Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
BIND
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
583
Issues
583
List
Boards
Labels
Service Desk
Milestones
Merge Requests
110
Merge Requests
110
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ISC Open Source Projects
BIND
Commits
27593e65
Commit
27593e65
authored
May 25, 2018
by
Ondřej Surý
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove support for obsoleted ECC-GOST (GOST R 34.11-94) algorithm
parent
57f0949e
Changes
60
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
60 changed files
with
39 additions
and
2875 deletions
+39
-2875
bin/dnssec/dnssec-cds.c
bin/dnssec/dnssec-cds.c
+1
-1
bin/dnssec/dnssec-cds.docbook
bin/dnssec/dnssec-cds.docbook
+1
-1
bin/dnssec/dnssec-dsfromkey.docbook
bin/dnssec/dnssec-dsfromkey.docbook
+1
-1
bin/dnssec/dnssec-dsfromkey.html
bin/dnssec/dnssec-dsfromkey.html
+1
-1
bin/dnssec/dnssec-keyfromlabel.c
bin/dnssec/dnssec-keyfromlabel.c
+1
-2
bin/dnssec/dnssec-keyfromlabel.docbook
bin/dnssec/dnssec-keyfromlabel.docbook
+1
-1
bin/dnssec/dnssec-keygen.c
bin/dnssec/dnssec-keygen.c
+1
-1
bin/dnssec/dnssec-keygen.docbook
bin/dnssec/dnssec-keygen.docbook
+1
-1
bin/dnssec/dnssectool.c
bin/dnssec/dnssectool.c
+0
-4
bin/python/isc/dnskey.py.in
bin/python/isc/dnskey.py.in
+1
-1
bin/python/isc/policy.py.in
bin/python/isc/policy.py.in
+2
-8
bin/tests/system/conf.sh.in
bin/tests/system/conf.sh.in
+1
-1
bin/tests/system/conf.sh.win32
bin/tests/system/conf.sh.win32
+1
-1
bin/tests/system/dsdigest/ns2/sign.sh
bin/tests/system/dsdigest/ns2/sign.sh
+0
-1
bin/tests/system/dsdigest/ns3/named.conf.in
bin/tests/system/dsdigest/ns3/named.conf.in
+1
-1
bin/tests/system/dsdigest/ns4/named.conf.in
bin/tests/system/dsdigest/ns4/named.conf.in
+1
-1
bin/tests/system/dsdigest/prereq.sh
bin/tests/system/dsdigest/prereq.sh
+3
-8
bin/tests/system/gost/clean.sh
bin/tests/system/gost/clean.sh
+0
-19
bin/tests/system/gost/ns1/named.conf
bin/tests/system/gost/ns1/named.conf
+0
-35
bin/tests/system/gost/ns1/root.db.in
bin/tests/system/gost/ns1/root.db.in
+0
-19
bin/tests/system/gost/ns1/sign.sh
bin/tests/system/gost/ns1/sign.sh
+0
-38
bin/tests/system/gost/ns2/named.conf
bin/tests/system/gost/ns2/named.conf
+0
-35
bin/tests/system/gost/prereq.sh
bin/tests/system/gost/prereq.sh
+0
-15
bin/tests/system/gost/setup.sh
bin/tests/system/gost/setup.sh
+0
-15
bin/tests/system/gost/tests.sh
bin/tests/system/gost/tests.sh
+0
-35
bin/tests/system/inline/clean.sh
bin/tests/system/inline/clean.sh
+1
-1
bin/tests/system/inline/ns3/sign.sh
bin/tests/system/inline/ns3/sign.sh
+1
-8
bin/tests/system/inline/tests.sh
bin/tests/system/inline/tests.sh
+1
-3
bin/tests/system/testcrypto.sh
bin/tests/system/testcrypto.sh
+0
-5
