Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
ISC Open Source Projects
BIND
Commits
37dee1ff
Commit
37dee1ff
authored
Dec 23, 2010
by
Mark Andrews
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
2999. [func] Add GOST support (RFC 5933). [RT #20639]
parent
5c92589c
Changes
32
Hide whitespace changes
Inline
Side-by-side
Showing
32 changed files
with
941 additions
and
66 deletions
+941
-66
CHANGES
CHANGES
+2
-0
bin/dnssec/dnssec-dsfromkey.c
bin/dnssec/dnssec-dsfromkey.c
+6
-2
bin/dnssec/dnssec-dsfromkey.docbook
bin/dnssec/dnssec-dsfromkey.docbook
+3
-3
bin/dnssec/dnssec-keyfromlabel.c
bin/dnssec/dnssec-keyfromlabel.c
+4
-3
bin/dnssec/dnssec-keyfromlabel.docbook
bin/dnssec/dnssec-keyfromlabel.docbook
+2
-2
bin/dnssec/dnssec-keygen.c
bin/dnssec/dnssec-keygen.c
+12
-6
bin/dnssec/dnssec-keygen.docbook
bin/dnssec/dnssec-keygen.docbook
+3
-3
bin/tests/system/conf.sh.in
bin/tests/system/conf.sh.in
+2
-2
bin/tests/system/gost/clean.sh
bin/tests/system/gost/clean.sh
+24
-0
bin/tests/system/gost/ns1/named.conf
bin/tests/system/gost/ns1/named.conf
+42
-0
bin/tests/system/gost/ns1/root.db.in
bin/tests/system/gost/ns1/root.db.in
+26
-0
bin/tests/system/gost/ns1/sign.sh
bin/tests/system/gost/ns1/sign.sh
+47
-0
bin/tests/system/gost/ns2/named.conf
bin/tests/system/gost/ns2/named.conf
+42
-0
bin/tests/system/gost/prereq.sh.in
bin/tests/system/gost/prereq.sh.in
+24
-0
bin/tests/system/gost/setup.sh
bin/tests/system/gost/setup.sh
+21
-0
bin/tests/system/gost/tests.sh
bin/tests/system/gost/tests.sh
+42
-0
configure.in
configure.in
+46
-2
lib/dns/Makefile.in
lib/dns/Makefile.in
+4
-4
lib/dns/ds.c
lib/dns/ds.c
+63
-7
lib/dns/dst_api.c
lib/dns/dst_api.c
+10
-2
lib/dns/dst_internal.h
lib/dns/dst_internal.h
+4
-1
lib/dns/dst_parse.c
lib/dns/dst_parse.c
+17
-1
lib/dns/dst_parse.h
lib/dns/dst_parse.h
+4
-1
lib/dns/include/dns/ds.h
lib/dns/include/dns/ds.h
+6
-1
lib/dns/include/dns/keyvalues.h
lib/dns/include/dns/keyvalues.h
+4
-1
lib/dns/include/dst/dst.h
lib/dns/include/dst/dst.h
+2
-1
lib/dns/opensslgost_link.c
lib/dns/opensslgost_link.c
+416
-0
lib/dns/rcode.c
lib/dns/rcode.c
+2
-1
lib/dns/rdata/generic/dlv_32769.c
lib/dns/rdata/generic/dlv_32769.c
+20
-5
lib/dns/rdata/generic/ds_43.c
lib/dns/rdata/generic/ds_43.c
+20
-5
lib/dns/validator.c
lib/dns/validator.c
+17
-9
lib/export/dns/Makefile.in
lib/export/dns/Makefile.in
+4
-4
No files found.
CHANGES
View file @
37dee1ff
2999. [func] Add GOST support (RFC 5933). [RT #20639]
2998. [func] Add isc_task_beginexclusive and isc_task_endexclusive
to the task api. [RT #22776]
...
...
bin/dnssec/dnssec-dsfromkey.c
View file @
37dee1ff
...
