a/bin/tests/system/mkeys/ns1/named2.conf.in +++ b/bin/tests/system/mkeys/ns1/named2.conf.in @@ -34,7 +34,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/mkeys/ns1/named3.conf.in b/bin/tests/system/mkeys/ns1/named3.conf.in index e05965dc14..0f5d11f110 100644 --- a/bin/tests/system/mkeys/ns1/named3.conf.in +++ b/bin/tests/system/mkeys/ns1/named3.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/mkeys/ns2/named.conf.in b/bin/tests/system/mkeys/ns2/named.conf.in index 2f823b8951..1c77556f78 100644 --- a/bin/tests/system/mkeys/ns2/named.conf.in +++ b/bin/tests/system/mkeys/ns2/named.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/mkeys/ns3/named.conf.in b/bin/tests/system/mkeys/ns3/named.conf.in index e6e19f54c3..928ce30809 100644 --- a/bin/tests/system/mkeys/ns3/named.conf.in +++ b/bin/tests/system/mkeys/ns3/named.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/mkeys/ns4/named.conf.in b/bin/tests/system/mkeys/ns4/named.conf.in index 6bbc6b7b94..fc200ce282 100644 --- a/bin/tests/system/mkeys/ns4/named.conf.in +++ b/bin/tests/system/mkeys/ns4/named.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/mkeys/ns5/named.conf.in b/bin/tests/system/mkeys/ns5/named.conf.in index aec778f243..167938c04e 100644 --- a/bin/tests/system/mkeys/ns5/named.conf.in +++ b/bin/tests/system/mkeys/ns5/named.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/mkeys/ns6/named.conf.in b/bin/tests/system/mkeys/ns6/named.conf.in index 50892fa3bb..7e74c3820b 100644 --- a/bin/tests/system/mkeys/ns6/named.conf.in +++ b/bin/tests/system/mkeys/ns6/named.conf.in @@ -29,7 +29,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/mkeys/ns7/named.conf.in b/bin/tests/system/mkeys/ns7/named.conf.in index 2c0d69ed1b..b50246a774 100644 --- a/bin/tests/system/mkeys/ns7/named.conf.in +++ b/bin/tests/system/mkeys/ns7/named.conf.in @@ -29,7 +29,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/notify/ns2/named.conf.in b/bin/tests/system/notify/ns2/named.conf.in index 13b3797440..44aac95013 100644 --- a/bin/tests/system/notify/ns2/named.conf.in +++ b/bin/tests/system/notify/ns2/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in index 5cab276526..4660fa2169 100644 --- a/bin/tests/system/notify/ns5/named.conf.in +++ b/bin/tests/system/notify/ns5/named.conf.in @@ -12,17 +12,17 @@ */ key "a" { - algorithm "hmac-md5"; + algorithm @DEFAULT_HMAC@; secret "aaaaaaaaaaaaaaaaaaaa"; }; key "b" { - algorithm "hmac-md5"; + algorithm @DEFAULT_HMAC@; secret "bbbbbbbbbbbbbbbbbbbb"; }; key "c" { - algorithm "hmac-md5"; + algorithm @DEFAULT_HMAC@; secret "cccccccccccccccccccc"; }; diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh index 04fd34b47f..5f4ad1c681 100644 --- a/bin/tests/system/notify/tests.sh +++ b/bin/tests/system/notify/tests.sh @@ -179,7 +179,7 @@ test_start "checking notify to multiple views using tsig" $NSUPDATE << EOF server 10.53.0.5 ${PORT} zone x21 -key a aaaaaaaaaaaaaaaaaaaa +key $DEFAULT_HMAC:a aaaaaaaaaaaaaaaaaaaa update add added.x21 0 in txt "test string" send EOF @@ -187,9 +187,9 @@ fnb="dig.out.b.ns5.test$n" fnc="dig.out.c.ns5.test$n" for i in 1 2 3 4 5 6 7 8 9 do - dig_plus_opts added.x21. -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \ + dig_plus_opts added.x21. -y "${DEFAULT_HMAC}:b:bbbbbbbbbbbbbbbbbbbb" @10.53.0.5 \ txt > "$fnb" || ret=1 - dig_plus_opts added.x21. -y c:cccccccccccccccccccc @10.53.0.5 \ + dig_plus_opts added.x21. -y "${DEFAULT_HMAC}:c:cccccccccccccccccccc" @10.53.0.5 \ txt > "$fnc" || ret=1 grep "test string" "$fnb" > /dev/null && grep "test string" "$fnc" > /dev/null && diff --git a/bin/tests/system/nsec3/ns3/named.conf.in b/bin/tests/system/nsec3/ns3/named.conf.in index 33a17c013c..67febf6a65 100644 --- a/bin/tests/system/nsec3/ns3/named.conf.in +++ b/bin/tests/system/nsec3/ns3/named.conf.in @@ -44,7 +44,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/nsec3/ns3/named2.conf.in b/bin/tests/system/nsec3/ns3/named2.conf.in index cfce6d9945..3af1f5e8d9 100644 --- a/bin/tests/system/nsec3/ns3/named2.conf.in +++ b/bin/tests/system/nsec3/ns3/named2.conf.in @@ -44,7 +44,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in index 81d0c99af8..36e7b5910a 100644 --- a/bin/tests/system/nsupdate/ns1/named.conf.in +++ b/bin/tests/system/nsupdate/ns1/named.conf.in @@ -31,7 +31,7 @@ acl named-acl { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { @@ -39,17 +39,17 @@ controls { }; key altkey { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; key restricted.example.nil { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; key zonesub-key.example.nil { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234subk8765"; }; diff --git a/bin/tests/system/nsupdate/ns10/named.conf.in b/bin/tests/system/nsupdate/ns10/named.conf.in index 68f8279200..f28c90bded 100644 --- a/bin/tests/system/nsupdate/ns10/named.conf.in +++ b/bin/tests/system/nsupdate/ns10/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in index f1a1735634..356382a583 100644 --- a/bin/tests/system/nsupdate/ns2/named.conf.in +++ b/bin/tests/system/nsupdate/ns2/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { @@ -34,7 +34,7 @@ controls { }; key altkey { - algorithm hmac-md5; + algorithm @DEFAULT_HMAC@; secret "1234abcd8765"; }; diff --git a/bin/tests/system/nsupdate/ns5/named.conf.in b/bin/tests/system/nsupdate/ns5/named.conf.in index