config.h.in
config.h.in
+0
-9
config.h.win32
config.h.win32
+0
-9
configure
configure
+1
-149
configure.in
configure.in
+1
-116
doc/arm/pkcs11.xml
doc/arm/pkcs11.xml
+1
-1
doc/misc/rfc-compliance
doc/misc/rfc-compliance
+8
-12
lib/dns/Makefile.in
lib/dns/Makefile.in
+4
-6
lib/dns/ds.c
lib/dns/ds.c
+0
-33
lib/dns/dst_api.c
lib/dns/dst_api.c
+0
-17
lib/dns/dst_gost.h
lib/dns/dst_gost.h
+0
-58
lib/dns/dst_internal.h
lib/dns/dst_internal.h
+0
-6
lib/dns/dst_parse.c
lib/dns/dst_parse.c
+0
-22
lib/dns/dst_parse.h
lib/dns/dst_parse.h
+0
-4
lib/dns/include/dns/keyvalues.h
lib/dns/include/dns/keyvalues.h
+0
-2
lib/dns/opensslgost_link.c
lib/dns/opensslgost_link.c
+0
-627
lib/dns/pkcs11gost_link.c
lib/dns/pkcs11gost_link.c
+0
-954
lib/dns/rdata/generic/cds_59.c
lib/dns/rdata/generic/cds_59.c
+0
-2
lib/dns/rdata/generic/dlv_32769.c
lib/dns/rdata/generic/dlv_32769.c
+0
-2
lib/dns/rdata/generic/ds_43.c
lib/dns/rdata/generic/ds_43.c
+0
-20
lib/dns/tests/Atffile
lib/dns/tests/Atffile
+0
-1
lib/dns/tests/Kyuafile
lib/dns/tests/Kyuafile
+0
-1
lib/dns/tests/Makefile.in
lib/dns/tests/Makefile.in
+0
-7
lib/dns/tests/gost_test.c
lib/dns/tests/gost_test.c
+0
-379
lib/dns/win32/libdns.vcxproj.filters.in
lib/dns/win32/libdns.vcxproj.filters.in
+0
-9
lib/dns/win32/libdns.vcxproj.in
lib/dns/win32/libdns.vcxproj.in
+0
-3
lib/isc/include/pk11/README.site
lib/isc/include/pk11/README.site
+1
-5
lib/isc/include/pk11/constants.h
lib/isc/include/pk11/constants.h
+0
-9
lib/isc/pk11.c
lib/isc/pk11.c
+1
-38
util/copyrights
util/copyrights
+0
-12
win32utils/Configure
win32utils/Configure
+0
-97
win32utils/build.txt
win32utils/build.txt
+1
-2
No files found.
bin/dnssec/dnssec-cds.c
View file @
27593e65
...
...
@@ -1115,7 +1115,7 @@ usage(void) {
program
);
fprintf
(
stderr
,
"Version: %s
\n
"
,
VERSION
);
fprintf
(
stderr
,
"Options:
\n
"
" -a <algorithm> digest algorithm (SHA-1 / SHA-256 /
GOST /
SHA-384)
\n
"
" -a <algorithm> digest algorithm (SHA-1 / SHA-256 / SHA-384)
\n
"
" -c <class> of domain (default IN)
\n
"
" -D prefer CDNSKEY records instead of CDS
\n
"
" -d <file|dir> where to find parent dsset- file
\n
"
...
...
bin/dnssec/dnssec-cds.docbook
View file @
27593e65
...
...
@@ -144,7 +144,7 @@
</para>
<para>
The <replaceable>algorithm</replaceable> must be one of SHA-1
(SHA1), SHA-256 (SHA256),
GOST,
or SHA-384 (SHA384). These
(SHA1), SHA-256 (SHA256), or SHA-384 (SHA384). These
values are case insensitive. If no algorithm is specified,
the default is SHA-256.
</para>
...
...
bin/dnssec/dnssec-dsfromkey.docbook
View file @
27593e65
...
...
@@ -117,7 +117,7 @@
<para>
Select the digest algorithm. The value of
<option>algorithm</option> must be one of SHA-1 (SHA1),
SHA-256 (SHA256)
, GOST
or SHA-384 (SHA384).