...
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-dsfromkey.c,v 1.1
8
2010/
01/11 23:48:37 tbox
Exp $ */
/* $Id: dnssec-dsfromkey.c,v 1.1
9
2010/
12/23 04:07:59 marka
Exp $ */
/*! \file */
...
...
@@ -299,7 +299,7 @@ usage(void) {
fprintf
(
stderr
,
" -K <directory>: directory in which to find "
"key file or keyset file
\n
"
);
fprintf
(
stderr
,
" -a algorithm: digest algorithm "
"(SHA-1
or
SHA-256)
\n
"
);
"(SHA-1
,
SHA-256
or GOST
)
\n
"
);
fprintf
(
stderr
,
" -1: use SHA-1
\n
"
);
fprintf
(
stderr
,
" -2: use SHA-256
\n
"
);
fprintf
(
stderr
,
" -l: add lookaside zone and print DLV records
\n
"
);
...
...
@@ -414,6 +414,10 @@ main(int argc, char **argv) {
else
if
(
strcasecmp
(
algname
,
"SHA256"
)
==
0
||
strcasecmp
(
algname
,
"SHA-256"
)
==
0
)
dtype
=
DNS_DSDIGEST_SHA256
;
#ifdef HAVE_OPENSSL_GOST
else
if
(
strcasecmp
(
algname
,
"GOST"
)
==
0
)
dtype
=
DNS_DSDIGEST_GOST
;
#endif
else
fatal
(
"unknown algorithm %s"
,
algname
);
}
...
...
bin/dnssec/dnssec-dsfromkey.docbook
View file @
37dee1ff
...
...
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-dsfromkey.docbook,v 1.1
0
20
09/08/26 21:56:05 jreed
Exp $ -->
<!-- $Id: dnssec-dsfromkey.docbook,v 1.1
1
20
10/12/23 04:07:59 marka
Exp $ -->
<refentry
id=
"man.dnssec-dsfromkey"
>
<refentryinfo>
<date>
August 26, 2009
</date>
...
...
@@ -105,8 +105,8 @@
<listitem>
<para>
Select the digest algorithm. The value of
<option>
algorithm
</option>
must be one of SHA-1 (SHA1)
or
SHA-256 (SHA256). These values are case insensitive.
<option>
algorithm
</option>
must be one of SHA-1 (SHA1)
,
SHA-256 (SHA256)
or GOST
. These values are case insensitive.
</para>
</listitem>
</varlistentry>
...
...
bin/dnssec/dnssec-keyfromlabel.c
View file @
37dee1ff
...
...
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keyfromlabel.c,v 1.3
1
2010/
01/19 23:48:55 tbox
Exp $ */
/* $Id: dnssec-keyfromlabel.c,v 1.3
2
2010/
12/23 04:07:59 marka
Exp $ */
/*! \file */
...
...
@@ -55,7 +55,7 @@ int verbose;
static
const
char
*
algs
=
"RSA | RSAMD5 | DH | DSA | RSASHA1 |"
" NSEC3DSA | NSEC3RSASHA1 |"
" RSASHA256 | RSASHA512"
;
" RSASHA256 | RSASHA512
| ECCGOST
"
;
ISC_PLATFORM_NORETURN_PRE
static
void
usage
(
void
)
ISC_PLATFORM_NORETURN_POST
;
...
...
@@ -364,7 +364,8 @@ main(int argc, char **argv) {
if
(
use_nsec3
&&
alg
!=
DST_ALG_NSEC3DSA
&&
alg
!=
DST_ALG_NSEC3RSASHA1
&&
alg
!=
DST_ALG_RSASHA256
&&
alg
!=
DST_ALG_RSASHA512
)
{
alg
!=
DST_ALG_RSASHA256
&&
alg
!=
DST_ALG_RSASHA512
&&
alg
!=
DST_ALG_ECCGOST
)
{
fatal
(
"%s is incompatible with NSEC3; "
"do not use the -3 option"
,
algname
);
}
...