c36777da64..39dec512c4 100644 --- a/bin/tests/system/nsupdate/ns5/named.conf.in +++ b/bin/tests/system/nsupdate/ns5/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/nsupdate/ns6/named.conf.in b/bin/tests/system/nsupdate/ns6/named.conf.in index cf4a5aa5f5..82bc015ce4 100644 --- a/bin/tests/system/nsupdate/ns6/named.conf.in +++ b/bin/tests/system/nsupdate/ns6/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/nsupdate/ns7/named.conf.in b/bin/tests/system/nsupdate/ns7/named.conf.in index 1297bae9d2..7a484c7f2e 100644 --- a/bin/tests/system/nsupdate/ns7/named.conf.in +++ b/bin/tests/system/nsupdate/ns7/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/nsupdate/ns8/named.conf.in b/bin/tests/system/nsupdate/ns8/named.conf.in index ead3cfed4d..042ac468e3 100644 --- a/bin/tests/system/nsupdate/ns8/named.conf.in +++ b/bin/tests/system/nsupdate/ns8/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/nsupdate/ns9/named.conf.in b/bin/tests/system/nsupdate/ns9/named.conf.in index 2e28ed3776..0b70745ebd 100644 --- a/bin/tests/system/nsupdate/ns9/named.conf.in +++ b/bin/tests/system/nsupdate/ns9/named.conf.in @@ -27,12 +27,12 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; key subkey { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh index 0863d0a1ad..95bb5befd1 100755 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -690,7 +690,7 @@ echo_i "check that 'update-policy subdomain' is properly enforced ($n)" # and thus this UPDATE should succeed. $NSUPDATE -d < nsupdate.out1-$n 2>&1 || ret=1 server 10.53.0.1 ${PORT} -key restricted.example.nil 1234abcd8765 +key $DEFAULT_HMAC:restricted.example.nil 1234abcd8765 update add restricted.example.nil 0 IN TXT everywhere. send END @@ -700,7 +700,7 @@ grep "TXT.*everywhere" dig.out.1.test$n > /dev/null || ret=1 # thus this UPDATE should fail. $NSUPDATE -d < nsupdate.out2-$n 2>&1 && ret=1 server 10.53.0.1 ${PORT} -key restricted.example.nil 1234abcd8765 +key $DEFAULT_HMAC:restricted.example.nil 1234abcd8765 update add example.nil 0 IN TXT everywhere. send END @@ -715,7 +715,7 @@ echo_i "check that 'update-policy zonesub' is properly enforced ($n)" # the A record update should be rejected as it is not in the type list $NSUPDATE -d < nsupdate.out1-$n 2>&1 && ret=1 server 10.53.0.1 ${PORT} -key zonesub-key.example.nil 1234subk8765 +key $DEFAULT_HMAC:zonesub-key.example.nil 1234subk8765 update add zonesub.example.nil 0 IN A 1.2.3.4 send END @@ -725,7 +725,7 @@ grep "ANSWER: 0," dig.out.1.test$n > /dev/null || ret=1 # the TXT record update should be accepted as it is in the type list $NSUPDATE -d < nsupdate.out2-$n 2>&1 || ret=1 server 10.53.0.1 ${PORT} -key zonesub-key.example.nil 1234subk8765 +key $DEFAULT_HMAC:zonesub-key.example.nil 1234subk8765 update add zonesub.example.nil 0 IN TXT everywhere. send END @@ -739,7 +739,7 @@ n=`expr $n + 1` ret=0 echo_i "check 'grant' in deny name + grant subdomain ($n)" $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1 -key hmac-sha256:subkey 1234abcd8765 +key $DEFAULT_HMAC:subkey 1234abcd8765 server 10.53.0.9 ${PORT} zone denyname.example update add foo.denyname.example 3600 IN TXT added @@ -753,7 +753,7 @@ n=`expr $n + 1` ret=0 echo_i "check 'deny' in deny name + grant subdomain ($n)" $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1 -key hmac-sha256:subkey 1234abcd8765 +key $DEFAULT_HMAC:subkey 1234abcd8765 server 10.53.0.9 ${PORT} zone denyname.example update add denyname.example 3600 IN TXT added diff --git a/bin/tests/system/nzd2nzf/ns1/named.conf.in b/bin/tests/system/nzd2nzf/ns1/named.conf.in index d8fc51fe19..9b5bf3a82a 100644 --- a/bin/tests/system/nzd2nzf/ns1/named.conf.in +++ b/bin/tests/system/nzd2nzf/ns1/named.conf.in @@ -23,7 +23,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/padding/ns1/named.conf.in b/bin/tests/system/padding/ns1/named.conf.in index 26cf4b3d54..696dc48f98 100644 --- a/bin/tests/system/padding/ns1/named.conf.in +++ b/bin/tests/system/padding/ns1/named.conf.in @@ -25,7 +25,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/padding/ns2/named.conf.in b/bin/tests/system/padding/ns2/named.conf.in index 834471f758..3f6e0d42c1 100644 --- a/bin/tests/system/padding/ns2/named.conf.in +++ b/bin/tests/system/padding/ns2/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/padding/ns3/named.conf.in b/bin/tests/system/padding/ns3/named.conf.in index cf9434f976..9b7e123bfe 100644 --- a/bin/tests/system/padding/ns3/named.conf.in +++ b/bin/tests/system/padding/ns3/named.conf.in @@ -31,7 +31,7 @@ server 10.53.0.2 { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/padding/ns4/named.conf.in b/bin/tests/system/padding/ns4/named.conf.in index 9a1651e0bb..79b7f72c7a 100644 --- a/bin/tests/system/padding/ns4/named.conf.in +++ b/bin/tests/system/padding/ns4/named.conf.in @@ -31,7 +31,7 @@ server 10.53.0.2 { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/pipelined/ns1/named.conf.in b/bin/tests/system/pipelined/ns1/named.conf.in index 848a0228cb..6cfac77c02 100644 --- a/bin/tests/system/pipelined/ns1/named.conf.in +++ b/bin/tests/system/pipelined/ns1/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/pipelined/ns2/named.conf.in b/bin/tests/system/pipelined/ns2/named.conf.in index 40ed7b9157..3679e97b12 100644 --- a/bin/tests/system/pipelined/ns2/named.conf.in +++ b/bin/tests/system/pipelined/ns2/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/pipelined/ns3/named.conf.in b/bin/tests/system/pipelined/ns3/named.conf.in index 428da7d41a..d8943d5b63 100644 --- a/bin/tests/system/pipelined/ns3/named.conf.in +++ b/bin/tests/system/pipelined/ns3/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/pipelined/ns4/named.conf.in b/bin/tests/system/pipelined/ns4/named.conf.in index cfd0fd213c..e7d07e99e3 100644 --- a/bin/tests/system/pipelined/ns4/named.conf.in +++ b/bin/tests/system/pipelined/ns4/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/qmin/ns5/named.conf.in b/bin/tests/system/qmin/ns5/named.conf.in index 11400c9748..d84d818a6e 100644 --- a/bin/tests/system/qmin/ns5/named.conf.in +++ b/bin/tests/system/qmin/ns5/named.