SHA-256 (SHA256) or SHA-384 (SHA384).
These values are case insensitive.
</para>
</listitem>
...
...
bin/dnssec/dnssec-dsfromkey.html
View file @
27593e65
...
...
@@ -97,7 +97,7 @@
<p>
Select the digest algorithm. The value of
<code
class=
"option"
>
algorithm
</code>
must be one of SHA-1 (SHA1),
SHA-256 (SHA256)
, GOST
or SHA-384 (SHA384).
SHA-256 (SHA256) or SHA-384 (SHA384).
These values are case insensitive.
</p>
</dd>
...
...
bin/dnssec/dnssec-keyfromlabel.c
View file @
27593e65
...
...
@@ -64,7 +64,7 @@ usage(void) {
fprintf
(
stderr
,
" -a algorithm:
\n
"
" RSA | RSAMD5 | DH | DSA | RSASHA1 |
\n
"
" NSEC3DSA | NSEC3RSASHA1 |
\n
"
" RSASHA256 | RSASHA512 |
ECCGOST |
\n
"
" RSASHA256 | RSASHA512 |
\n
"
" ECDSAP256SHA256 | ECDSAP384SHA384
\n
"
);
fprintf
(
stderr
,
" -3: use NSEC3-capable algorithm
\n
"
);
fprintf
(
stderr
,
" -c class (default: IN)
\n
"
);
...
...
@@ -427,7 +427,6 @@ main(int argc, char **argv) {
case
DST_ALG_NSEC3RSASHA1
:
case
DST_ALG_RSASHA256
:
case
DST_ALG_RSASHA512
:
case
DST_ALG_ECCGOST
:
case
DST_ALG_ECDSA256
:
case
DST_ALG_ECDSA384
:
case
DST_ALG_ED25519
:
...
...
bin/dnssec/dnssec-keyfromlabel.docbook
View file @
27593e65
...
...
@@ -106,7 +106,7 @@
<para>
Selects the cryptographic algorithm. The value of
<option>algorithm</option> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512,
ECCGOST,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.
</para>
<para>
...
...
bin/dnssec/dnssec-keygen.c
View file @
27593e65
...
...
@@ -79,7 +79,7 @@ usage(void) {
fprintf
(
stderr
,
" -a <algorithm>:
\n
"
);
fprintf
(
stderr
,
" RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1"
" | NSEC3DSA |
\n
"
);
fprintf
(
stderr
,
" RSASHA256 | RSASHA512 |
ECCGOST |
\n
"
);
fprintf
(
stderr
,
" RSASHA256 | RSASHA512 |
\n
"
);
fprintf
(
stderr
,
" ECDSAP256SHA256 | ECDSAP384SHA384 |
\n
"
);
fprintf
(
stderr
,
" ED25519 | ED448 | DH
\n
"
);
fprintf
(
stderr
,
" -3: use NSEC3-capable algorithm
\n
"
);
...
...
bin/dnssec/dnssec-keygen.docbook
View file @
27593e65
...
...
@@ -123,7 +123,7 @@
<para>
Selects the cryptographic algorithm. For DNSSEC keys, the value
of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512,
ECCGOST,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448. For
TKEY, the value must be DH (Diffie Hellman); specifying
his value will automatically set the <option>-T KEY</option>
...
...
bin/dnssec/dnssectool.c
View file @
27593e65
...
...
@@ -360,10 +360,6 @@ strtodsdigest(const char *algname) {
strcasecmp
(
algname
,
"SHA-256"
)
==
0
)
{
return
(
DNS_DSDIGEST_SHA256
);
#if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST)
}
else
if
(
strcasecmp
(
algname
,
"GOST"
)
==
0
)
{
return
(
DNS_DSDIGEST_GOST
);
#endif
}
else
if
(
strcasecmp
(
algname
,
"SHA384"
)
==
0
||
strcasecmp
(
algname
,
"SHA-384"
)
==
0
)
{
...