...
bin/dnssec/dnssec-keyfromlabel.docbook
View file @
37dee1ff
...
...
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.1
7
2010/
01/19 23:48:55 tbox
Exp $ -->
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.1
8
2010/
12/23 04:07:59 marka
Exp $ -->
<refentry
id=
"man.dnssec-keyfromlabel"
>
<refentryinfo>
<date>
February 8, 2008
</date>
...
...
@@ -93,7 +93,7 @@
<para>
Selects the cryptographic algorithm. The value of
<option>
algorithm
</option>
must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256
or
RSASHA512.
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256
,
RSASHA512
or ECCGOST
.
These values are case insensitive.
</para>
<para>
...
...
bin/dnssec/dnssec-keygen.c
View file @
37dee1ff
...
...
@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.11
4
2010/
08/16 23:46:51 tbox
Exp $ */
/* $Id: dnssec-keygen.c,v 1.11
5
2010/
12/23 04:07:59 marka
Exp $ */
/*! \file */
...
...
@@ -84,7 +84,7 @@ usage(void) {
fprintf
(
stderr
,
" -a <algorithm>:
\n
"
);
fprintf
(
stderr
,
" RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1"
" | NSEC3DSA |
\n
"
);
fprintf
(
stderr
,
" RSASHA256 | RSASHA512 |
\n
"
);
fprintf
(
stderr
,
" RSASHA256 | RSASHA512
| ECCGOST
|
\n
"
);
fprintf
(
stderr
,
" DH | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | "
"HMAC-SHA256 |
\n
"
);
fprintf
(
stderr
,
" HMAC-SHA384 | HMAC-SHA512
\n
"
);
...
...
@@ -101,6 +101,7 @@ usage(void) {
fprintf
(
stderr
,
" DSA:
\t\t
[512..1024] and divisible by 64
\n
"
);
fprintf
(
stderr
,
" NSEC3DSA:
\t
[512..1024] and divisible "
"by 64
\n
"
);
fprintf
(
stderr
,
" ECCGOST:
\t
ignored
\n
"
);
fprintf
(
stderr
,
" HMAC-MD5:
\t
[1..512]
\n
"
);
fprintf
(
stderr
,
" HMAC-SHA1:
\t
[1..160]
\n
"
);
fprintf
(
stderr
,
" HMAC-SHA224:
\t
[1..224]
\n
"
);
...
...
@@ -129,6 +130,7 @@ usage(void) {
"records with (default: 0)
\n
"
);
fprintf
(
stderr
,
" -T <rrtype>: DNSKEY | KEY (default: DNSKEY; "
"use KEY for SIG(0))
\n
"
);
fprintf
(
stderr
,
" ECCGOST:
\t
ignored
\n
"
);
fprintf
(
stderr
,
" -t <type>: "
"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
"(default: AUTHCONF)
\n
"
);
...
...
@@ -542,7 +544,8 @@ main(int argc, char **argv) {
if
(
use_nsec3
&&
alg
!=
DST_ALG_NSEC3DSA
&&
alg
!=
DST_ALG_NSEC3RSASHA1
&&
alg
!=
DST_ALG_RSASHA256
&&
alg
!=
DST_ALG_RSASHA512
)
{
alg
!=
DST_ALG_RSASHA256
&&
alg
!=
DST_ALG_RSASHA512
&&
alg
!=
DST_ALG_ECCGOST
)
{
fatal
(
"%s is incompatible with NSEC3; "
"do not use the -3 option"
,
algname
);
}
...
...
@@ -574,9 +577,8 @@ main(int argc, char **argv) {
fprintf
(
stderr
,
"key size not "
"specified; defaulting "
"to %d
\n
"
,
size
);
}
else
{
}
else
if
(
alg
!=
DST_ALG_ECCGOST
)
fatal
(
"key size not specified (-b option)"
);
}
}
if
(
!
oldstyle
&&
prepub
>
0
)
{
...