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/qmin/ns6/named.conf.in b/bin/tests/system/qmin/ns6/named.conf.in index 8269d2519f..828973cef5 100644 --- a/bin/tests/system/qmin/ns6/named.conf.in +++ b/bin/tests/system/qmin/ns6/named.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/qmin/ns7/named.conf.in b/bin/tests/system/qmin/ns7/named.conf.in index 6646bea5d0..8ca32750e3 100644 --- a/bin/tests/system/qmin/ns7/named.conf.in +++ b/bin/tests/system/qmin/ns7/named.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/reclimit/ns3/named1.conf.in b/bin/tests/system/reclimit/ns3/named1.conf.in index 3eaaf6a2c3..58b5d02514 100644 --- a/bin/tests/system/reclimit/ns3/named1.conf.in +++ b/bin/tests/system/reclimit/ns3/named1.conf.in @@ -29,7 +29,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/reclimit/ns3/named2.conf.in b/bin/tests/system/reclimit/ns3/named2.conf.in index 12bf35fbf9..b5389f4ff9 100644 --- a/bin/tests/system/reclimit/ns3/named2.conf.in +++ b/bin/tests/system/reclimit/ns3/named2.conf.in @@ -29,7 +29,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/reclimit/ns3/named3.conf.in b/bin/tests/system/reclimit/ns3/named3.conf.in index 0910f94853..f356f2487f 100644 --- a/bin/tests/system/reclimit/ns3/named3.conf.in +++ b/bin/tests/system/reclimit/ns3/named3.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/reclimit/ns3/named4.conf.in b/bin/tests/system/reclimit/ns3/named4.conf.in index 84b5f4b187..728f00bb26 100644 --- a/bin/tests/system/reclimit/ns3/named4.conf.in +++ b/bin/tests/system/reclimit/ns3/named4.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/redirect/ns2/named.conf.in b/bin/tests/system/redirect/ns2/named.conf.in index 9e8cbdefe4..9b887360d8 100644 --- a/bin/tests/system/redirect/ns2/named.conf.in +++ b/bin/tests/system/redirect/ns2/named.conf.in @@ -33,7 +33,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/redirect/ns4/named.conf.in b/bin/tests/system/redirect/ns4/named.conf.in index 698d5a4926..1650e99a7b 100644 --- a/bin/tests/system/redirect/ns4/named.conf.in +++ b/bin/tests/system/redirect/ns4/named.conf.in @@ -33,7 +33,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/resolver/ns4/named.conf.in b/bin/tests/system/resolver/ns4/named.conf.in index 75c9c53d02..2fe6fbbf7d 100644 --- a/bin/tests/system/resolver/ns4/named.conf.in +++ b/bin/tests/system/resolver/ns4/named.conf.in @@ -59,7 +59,7 @@ zone "sourcens" { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/resolver/ns5/named.conf.in b/bin/tests/system/resolver/ns5/named.conf.in index eada94cede..c6344ad198 100644 --- a/bin/tests/system/resolver/ns5/named.conf.in +++ b/bin/tests/system/resolver/ns5/named.conf.in @@ -52,7 +52,7 @@ zone "delegation-only" { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/resolver/ns6/named.conf.in b/bin/tests/system/resolver/ns6/named.conf.in index 4fef5ba686..4f9145923b 100644 --- a/bin/tests/system/resolver/ns6/named.conf.in +++ b/bin/tests/system/resolver/ns6/named.conf.in @@ -84,7 +84,7 @@ zone "targetns" { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/resolver/ns7/named1.conf.in b/bin/tests/system/resolver/ns7/named1.conf.in index 8c64f63a97..7af5345f8f 100644 --- a/bin/tests/system/resolver/ns7/named1.conf.in +++ b/bin/tests/system/resolver/ns7/named1.conf.in @@ -36,7 +36,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/resolver/ns7/named2.conf.in b/bin/tests/system/resolver/ns7/named2.conf.in index 8c64f63a97..7af5345f8f 100644 --- a/bin/tests/system/resolver/ns7/named2.conf.in +++ b/bin/tests/system/resolver/ns7/named2.conf.in @@ -36,7 +36,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/rndc/clean.sh b/bin/tests/system/rndc/clean.sh index d18b5a54f2..7d08f5badc 100644 --- a/bin/tests/system/rndc/clean.sh +++ b/bin/tests/system/rndc/clean.sh @@ -12,11 +12,15 @@ # information regarding copyright ownership. rm -f dig.out.*.test* +rm -f ns*/*.nta +rm -f ns*/managed-keys.bind* ns*/*.mkeys* +rm -f ns*/named.conf rm -f ns*/named.lock rm -f ns*/named.memstats rm -f ns*/named.run ns*/named.run.prev rm -f ns2/named.stats rm -f ns2/nil.db ns2/other.db ns2/static.db ns2/*.jnl +rm -f ns2/secondkey.conf rm -f ns2/session.key rm -f ns3/named_dump.db* rm -f ns4/*.nta @@ -25,9 +29,6 @@ rm -f ns4/key?.conf rm -f ns6/huge.zone.db rm -f ns7/include.db ns7/test.db ns7/*.jnl rm -f ns7/named_dump.db* -rm -f ns*/named.conf rm -f nsupdate.out.*.test* rm -f python.out.*.test* rm -f rndc.out.