...
bin/python/isc/dnskey.py.in
View file @
27593e65
...
...
@@ -32,7 +32,7 @@ class dnskey:
_ALGNAMES = (None, 'RSAMD5', 'DH', 'DSA', 'ECC', 'RSASHA1',
'NSEC3DSA', 'NSEC3RSASHA1', 'RSASHA256', None,
'RSASHA512', None,
'ECCGOST'
, 'ECDSAP256SHA256',
'RSASHA512', None,
None
, 'ECDSAP256SHA256',
'ECDSAP384SHA384', 'ED25519', 'ED448')
def __init__(self, key, directory=None, keyttl=None):
...
...
bin/python/isc/policy.py.in
View file @
27593e65
...
...
@@ -71,7 +71,7 @@ class PolicyLex:
return t
def t_ALGNAME(self, t):
r'(?i)\b(RSAMD5|DH|DSA|NSEC3DSA|ECC|RSASHA1|NSEC3RSASHA1|RSASHA256|RSASHA512|EC
CGOST|EC
DSAP256SHA256|ECDSAP384SHA384|ED25519|ED448)\b'
r'(?i)\b(RSAMD5|DH|DSA|NSEC3DSA|ECC|RSASHA1|NSEC3RSASHA1|RSASHA256|RSASHA512|ECDSAP256SHA256|ECDSAP384SHA384|ED25519|ED448)\b'
t.value = t.value.upper()
return t
...
...
@@ -139,7 +139,6 @@ class Policy:
'NSEC3RSASHA1': [512, 4096],
'RSASHA256': [1024, 4096],
'RSASHA512': [1024, 4096],
'ECCGOST': None,
'ECDSAP256SHA256': None,
'ECDSAP384SHA384': None,
'ED25519': None,
...
...
@@ -278,8 +277,7 @@ class Policy:
('ZSK key size %d not divisible by 64 ' +
'as required for DSA') % self.zsk_keysize
if self.algorithm in ['ECCGOST', \
'ECDSAP256SHA256', \
if self.algorithm in ['ECDSAP256SHA256', \
'ECDSAP384SHA384', \
'ED25519', \
'ED448']:
...
...
@@ -369,10 +367,6 @@ class dnssec_policy:
self.alg_policy['RSASHA512'].algorithm = "RSASHA512"
self.alg_policy['RSASHA512'].name = "RSASHA512"
self.alg_policy['ECCGOST'] = copy(p)
self.alg_policy['ECCGOST'].algorithm = "ECCGOST"
self.alg_policy['ECCGOST'].name = "ECCGOST"
self.alg_policy['ECDSAP256SHA256'] = copy(p)
self.alg_policy['ECDSAP256SHA256'].algorithm = "ECDSAP256SHA256"
self.alg_policy['ECDSAP256SHA256'].name = "ECDSAP256SHA256"
...
...
bin/tests/system/conf.sh.in
View file @
27593e65
...
...
@@ -76,7 +76,7 @@ KRB5_CONFIG=/dev/null
#
# List of tests hard-coded to use ports 5300 and 9953. For this
# reason, these must be run sequentially.
SEQUENTIALDIRS
=
"ecdsa eddsa
gost
@PKCS11_TEST@ tkey"
SEQUENTIALDIRS
=
"ecdsa eddsa @PKCS11_TEST@ tkey"
# List of tests that use ports assigned by caller (other than 5300
# and 9953). Because separate blocks of ports can be used for teach
...
...
bin/tests/system/conf.sh.win32
View file @
27593e65
...
...
@@ -87,7 +87,7 @@ SEQUENTIALDIRS="acl additional addzone autosign builtin \
database digdelv dlv dlvauto dlz dlzexternal dname
\
dns64 dnssec @DNSTAP@ dscp dsdigest dyndb ecdsa eddsa
\
ednscompliance emptyzones
\
fetchlimit filter-aaaa formerr forward geoip glue
gost
idna inline ixfr
\
fetchlimit filter-aaaa formerr forward geoip glue idna inline ixfr
\
keepalive @KEYMGR@ legacy limits logfileconfig masterfile
\
masterformat metadata mkeys names notify nslookup nsupdate
\
nzd2nzf padding pending pipelined @PKCS11_TEST@ reclimit
\
...