...
@@ -703,6 +705,8 @@ main(int argc, char **argv) {
if
(
size
!=
0
&&
!
dsa_size_ok
(
size
))
fatal
(
"invalid DSS key size: %d"
,
size
);
break
;
case
DST_ALG_ECCGOST
:
break
;
case
DST_ALG_HMACMD5
:
options
|=
DST_TYPE_KEY
;
if
(
size
<
1
||
size
>
512
)
...
...
@@ -767,7 +771,8 @@ main(int argc, char **argv) {
if
(
!
(
alg
==
DNS_KEYALG_RSAMD5
||
alg
==
DNS_KEYALG_RSASHA1
||
alg
==
DNS_KEYALG_NSEC3RSASHA1
||
alg
==
DNS_KEYALG_RSASHA256
||
alg
==
DNS_KEYALG_RSASHA512
)
&&
rsa_exp
!=
0
)
alg
==
DNS_KEYALG_RSASHA512
||
alg
==
DST_ALG_ECCGOST
)
&&
rsa_exp
!=
0
)
fatal
(
"specified RSA exponent for a non-RSA key"
);
if
(
alg
!=
DNS_KEYALG_DH
&&
generator
!=
0
)
...
...
@@ -839,6 +844,7 @@ main(int argc, char **argv) {
case
DNS_KEYALG_DSA
:
case
DNS_KEYALG_NSEC3DSA
:
case
DST_ALG_ECCGOST
:
show_progress
=
ISC_TRUE
;
/* fall through */
...
...
bin/dnssec/dnssec-keygen.docbook
View file @
37dee1ff
...
...
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keygen.docbook,v 1.3
5
2010/
08/16 23:46:51 tbox
Exp $ -->
<!-- $Id: dnssec-keygen.docbook,v 1.3
6
2010/
12/23 04:07:59 marka
Exp $ -->
<refentry
id=
"man.dnssec-keygen"
>
<refentryinfo>
<date>
June 30, 2000
</date>
...
...
@@ -114,7 +114,7 @@
<para>
Selects the cryptographic algorithm. For DNSSEC keys, the value
of
<option>
algorithm
</option>
must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256
or
RSASHA512.
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256
,
RSASHA512
or ECCGOST
.
For TSIG/TKEY, the value must
be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512. These values are
...
...
@@ -184,7 +184,7 @@
Use an NSEC3-capable algorithm to generate a DNSSEC key.
If this option is used and no algorithm is explicitly
set on the command line, NSEC3RSASHA1 will be used by
default. Note that RSASHA256
and
RSASHA512 algorithms
default. Note that RSASHA256
,
RSASHA512
and ECCGOST
algorithms
are NSEC3-capable.
</para>
</listitem>
...
...
bin/tests/system/conf.sh.in
View file @
37dee1ff
...
...
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: conf.sh.in,v 1.5
6
2010/12/
18 01:56:19 each
Exp $
# $Id: conf.sh.in,v 1.5
7
2010/12/
23 04:07:59 marka
Exp $
#
# Common configuration data for system tests, to be sourced into
...
...
@@ -53,7 +53,7 @@ JOURNALPRINT=$TOP/bin/tools/named-journalprint
# load on the machine to make it unusable to other users.
# v6synth
SUBDIRS
=
"acl allow_query addzone autosign cacheclean checkconf checknames
dlv @DLZ_SYSTEM_TEST@ dlzexternal dns64 dnssec forward glue ixfr limits
dlv @DLZ_SYSTEM_TEST@ dlzexternal dns64 dnssec forward glue
gost
ixfr limits
lwresd masterfile masterformat metadata notify nsupdate pending pkcs11
resolver rrsetorder sortlist smartsign staticstub stub tkey
tsig tsiggss unknown upforwd views xfer xferquota zonechecks"
...