*.test* -rm -f ns*/managed-keys.bind* ns*/*.mkeys* -rm -f ns*/*.nta diff --git a/bin/tests/system/rndc/ns2/named.conf.in b/bin/tests/system/rndc/ns2/named.conf.in index 1af5346644..be1af2538c 100644 --- a/bin/tests/system/rndc/ns2/named.conf.in +++ b/bin/tests/system/rndc/ns2/named.conf.in @@ -22,12 +22,12 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; key secondkey { secret "abcd1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/rndc/ns2/secondkey.conf b/bin/tests/system/rndc/ns2/secondkey.conf.in similarity index 95% rename from bin/tests/system/rndc/ns2/secondkey.conf rename to bin/tests/system/rndc/ns2/secondkey.conf.in index 1b6af7b8db..4f881537c2 100644 --- a/bin/tests/system/rndc/ns2/secondkey.conf +++ b/bin/tests/system/rndc/ns2/secondkey.conf.in @@ -17,5 +17,5 @@ options { key secondkey { secret "abcd1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; diff --git a/bin/tests/system/rndc/ns3/named.conf.in b/bin/tests/system/rndc/ns3/named.conf.in index 378ab67efd..fd97ca2c57 100644 --- a/bin/tests/system/rndc/ns3/named.conf.in +++ b/bin/tests/system/rndc/ns3/named.conf.in @@ -20,12 +20,12 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; key secondkey { secret "abcd1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/rndc/ns5/named.conf.in b/bin/tests/system/rndc/ns5/named.conf.in index ef38b17cdf..6681429756 100644 --- a/bin/tests/system/rndc/ns5/named.conf.in +++ b/bin/tests/system/rndc/ns5/named.conf.in @@ -21,7 +21,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/rndc/ns6/named.conf.in b/bin/tests/system/rndc/ns6/named.conf.in index 5c35741b8a..3b09f41668 100644 --- a/bin/tests/system/rndc/ns6/named.conf.in +++ b/bin/tests/system/rndc/ns6/named.conf.in @@ -21,7 +21,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/rndc/ns7/named.conf.in b/bin/tests/system/rndc/ns7/named.conf.in index b72122353a..af3e6fbdd5 100644 --- a/bin/tests/system/rndc/ns7/named.conf.in +++ b/bin/tests/system/rndc/ns7/named.conf.in @@ -20,16 +20,16 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; key int { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "FrSt77yPTFx6hTs4i2tKLB9LmE0="; }; key ext { - algorithm "hmac-sha1"; + algorithm @DEFAULT_HMAC@; secret "FrSt77yPTFx6hTs4i2tKLB9LmE0="; }; diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh index 4dd6fa739e..3c4de1292d 100644 --- a/bin/tests/system/rndc/setup.sh +++ b/bin/tests/system/rndc/setup.sh @@ -34,6 +34,7 @@ awk 'END { for (i = 1; i <= '${size}'; i++) printf "host%d IN A 10.53.0.6\n", i; }' < /dev/null >> ns6/huge.zone.db copy_setports ns2/named.conf.in ns2/named.conf +copy_setports ns2/secondkey.conf.in ns2/secondkey.conf copy_setports ns3/named.conf.in ns3/named.conf copy_setports ns4/named.conf.in ns4/named.conf copy_setports ns5/named.conf.in ns5/named.conf diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh index 17b007e850..b6475bd4ff 100644 --- a/bin/tests/system/rndc/tests.sh +++ b/bin/tests/system/rndc/tests.sh @@ -739,10 +739,10 @@ status=$((status+ret)) n=$((n+1)) echo_i "checking initial in-view zone file is loaded ($n)" ret=0 -TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" $DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n grep 'include 1' dig.out.1.test$n >/dev/null || ret=1 -TSIG="hmac-sha1:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0=" $DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n grep 'include 1' dig.out.2.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -750,7 +750,7 @@ status=$((status+ret)) echo_i "update in-view zone ($n)" ret=0 -TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" $NSUPDATE -p ${PORT} -y "$TSIG" > /dev/null 2>&1 < dig.out.1.test$n grep 'addition 1' dig.out.1.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi @@ -795,10 +795,10 @@ wait_for_log 3 "all zones loaded" ns7/named.run n=$((n+1)) echo_i "checking zone file edits are loaded ($n)" ret=0 -TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" $DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n grep 'include 2' dig.out.1.test$n >/dev/null || ret=1 -TSIG="hmac-sha1:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0=" $DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n grep 'include 2' dig.out.2.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi diff --git a/bin/tests/system/rpz/ns1/named.conf.in b/bin/tests/system/rpz/ns1/named.conf.in index 439ecfff4f..4cf402e244 100644 --- a/bin/tests/system/rpz/ns1/named.conf.in +++ b/bin/tests/system/rpz/ns1/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/rpz/ns10/named.conf.in b/bin/tests/system/rpz/ns10/named.conf.in index b34ce79bb4..d645e381c7 100644 --- a/bin/tests/system/rpz/ns10/named.conf.in +++ b/bin/tests/system/rpz/ns10/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { inet 10.53.0.10 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; diff --git a/bin/tests/system/rpz/ns2/named.conf.in b/bin/tests/system/rpz/ns2/named.conf.in index 1dde354562..9b2ab3a81f 100644 --- a/bin/tests/system/rpz/ns2/named.conf.in +++ b/bin/tests/system/rpz/ns2/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; diff --git a/bin/tests/system/rpz/ns3/named.conf.in b/bin/tests/system/rpz/ns3/named.conf.in index 30f08c804c..aafe7f20f4 100644 --- a/bin/tests/system/rpz/ns3/named.conf.in +++ b/bin/tests/system/rpz/ns3/named.conf.in @@ -68,7 +68,7 @@ logging { category rpz { default_debug; }; }; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; diff --git a/bin/tests/system/rpz/ns4/named.conf.in b/bin/tests/system/rpz/ns4/named.conf.in index