...
bin/tests/system/dsdigest/ns2/sign.sh
View file @
27593e65
...
...
@@ -37,7 +37,6 @@ $DSFROMKEY -a SHA-256 $keyname22 > $DSFILENAME2
supported
=
`
cat
../supported
`
case
"
$supported
"
in
gost
)
algo
=
GOST
;;
*
)
algo
=
SHA-384
;;
esac
...
...
bin/tests/system/dsdigest/ns3/named.conf.in
View file @
27593e65
...
...
@@ -26,7 +26,7 @@ options {
dnssec-validation yes;
dnssec-must-be-secure . yes;
/* only SHA-256 is enabled */
disable-ds-digests . { SHA-1;
GOST;
SHA-384; 5; 6; 7; 8; 9; };
disable-ds-digests . { SHA-1; SHA-384; 5; 6; 7; 8; 9; };
};
...
...
bin/tests/system/dsdigest/ns4/named.conf.in
View file @
27593e65
...
...
@@ -25,7 +25,7 @@ options {
dnssec-enable yes;
dnssec-validation yes;
/* only SHA-256 is enabled */
disable-ds-digests . { SHA-1;
GOST;
SHA-384; 5; 6; 7; 8; 9; };
disable-ds-digests . { SHA-1; SHA-384; 5; 6; 7; 8; 9; };
};
zone "." {
...
...
bin/tests/system/dsdigest/prereq.sh
View file @
27593e65
...
...
@@ -12,17 +12,12 @@
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
gostfail
=
0
ecdsafail
=
0
$SHELL
../testcrypto.sh
-q
gost
||
gostfail
=
1
ecdsafail
=
0
$SHELL
../testcrypto.sh
-q
ecdsa
||
ecdsafail
=
1
if
[
$gostfail
=
0
-a
$ecdsafail
=
0
]
;
then
echo
both
>
supported
elif
[
$gostfail
=
1
-a
$ecdsafail
=
1
]
;
then
echo_i
"This test requires support for ECDSA or GOST cryptography."
>
&2
if
[
$ecdsafail
=
1
]
;
then
echo_i
"This test requires support for ECDSA cryptography."
>
&2
exit
255
elif
[
$gostfail
=
0
]
;
then
echo
gost
>
supported
else
echo
ecdsa
>
supported
fi
bin/tests/system/gost/clean.sh
deleted
100644 → 0
View file @
57f0949e
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
rm
-f
*
/K
*
*
/dsset-
*
*
/
*
.signed
*
/trusted.conf
rm
-f
ns1/root.db
rm
-f
ns1/signer.err
rm
-f
dig.out
*
rm
-f
*
/named.run
rm
-f
*
/named.memstats
rm
-f
ns
*
/named.lock
rm
-f
ns
*
/managed-keys.bind
*
bin/tests/system/gost/ns1/named.conf
deleted
100644 → 0
View file @
57f0949e
/*
*
Copyright
(
C
)
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
This
Source
Code
Form
is
subject
to
the
terms
of
the
Mozilla
Public
*
License
,
v
.
2
.
0
.
If
a
copy
of
the
MPL
was
not
distributed
with
this
*
file
,
You
can
obtain
one
at
http
://
mozilla
.
org
/
MPL
/
2
.
0
/.
*
*
See
the
COPYRIGHT
file
distributed
with
this
work
for
additional
*
information
regarding
copyright
ownership
.
*/
//
NS1
controls
{ /*
empty
*/ };
options
{
query
-
source
address
10
.
53
.
0
.
1
;
notify
-
source
10
.
53
.
0
.
1
;
transfer
-
source
10
.
53
.
0
.