...
bin/tests/system/gost/clean.sh
0 → 100644
View file @
37dee1ff
#!/bin/sh
#
# Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.2 2010/12/23 04:07:59 marka Exp $
rm
-f
*
/K
*
*
/dsset-
*
*
/
*
.signed
*
/trusted.conf
rm
-f
ns1/root.db
rm
-f
dig.out
*
rm
-f
random.data
rm
-f
*
/named.run
rm
-f
*
/named.memstats
bin/tests/system/gost/ns1/named.conf
0 → 100644
View file @
37dee1ff
/*
*
Copyright
(
C
)
2010
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
Permission
to
use
,
copy
,
modify
,
and
/
or
distribute
this
software
for
any
*
purpose
with
or
without
fee
is
hereby
granted
,
provided
that
the
above
*
copyright
notice
and
this
permission
notice
appear
in
all
copies
.
*
*
THE
SOFTWARE
IS
PROVIDED
"AS IS"
AND
ISC
DISCLAIMS
ALL
WARRANTIES
WITH
*
REGARD
TO
THIS
SOFTWARE
INCLUDING
ALL
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
*
AND
FITNESS
.
IN
NO
EVENT
SHALL
ISC
BE
LIABLE
FOR
ANY
SPECIAL
,
DIRECT
,
*
INDIRECT
,
OR
CONSEQUENTIAL
DAMAGES
OR
ANY
DAMAGES
WHATSOEVER
RESULTING
FROM
*
LOSS
OF
USE
,
DATA
OR
PROFITS
,
WHETHER
IN
AN
ACTION
OF
CONTRACT
,
NEGLIGENCE
*
OR
OTHER
TORTIOUS
ACTION
,
ARISING
OUT
OF
OR
IN
CONNECTION
WITH
THE
USE
OR
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
2
2010
/
12
/
23
04
:
08
:
00
marka
Exp
$ */
//
NS1
controls
{ /*
empty
*/ };
options
{
query
-
source
address
10
.
53
.
0
.
1
;
notify
-
source
10
.
53
.
0
.
1
;
transfer
-
source
10
.
53
.
0
.
1
;
port
5300
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
1
; };
listen
-
on
-
v6
{
none
; };
recursion
no
;
notify
yes
;
dnssec
-
enable
yes
;
dnssec
-
validation
yes
;
};
zone
"."
{
type
master
;
file
"root.db.signed"
;
};
include
"trusted.conf"
;
bin/tests/system/gost/ns1/root.db.in
0 → 100644
View file @
37dee1ff
; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: root.db.in,v 1.2 2010/12/23 04:08:00 marka Exp $
$TTL 300
. IN SOA marka.isc.org. a.root.servers.nil. (
2010121600 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
. NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
bin/tests/system/gost/ns1/sign.sh
0 → 100644
View file @
37dee1ff
#!/bin/sh -e
#
# Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.2 2010/12/23 04:08:00 marka Exp $
SYSTEMTESTTOP
=
../..
.
$SYSTEMTESTTOP
/conf.sh
RANDFILE
=
../random.data
zone
=
.
infile
=
root.db.in
zonefile
=
root.db
key1
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
ECCGOST
-n
zone
$zone
`
key2
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
ECCGOST
-n
zone
-f
KSK
$zone
`
$DSFROMKEY
-a
gost
$key2
.key
>
dsset-gost
cat
$infile
$key1
.key
$key2
.key
>
$zonefile
$SIGNER
-P
-g
-r
$RANDFILE
-o
$zone
$zonefile
>
/dev/null
# Configure the resolving server with a trusted key.
cat
$key1
.key |
grep
-v
'^; '
|
$PERL
-n
-e
'
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
'
>
trusted.conf
cp
trusted.conf ../ns2/trusted.conf
bin/tests/system/gost/ns2/named.conf
0 → 100644
View file @
37dee1ff
/*
*
Copyright
(
C
)
2010
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
Permission
to
use
,
copy
,
modify
,
and
/
or
distribute
this
software
for
any
*
purpose
with
or
without
fee
is
hereby
granted
,
provided
that
the
above
*
copyright
notice
and
this
permission
notice
appear
in
all
copies
.