e2a954601e..909f1c63aa 100644 --- a/bin/tests/system/rpz/ns4/named.conf.in +++ b/bin/tests/system/rpz/ns4/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/rpz/ns5/named.conf.in b/bin/tests/system/rpz/ns5/named.conf.in index a67a17f844..e1f8fb6056 100644 --- a/bin/tests/system/rpz/ns5/named.conf.in +++ b/bin/tests/system/rpz/ns5/named.conf.in @@ -40,7 +40,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; diff --git a/bin/tests/system/rpz/ns6/named.conf.in b/bin/tests/system/rpz/ns6/named.conf.in index 3c4fbe958f..d5fa2c46a8 100644 --- a/bin/tests/system/rpz/ns6/named.conf.in +++ b/bin/tests/system/rpz/ns6/named.conf.in @@ -42,7 +42,7 @@ logging { category rpz { default_debug; }; }; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/rpz/ns7/named.conf.in b/bin/tests/system/rpz/ns7/named.conf.in index 416db4d19b..7effd3db41 100644 --- a/bin/tests/system/rpz/ns7/named.conf.in +++ b/bin/tests/system/rpz/ns7/named.conf.in @@ -39,7 +39,7 @@ logging { category rpz { default_debug; }; }; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/rpz/ns8/named.conf.in b/bin/tests/system/rpz/ns8/named.conf.in index f228c00619..aa8b342d99 100644 --- a/bin/tests/system/rpz/ns8/named.conf.in +++ b/bin/tests/system/rpz/ns8/named.conf.in @@ -50,7 +50,7 @@ logging { category rpz { default_debug; }; }; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { inet 10.53.0.8 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; diff --git a/bin/tests/system/rpz/ns9/named.conf.in b/bin/tests/system/rpz/ns9/named.conf.in index e57591ccdf..70297bdeba 100644 --- a/bin/tests/system/rpz/ns9/named.conf.in +++ b/bin/tests/system/rpz/ns9/named.conf.in @@ -44,7 +44,7 @@ logging { category rpz { default_debug; }; }; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { inet 10.53.0.9 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; diff --git a/bin/tests/system/rpzextra/ns1/named.conf.in b/bin/tests/system/rpzextra/ns1/named.conf.in index fe81682357..202ffa7006 100644 --- a/bin/tests/system/rpzextra/ns1/named.conf.in +++ b/bin/tests/system/rpzextra/ns1/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/rpzextra/ns2/named.conf.in b/bin/tests/system/rpzextra/ns2/named.conf.in index 8f0193db70..17295efc01 100644 --- a/bin/tests/system/rpzextra/ns2/named.conf.in +++ b/bin/tests/system/rpzextra/ns2/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/rpzrecurse/ns1/named.conf.in b/bin/tests/system/rpzrecurse/ns1/named.conf.in index 14d749acd8..4fbb35ac57 100644 --- a/bin/tests/system/rpzrecurse/ns1/named.conf.in +++ b/bin/tests/system/rpzrecurse/ns1/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/rpzrecurse/ns2/named.conf.header.in b/bin/tests/system/rpzrecurse/ns2/named.conf.header.in index 8e08ae615c..2fb16788aa 100644 --- a/bin/tests/system/rpzrecurse/ns2/named.conf.header.in +++ b/bin/tests/system/rpzrecurse/ns2/named.conf.header.in @@ -32,7 +32,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/rpzrecurse/ns4/named.conf.in b/bin/tests/system/rpzrecurse/ns4/named.conf.in index 3b3787deb7..b8d87b9328 100644 --- a/bin/tests/system/rpzrecurse/ns4/named.conf.in +++ b/bin/tests/system/rpzrecurse/ns4/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/rrl/broken.conf b/bin/tests/system/rrl/broken.conf.in similarity index 97% rename from bin/tests/system/rrl/broken.conf rename to bin/tests/system/rrl/broken.conf.in index bf98736ee5..d830402493 100644 --- a/bin/tests/system/rrl/broken.conf +++ b/bin/tests/system/rrl/broken.conf.in @@ -38,9 +38,9 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; + controls { inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; }; }; - diff --git a/bin/tests/system/rrl/clean.sh b/bin/tests/system/rrl/clean.sh index abb10bd744..8a9d2c22b8 100644 --- a/bin/tests/system/rrl/clean.sh +++ b/bin/tests/system/rrl/clean.sh @@ -11,10 +11,11 @@ # Clean up after rrl tests. -rm -f dig.out* *mdig.out* rm -f */named.memstats */named.run */named.stats */log-* */session.key -rm -f ns3/bl*.db */*.jnl */*.core */*.pid -rm -f ns*/named.lock -rm -f ns*/named.conf +rm -f broken.conf rm -f broken.out +rm -f dig.out* *mdig.out* rm -f ns*/managed-keys.bind* +rm -f ns*/named.conf +rm -f ns*/named.lock +rm -f ns3/bl*.db */*.jnl */*.core */*.pid diff --git a/bin/tests/system/rrl/ns2/named.conf.in b/bin/tests/system/rrl/ns2/named.conf.in index 987d42f481..abe4f9cea3 100644 --- a/bin/tests/system/rrl/ns2/named.conf.in +++ b/bin/tests/system/rrl/ns2/named.conf.in @@ -38,7 +38,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; diff --git a/bin/tests/system/rrl/ns4/named.conf.in b/bin/tests/system/rrl/ns4/named.conf.in index cc17b916e4..3cd598e63b 100644 --- a/bin/tests/system/rrl/ns4/named.conf.in +++ b/bin/tests/system/rrl/ns4/named.conf.in @@ -40,7 +40,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; diff --git a/bin/tests/system/rrl/setup.sh b/bin/tests/system/rrl/setup.sh index 49a642683d..752b02ceed 100644 --- a/bin/tests/system/rrl/setup.sh +++ b/bin/tests/system/rrl/setup.sh @@ -15,6 +15,7 @@ $SHELL clean.sh +copy_setports broken.conf.in broken.conf copy_setports ns1/named.conf.in ns1/named.conf copy_setports ns2/named.conf.in ns2/named.conf copy_setports ns3/named.conf.in ns3/named.conf diff --git a/bin/tests/system/runtime/ns2/named1.conf.in b/bin/tests/system/runtime/ns2/named1.conf.in index b389863d4d..d8b31489cd 100644 --- a/bin/tests/system/runtime/ns2/named1.conf.in +++ b/bin/tests/system/runtime/ns2/named1.