1
;
port
5300
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
1
; };
listen
-
on
-
v6
{
none
; };
recursion
no
;
notify
yes
;
dnssec
-
enable
yes
;
dnssec
-
validation
yes
;
};
zone
"."
{
type
master
;
file
"root.db.signed"
;
};
include
"trusted.conf"
;
bin/tests/system/gost/ns1/root.db.in
deleted
100644 → 0
View file @
57f0949e
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 300
. IN SOA marka.isc.org. a.root.servers.nil. (
2010121600 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
. NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
bin/tests/system/gost/ns1/sign.sh
deleted
100644 → 0
View file @
57f0949e
#!/bin/sh -e
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP
=
../..
.
$SYSTEMTESTTOP
/conf.sh
zone
=
.
infile
=
root.db.in
zonefile
=
root.db
key1
=
`
$KEYGEN
-q
-a
ECCGOST
-n
zone
$zone
`
key2
=
`
$KEYGEN
-q
-a
ECCGOST
-n
zone
-f
KSK
$zone
`
$DSFROMKEY
-a
gost
$key2
.key
>
dsset-gost
cat
$infile
$key1
.key
$key2
.key
>
$zonefile
$SIGNER
-P
-g
-o
$zone
$zonefile
>
/dev/null 2> signer.err
||
cat
signer.err
# Configure the resolving server with a trusted key.
cat
$key1
.key |
grep
-v
'^; '
|
$PERL
-n
-e
'
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
'
>
trusted.conf
cp
trusted.conf ../ns2/trusted.conf
bin/tests/system/gost/ns2/named.conf
deleted
100644 → 0
View file @
57f0949e
/*
*
Copyright
(
C
)
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
This
Source
Code
Form
is
subject
to
the
terms
of
the
Mozilla
Public
*
License
,
v
.
2
.
0
.
If
a
copy
of
the
MPL
was
not
distributed
with
this
*
file
,
You
can
obtain
one
at
http
://
mozilla
.
org
/
MPL
/
2
.
0
/.
*
*
See
the
COPYRIGHT
file
distributed
with
this
work
for
additional
*
information
regarding
copyright
ownership
.
*/
//
NS2
controls
{ /*
empty
*/ };
options
{
query
-
source
address
10
.
53
.
0
.
2
;
notify
-
source
10
.
53
.
0
.
2
;
transfer
-
source
10
.
53
.
0
.
2
;
port
5300
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
2
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
notify
yes
;
dnssec
-
enable
yes
;
dnssec
-
validation
yes
;
};
zone
"."
{
type
hint
;
file
"../../common/root.hint"
;
};
include
"trusted.conf"
;
bin/tests/system/gost/prereq.sh
deleted
100644 → 0
View file @
57f0949e
#!/bin/sh -e
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
exec
$SHELL
../testcrypto.sh gost
bin/tests/system/gost/setup.sh
deleted
100644 → 0
View file @
57f0949e
#!/bin/sh -e
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
cd
ns1
&&
$SHELL
sign.sh
bin/tests/system/gost/tests.sh
deleted
100644 → 0
View file @
57f0949e
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
status
=
0
n
=
0
rm
-f
dig.out.
*
DIGOPTS
=
"+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
# Check the example. domain
echo
"I:checking that positive validation works (
$n
)"
ret
=
0
$DIG
$DIGOPTS
.
@10.53.0.1 soa
>
dig.out.ns1.test
$n
||
ret
=
1
$DIG
$DIGOPTS
.
@10.53.0.2 soa
>
dig.out.ns2.test
$n
||
ret
=
1
$PERL
../digcomp.pl dig.out.ns1.test
$n
dig.out.ns2.test
$n
||
ret
=
1
grep
"flags:.*ad.*QUERY"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:exit status:
$status
"
[
$status
-eq
0
]
||
exit
1
bin/tests/system/inline/clean.sh
View file @
27593e65
...
...
@@ -114,7 +114,7 @@ rm -f ns3/test-?.bk
rm
-f
ns3/test-?.bk.signed
rm
-f
ns3/test-?.bk.signed.jnl
rm
-f
import.key Kimport
*
rm
-f
check
gost check
dsa checkecdsa
rm
-f
checkdsa checkecdsa
rm
-f
ns3/a-file
rm
-f
ns
*
/named.lock
rm
-f
dig.out.
*
...
...
bin/tests/system/inline/ns3/sign.sh
View file @
27593e65
...
...
@@ -125,20 +125,13 @@ zone=externalkey
rm
-f
K
${
zone
}
.+
*
+
*
.key
rm
-f
K
${
zone
}
.+
*
+
*
.private
for
alg
in
EC
CGOST EC
DSAP256SHA256 NSEC3RSASHA1 DSA
for
alg
in
ECDSAP256SHA256 NSEC3RSASHA1 DSA
do
case
$alg
in
DSA
)
$SHELL
../checkdsa.sh 2> /dev/null
||
continue
checkfile
=
../checkdsa
touch
$checkfile
;;
ECCGOST
)
fail
=
0
$KEYGEN
-q
-a
eccgost
test
>
/dev/null 2>&1
||
fail
=
1
rm
-f
Ktest
*
[
$fail
!=
0
]
&&
continue
checkfile
=
../checkgost
touch
$checkfile
;;
ECDSAP256SHA256
)
fail
=
0
$KEYGEN
-q
-a
ecdsap256sha256
test
>
/dev/null 2>&1
||
fail
=
1
...
...
bin/tests/system/inline/tests.sh
View file @
27593e65
...
...
@@ -897,16 +897,14 @@ n=`expr $n + 1`
echo_i
"testing adding external keys to a inline zone (
$n
)"
ret
=
0
$DIG
$DIGOPTS
@10.53.0.3 dnskey externalkey
>
dig.out.ns3.test
$n
for
alg
in
3 7 1
2 1
3
for
alg
in
3 7 13
do
[
$alg
=
3
-a
!
-f
checkdsa
]
&&
continue
;
[
$alg
=
12
-a
!
-f
checkgost
]
&&
continue
;
[
$alg
=
13
-a
!
-f
checkecdsa
]
&&
continue
;
case
$alg
in
3
)
echo_i
"checking DSA"
;;
7
)
echo_i
"checking NSEC3RSASHA1"
;;
12
)
echo_i
"checking GOST"
;;
13
)
echo_i
"checking ECDSAP256SHA256"
;;
*
)
echo_i
"checking
$alg
"
;;
esac
...
...
bin/tests/system/testcrypto.sh
View file @
27593e65
...
...
@@ -30,11 +30,6 @@ while test "$#" -gt 0; do
alg
=
"-a RSASHA1"
msg1
=
"RSA cryptography"
;;
gost|GOST
)
alg
=
"-a eccgost"
msg1
=
"GOST cryptography"
msg2
=
"--with-gost"
;;
ecdsa|ECDSA
)
alg
=
"-a ecdsap256sha256"
msg1
=
"ECDSA cryptography"
...
...
config.h.in
View file @
27593e65
...
...
@@ -395,9 +395,6 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if your OpenSSL version supports EVP AES */
#undef HAVE_OPENSSL_EVP_AES
/* Define if your OpenSSL version supports GOST. */
#undef HAVE_OPENSSL_GOST
/* Define if native PKCS#11 is used as cryptographic library provider */
#undef HAVE_PKCS11
...
...
@@ -410,9 +407,6 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if your PKCS11 provider supports Ed448. */
#undef HAVE_PKCS11_ED448
/* Define if your PKCS11 provider supports GOST. */
#undef HAVE_PKCS11_GOST
/* Support for PTHREAD_MUTEX_ADAPTIVE_NP */
#undef HAVE_PTHREAD_MUTEX_ADAPTIVE_NP
...
...