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/serve-stale/ns1/named1.conf.in b/bin/tests/system/serve-stale/ns1/named1.conf.in index c0dd5b8911..a895195be7 100644 --- a/bin/tests/system/serve-stale/ns1/named1.conf.in +++ b/bin/tests/system/serve-stale/ns1/named1.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/serve-stale/ns1/named2.conf.in b/bin/tests/system/serve-stale/ns1/named2.conf.in index c1579031fb..2696a2b6b3 100644 --- a/bin/tests/system/serve-stale/ns1/named2.conf.in +++ b/bin/tests/system/serve-stale/ns1/named2.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/serve-stale/ns1/named3.conf.in b/bin/tests/system/serve-stale/ns1/named3.conf.in index 985cddb6f9..846c60c4d2 100644 --- a/bin/tests/system/serve-stale/ns1/named3.conf.in +++ b/bin/tests/system/serve-stale/ns1/named3.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/serve-stale/ns1/named4.conf.in b/bin/tests/system/serve-stale/ns1/named4.conf.in index 263baa095c..139f68ec67 100644 --- a/bin/tests/system/serve-stale/ns1/named4.conf.in +++ b/bin/tests/system/serve-stale/ns1/named4.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/serve-stale/ns3/named1.conf.in b/bin/tests/system/serve-stale/ns3/named1.conf.in index 4bc5de915d..9b6ebc7891 100644 --- a/bin/tests/system/serve-stale/ns3/named1.conf.in +++ b/bin/tests/system/serve-stale/ns3/named1.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/serve-stale/ns3/named2.conf.in b/bin/tests/system/serve-stale/ns3/named2.conf.in index 777133d608..8b855833d4 100644 --- a/bin/tests/system/serve-stale/ns3/named2.conf.in +++ b/bin/tests/system/serve-stale/ns3/named2.conf.in @@ -17,7 +17,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/serve-stale/ns3/named3.conf.in b/bin/tests/system/serve-stale/ns3/named3.conf.in index 98fff793b0..cef5e52767 100644 --- a/bin/tests/system/serve-stale/ns3/named3.conf.in +++ b/bin/tests/system/serve-stale/ns3/named3.conf.in @@ -17,7 +17,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/serve-stale/ns3/named4.conf.in b/bin/tests/system/serve-stale/ns3/named4.conf.in index 21801b4b68..120aa48c7e 100644 --- a/bin/tests/system/serve-stale/ns3/named4.conf.in +++ b/bin/tests/system/serve-stale/ns3/named4.conf.in @@ -17,7 +17,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/serve-stale/ns3/named5.conf.in b/bin/tests/system/serve-stale/ns3/named5.conf.in index f7c51286aa..b695901413 100644 --- a/bin/tests/system/serve-stale/ns3/named5.conf.in +++ b/bin/tests/system/serve-stale/ns3/named5.conf.in @@ -17,7 +17,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/serve-stale/ns3/named6.conf.in b/bin/tests/system/serve-stale/ns3/named6.conf.in index 6fa3fbf851..add8d1a594 100644 --- a/bin/tests/system/serve-stale/ns3/named6.conf.in +++ b/bin/tests/system/serve-stale/ns3/named6.conf.in @@ -17,7 +17,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/serve-stale/ns3/named7.conf.in b/bin/tests/system/serve-stale/ns3/named7.conf.in index 3dba2eeb8f..12d9ee38bc 100644 --- a/bin/tests/system/serve-stale/ns3/named7.conf.in +++ b/bin/tests/system/serve-stale/ns3/named7.conf.in @@ -17,7 +17,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/serve-stale/ns3/named8.conf.in b/bin/tests/system/serve-stale/ns3/named8.conf.in index a292b5af40..cfa60bdad3 100644 --- a/bin/tests/system/serve-stale/ns3/named8.conf.in +++ b/bin/tests/system/serve-stale/ns3/named8.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/serve-stale/ns4/named.conf.in b/bin/tests/system/serve-stale/ns4/named.conf.in index dbec7fde83..85640d8331 100644 --- a/bin/tests/system/serve-stale/ns4/named.conf.in +++ b/bin/tests/system/serve-stale/ns4/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/serve-stale/ns5/named.conf.in b/bin/tests/system/serve-stale/ns5/named.conf.in index fb2694e376..74d2156da3 100644 --- a/bin/tests/system/serve-stale/ns5/named.conf.in +++ b/bin/tests/system/serve-stale/ns5/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/sfcache/ns2/named.conf.in b/bin/tests/system/sfcache/ns2/named.conf.in index 2ec6675c01..afb5a86212 100644 --- a/bin/tests/system/sfcache/ns2/named.conf.in +++ b/bin/tests/system/sfcache/ns2/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/sfcache/ns5/named.conf.in b/bin/tests/system/sfcache/ns5/named.conf.in index df3938be1e..272d65b515 100644 --- a/bin/tests/system/sfcache/ns5/named.conf.in +++ b/bin/tests/system/sfcache/ns5/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/shutdown/ns1/named.conf.in b/bin/tests/system/shutdown/ns1/named.conf.in index 05e6d84994..f0f5210b30 100644 --- a/bin/tests/system/shutdown/ns1/named.conf.in +++ b/bin/tests/system/shutdown/ns1/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/shutdown/ns2/named.conf.in b/bin/tests/system/shutdown/ns2/named.conf.in index c041a5b3f3..2ed91dc86b 100644 --- a/bin/tests/system/shutdown/ns2/named.conf.in +++ b/bin/tests/system/shutdown/ns2/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/shutdown/resolver/named.conf.in b/bin/tests/system/shutdown/resolver/named.conf.in index f8444e33c0..5007579d33 100644 --- a/bin/tests/system/shutdown/resolver/named.conf.in +++ b/bin/tests/system/shutdown/resolver/named.conf.in @@ -19,9 +19,10 @@ logging { }; category default { basic; }; }; + key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/staticstub/ns2/named.conf.in b/bin/tests/system/staticstub/ns2/named.conf.in index 0724607b32..55483ab0ec 100644 --- a/bin/tests/system/staticstub/ns2/named.conf.in +++ b/bin/tests/system/staticstub/ns2/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/staticstub/ns3/named.conf.in b/bin/tests/system/staticstub/ns3/named.conf.in index cbff743d16..e6e49c3708 100644 --- a/bin/tests/system/staticstub/ns3/named.conf.in +++ b/bin/tests/system/staticstub/ns3/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/statistics/ns2/named.conf.in b/bin/tests/system/statistics/ns2/named.conf.in index 4e020378fb..48fb8b481f 100644 --- a/bin/tests/system/statistics/ns2/named.conf.in +++ b/bin/tests/system/statistics/ns2/named.conf.in @@ -30,7 +30,7 @@ statistics-channels { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/statistics/ns2/named2.conf.in b/bin/tests/system/statistics/ns2/named2.conf.in index f2deebf11b..1187e10b82 100644 --- a/bin/tests/system/statistics/ns2/named2.conf.in +++ b/bin/tests/system/statistics/ns2/named2.conf.in @@ -29,7 +29,7 @@ statistics-channels { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/statistics/ns3/named.conf.in b/bin/tests/system/statistics/ns3/named.conf.in index 97021f002d..4cc712d46b 100644 --- a/bin/tests/system/statistics/ns3/named.conf.in +++ b/bin/tests/system/statistics/ns3/named.conf.in @@ -33,7 +33,7 @@ statistics-channels { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/statschannel/ns1/named.conf.in b/bin/tests/system/statschannel/ns1/named.conf.in index 04ead3325c..5781886e39 100644 --- a/bin/tests/system/statschannel/ns1/named.conf.in +++ b/bin/tests/system/statschannel/ns1/named.conf.in @@ -29,7 +29,7 @@ statistics-channels { inet 10.53.0.1 port @EXTRAPORT1@ allow { localhost; }; }; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/statschannel/ns2/named.conf.in b/bin/tests/system/statschannel/ns2/named.conf.in index fd25fff4a7..d1445edd32 100644 --- a/bin/tests/system/statschannel/ns2/named.conf.in +++ b/bin/tests/system/statschannel/ns2/named.conf.in @@ -29,7 +29,7 @@ statistics-channels { inet 10.53.0.2 port @EXTRAPORT1@ allow { localhost; }; }; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/statschannel/ns2/named2.conf.in b/bin/tests/system/statschannel/ns2/named2.conf.in index d45f9f5873..65be7a63db 100644 --- a/bin/tests/system/statschannel/ns2/named2.conf.in +++ b/bin/tests/system/statschannel/ns2/named2.conf.in @@ -29,7 +29,7 @@ statistics-channels { inet 10.53.0.2 port @EXTRAPORT1@ allow { localhost; }; }; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/statschannel/ns3/named.conf.in b/bin/tests/system/statschannel/ns3/named.conf.in index 5f08c3ffaa..bfd5a8e467 100644 --- a/bin/tests/system/statschannel/ns3/named.conf.in +++ b/bin/tests/system/statschannel/ns3/named.conf.in @@ -29,7 +29,7 @@ statistics-channels { inet 10.53.0.3 port @EXTRAPORT1@ allow { localhost; }; }; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/stress/ns3/named.conf b/bin/tests/system/stress/ns3/named.conf index 8894493ba6..d4f331c4ce 100644 --- a/bin/tests/system/stress/ns3/named.conf +++ b/bin/tests/system/stress/ns3/named.conf @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/synthfromdnssec/ns1/named.conf.in b/bin/tests/system/synthfromdnssec/ns1/named.conf.in index 7d25a1371a..9a86e24acc 100644 --- a/bin/tests/system/synthfromdnssec/ns1/named.conf.in +++ b/bin/tests/system/synthfromdnssec/ns1/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/synthfromdnssec/ns2/named.conf.in b/bin/tests/system/synthfromdnssec/ns2/named.conf.in index cc303072a2..f4b5059c44 100644 --- a/bin/tests/system/synthfromdnssec/ns2/named.conf.in +++ b/bin/tests/system/synthfromdnssec/ns2/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/synthfromdnssec/ns3/named.conf.in b/bin/tests/system/synthfromdnssec/ns3/named.conf.in index 20fcf2ff59..874143a543 100644 --- a/bin/tests/system/synthfromdnssec/ns3/named.conf.in +++ b/bin/tests/system/synthfromdnssec/ns3/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/synthfromdnssec/ns4/named.conf.in b/bin/tests/system/synthfromdnssec/ns4/named.conf.in index 2dbc9d0a40..780562ffcd 100644 --- a/bin/tests/system/synthfromdnssec/ns4/named.conf.in +++ b/bin/tests/system/synthfromdnssec/ns4/named.conf.in @@ -29,7 +29,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/synthfromdnssec/ns5/named.conf.in b/bin/tests/system/synthfromdnssec/ns5/named.conf.in index 885708c767..42495488c2 100644 --- a/bin/tests/system/synthfromdnssec/ns5/named.conf.in +++ b/bin/tests/system/synthfromdnssec/ns5/named.