@@ -604,9 +598,6 @@ int sigwait(const unsigned int *set, int *sig);
(O_NDELAY/O_NONBLOCK). */
#undef PORT_NONBLOCK
/* Define if GOST private keys are encoded in ASN.1. */
#undef PREFER_GOSTASN1
/* The size of `void *', as computed by sizeof. */
#undef SIZEOF_VOID_P
...
...
config.h.win32
View file @
27593e65
...
...
@@ -327,9 +327,6 @@ typedef __int64 off_t;
/* Define if OpenSSL includes Ed448 support */
@HAVE_OPENSSL_ED448@
/* Define if your OpenSSL version supports GOST. */
@HAVE_OPENSSL_GOST@
/* Define if your OpenSSL version supports DH functions. */
@HAVE_DH_GET0_KEY@
...
...
@@ -354,12 +351,6 @@ typedef __int64 off_t;
/* Define if your PKCS11 provider supports Ed448. */
@HAVE_PKCS11_ED448@
/* Define if your PKCS11 provider supports GOST. */
@HAVE_PKCS11_GOST@
/* Define if GOST private keys are encoded in ASN.1. */
@PREFER_GOSTASN1@
/* Define if OpenSSL is used as cryptographic library provider. */
@HAVE_OPENSSL@
...
...
configure
View file @
27593e65
...
...
@@ -800,7 +800,6 @@ NZDSRCS
NZD_TOOLS
PKCS11_TEST
PKCS11_ED25519
PKCS11_GOST
PKCS11_ECDSA
PKCS11LINKSRCS
PKCS11LINKOBJS
...
...
@@ -820,13 +819,10 @@ ISC_OPENSSL_LIBS
ISC_OPENSSL_INC
ISC_PLATFORM_OPENSSLHASH
ISC_PLATFORM_WANTAES
OPENSSL_GOST
OPENSSL_ED25519
OPENSSL_ECDSA
OPENSSLLINKSRCS
OPENSSLLINKOBJS
OPENSSLGOSTLINKSRCS
OPENSSLGOSTLINKOBJS
OPENSSLEDDSALINKSRCS
OPENSSLEDDSALINKOBJS
OPENSSLECDSALINKSRCS
...
...
@@ -1001,7 +997,6 @@ enable_native_pkcs11
with_openssl
with_pkcs11
with_ecdsa
with_gost
with_eddsa
with_aes
with_cc_alg
...
...
@@ -1747,7 +1742,6 @@ Optional Packages:
--with-pkcs11=PATH Build with PKCS11 support [yes|no|path] (PATH is for
the PKCS11 provider)
--with-ecdsa Crypto ECDSA
--with-gost Crypto GOST [yes|no|raw|asn1].
--with-eddsa Crypto EDDSA [yes|all|no].
--with-aes Crypto AES
--with-cc-alg=ALG choose the algorithm for Client Cookie
...
...
@@ -16150,7 +16144,7 @@ fi
#
# were --with-ecdsa, --with-
gost, --with-
eddsa, --with-aes specified
# were --with-ecdsa, --with-eddsa, --with-aes specified
#
# Check whether --with-ecdsa was given.
...
...
@@ -16161,14 +16155,6 @@ else
fi
# Check whether --with-gost was given.
if test "${with_gost+set}" = set; then :
withval=$with_gost; with_gost="$withval"
else
with_gost="auto"
fi
# Check whether --with-eddsa was given.
if test "${with_eddsa+set}" = set; then :
withval=$with_eddsa; with_eddsa="$withval"
...
...
@@ -16245,26 +16231,7 @@ then
done
fi
OPENSSL_ECDSA=""
OPENSSL_GOST=""
OPENSSL_ED25519=""
gosttype="raw"
case "$with_gost" in
raw)
with_gost="yes"
;;
asn1)
$as_echo "#define PREFER_GOSTASN1 1" >>confdefs.h
gosttype="asn1"
with_gost="yes"
;;
auto|yes|no)
;;
*)
as_fn_error $? "unknown GOST private key encoding" "$LINENO" 5
;;
esac