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/synthfromdnssec/ns6/named.conf.in b/bin/tests/system/synthfromdnssec/ns6/named.conf.in index 0ef4650484..c10e0f70e2 100644 --- a/bin/tests/system/synthfromdnssec/ns6/named.conf.in +++ b/bin/tests/system/synthfromdnssec/ns6/named.conf.in @@ -29,7 +29,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/tcp/ns1/named.conf.in b/bin/tests/system/tcp/ns1/named.conf.in index 24c87468a9..c042f6a301 100644 --- a/bin/tests/system/tcp/ns1/named.conf.in +++ b/bin/tests/system/tcp/ns1/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/tcp/ns2/named.conf.in b/bin/tests/system/tcp/ns2/named.conf.in index 5737800331..75f039af66 100644 --- a/bin/tests/system/tcp/ns2/named.conf.in +++ b/bin/tests/system/tcp/ns2/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/tcp/ns3/named.conf.in b/bin/tests/system/tcp/ns3/named.conf.in index 5b3b982de1..7e2ba8b23d 100644 --- a/bin/tests/system/tcp/ns3/named.conf.in +++ b/bin/tests/system/tcp/ns3/named.conf.in @@ -28,7 +28,7 @@ server 10.53.0.1 { tcp-only yes; }; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/tcp/ns4/named.conf.in b/bin/tests/system/tcp/ns4/named.conf.in index a7a0546ff8..3d4c770d07 100644 --- a/bin/tests/system/tcp/ns4/named.conf.in +++ b/bin/tests/system/tcp/ns4/named.conf.in @@ -30,7 +30,7 @@ server 10.53.0.2 { tcp-only yes; }; key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/tcp/ns5/named.conf.in b/bin/tests/system/tcp/ns5/named.conf.in index 7827d9db21..bd754f714b 100644 --- a/bin/tests/system/tcp/ns5/named.conf.in +++ b/bin/tests/system/tcp/ns5/named.conf.in @@ -15,7 +15,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/tcp/ns7/named.conf.in b/bin/tests/system/tcp/ns7/named.conf.in index fcaeecfe12..1103fce720 100644 --- a/bin/tests/system/tcp/ns7/named.conf.in +++ b/bin/tests/system/tcp/ns7/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/tkey/ns1/named.conf.in b/bin/tests/system/tkey/ns1/named.conf.in index a2e371c3ff..0fd784a666 100644 --- a/bin/tests/system/tkey/ns1/named.conf.in +++ b/bin/tests/system/tkey/ns1/named.conf.in @@ -30,7 +30,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/tsiggss/ns1/named.conf.in b/bin/tests/system/tsiggss/ns1/named.conf.in index 1dfa49a900..1419b59fc8 100644 --- a/bin/tests/system/tsiggss/ns1/named.conf.in +++ b/bin/tests/system/tsiggss/ns1/named.conf.in @@ -27,7 +27,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/ttl/ns1/named.conf.in b/bin/tests/system/ttl/ns1/named.conf.in index 4c771c97bf..0a2653fbc2 100644 --- a/bin/tests/system/ttl/ns1/named.conf.in +++ b/bin/tests/system/ttl/ns1/named.conf.in @@ -13,7 +13,7 @@ key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/ttl/ns2/named.conf.in b/bin/tests/system/ttl/ns2/named.conf.in index d1c56acb44..1716807621 100644 --- a/bin/tests/system/ttl/ns2/named.conf.in +++ b/bin/tests/system/ttl/ns2/named.conf.in @@ -32,7 +32,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in index c2b57ddb12..83ba6040c4 100644 --- a/bin/tests/system/upforwd/ns1/named.conf.in +++ b/bin/tests/system/upforwd/ns1/named.conf.in @@ -12,7 +12,7 @@ */ key "update.example." { - algorithm "hmac-md5"; + algorithm @DEFAULT_HMAC@; secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; }; diff --git a/bin/tests/system/upforwd/ns3/named.conf.in b/bin/tests/system/upforwd/ns3/named.conf.in index 0a5c7da002..75eed2ed93 100644 --- a/bin/tests/system/upforwd/ns3/named.conf.in +++ b/bin/tests/system/upforwd/ns3/named.conf.in @@ -26,7 +26,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh index a6de3124de..6d53af1c61 100644 --- a/bin/tests/system/upforwd/tests.sh +++ b/bin/tests/system/upforwd/tests.sh @@ -80,7 +80,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi echo_i "updating zone (signed) ($n)" ret=0 -$NSUPDATE -y update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - < dig.out.ns2.test$n || tmp=1 +$DIG $DIGOPTS tsigzone. @10.53.0.2 axfr -y "${DEFAULT_HMAC}:tsigzone.:1234abcd8765" > dig.out.ns2.test$n || tmp=1 grep "^;" dig.out.ns2.test$n | cat_i # # Spin to allow the zone to transfer. # wait_for_xfer_tsig () { - $DIG $DIGOPTS tsigzone. @10.53.0.3 axfr -y tsigzone.:1234abcd8765 > dig.out.ns3.test$n || return 1 + $DIG $DIGOPTS tsigzone. @10.53.0.3 axfr -y "${DEFAULT_HMAC}:tsigzone.:1234abcd8765" > dig.out.ns3.test$n || return 1 grep "^;" dig.out.ns3.test$n > /dev/null && return 1 return 0 } @@ -414,7 +414,7 @@ echo_i "bad message id ($n)" sendcmd < ans5/badmessageid # Uncomment to see AXFR stream with mismatching IDs. -# $DIG $DIGOPTS @10.53.0.5 -y tsig_key:LSAnCU+Z nil. AXFR +all +# $DIG $DIGOPTS @10.53.0.5 -y "${DEFAULT_HMAC}:tsig_key:LSAnCU+Z" nil. AXFR +all $RNDCCMD 10.53.0.4 retransfer nil | sed 's/^/ns4 /' | cat_i @@ -465,7 +465,7 @@ test ${expire:-0} -gt 0 -a ${expire:-0} -lt 1814400 || { n=$((n+1)) echo_i "test smaller transfer TCP message size ($n)" $DIG $DIGOPTS example. @10.53.0.8 axfr \ - -y key1.:1234abcd8765 > dig.out.msgsize.test$n || status=1 + -y "${DEFAULT_HMAC}:key1.:1234abcd8765" > dig.out.msgsize.test$n || status=1 bytes=`wc -c < dig.out.msgsize.test$n` if [ $bytes -ne 459357 ]; then diff --git a/bin/tests/system/xferquota/ns1/named.conf.in b/bin/tests/system/xferquota/ns1/named.conf.in index c9f19f92d0..0d1933f52c 100644 --- a/bin/tests/system/xferquota/ns1/named.conf.in +++ b/bin/tests/system/xferquota/ns1/named.conf.in @@ -25,7 +25,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/zonechecks/ns1/named.conf.in b/bin/tests/system/zonechecks/ns1/named.conf.in index 78f087d458..03bc91838c 100644 --- a/bin/tests/system/zonechecks/ns1/named.conf.in +++ b/bin/tests/system/zonechecks/ns1/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls { diff --git a/bin/tests/system/zonechecks/ns2/named.conf.in b/bin/tests/system/zonechecks/ns2/named.conf.in index 79e7c181da..5ecf68b56f 100644 --- a/bin/tests/system/zonechecks/ns2/named.conf.in +++ b/bin/tests/system/zonechecks/ns2/named.conf.in @@ -28,7 +28,7 @@ options { key rndc_key { secret "1234abcd8765"; - algorithm hmac-sha256; + algorithm @DEFAULT_HMAC@; }; controls {