*
*
THE
SOFTWARE
IS
PROVIDED
"AS IS"
AND
ISC
DISCLAIMS
ALL
WARRANTIES
WITH
*
REGARD
TO
THIS
SOFTWARE
INCLUDING
ALL
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
*
AND
FITNESS
.
IN
NO
EVENT
SHALL
ISC
BE
LIABLE
FOR
ANY
SPECIAL
,
DIRECT
,
*
INDIRECT
,
OR
CONSEQUENTIAL
DAMAGES
OR
ANY
DAMAGES
WHATSOEVER
RESULTING
FROM
*
LOSS
OF
USE
,
DATA
OR
PROFITS
,
WHETHER
IN
AN
ACTION
OF
CONTRACT
,
NEGLIGENCE
*
OR
OTHER
TORTIOUS
ACTION
,
ARISING
OUT
OF
OR
IN
CONNECTION
WITH
THE
USE
OR
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
2
2010
/
12
/
23
04
:
08
:
00
marka
Exp
$ */
//
NS2
controls
{ /*
empty
*/ };
options
{
query
-
source
address
10
.
53
.
0
.
2
;
notify
-
source
10
.
53
.
0
.
2
;
transfer
-
source
10
.
53
.
0
.
2
;
port
5300
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
2
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
notify
yes
;
dnssec
-
enable
yes
;
dnssec
-
validation
yes
;
};
zone
"."
{
type
hint
;
file
"../../common/root.hint"
;
};
include
"trusted.conf"
;
bin/tests/system/gost/prereq.sh.in
0 → 100644
View file @
37dee1ff
#!/bin/sh -e
#
# Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: prereq.sh.in,v 1.2 2010/12/23 04:07:59 marka Exp $
OPENSSL_GOST
=
"@OPENSSL_GOST@"
if
!
test
-n
"
$OPENSSL_GOST
"
then
echo
"I:This test requires a openssl version with gost support."
>
&2
exit
1
fi
bin/tests/system/gost/setup.sh
0 → 100644
View file @
37dee1ff
#!/bin/sh -e
#
# Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: setup.sh,v 1.2 2010/12/23 04:08:00 marka Exp $
../../../tools/genrandom 400 random.data
cd
ns1
&&
sh sign.sh
bin/tests/system/gost/tests.sh
0 → 100644
View file @
37dee1ff
#!/bin/sh
#
# Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.2 2010/12/23 04:08:00 marka Exp $
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
status
=
0
n
=
0
rm
-f
dig.out.
*
DIGOPTS
=
"+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
# Check the example. domain
echo
"I:checking that positive validation works works (
$n
)"
ret
=
0
$DIG
$DIGOPTS
.
@10.53.0.1 soa
>
dig.out.ns1.test
$n
||
ret
=
1
$DIG
$DIGOPTS
.
@10.53.0.2 soa
>
dig.out.ns2.test
$n
||
ret
=
1
$PERL
../digcomp.pl dig.out.ns1.test
$n
dig.out.ns2.test
$n
||
ret
=
1
grep
"flags:.*ad.*QUERY"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:exit status:
$status
"
exit
$status
configure.in
View file @
37dee1ff
...
...
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
AC_DIVERT_POP()dnl
AC_REVISION($Revision: 1.50
8
$)
AC_REVISION($Revision: 1.50
9
$)
AC_INIT(lib/dns/name.c)
AC_PREREQ(2.59)
...
...
@@ -517,6 +517,7 @@ then
fi
done
fi
OPENSSL_GOST=""
case "$use_openssl" in
no)
AC_MSG_RESULT(no)
...
...
@@ -672,6 +673,42 @@ esac
AC_MSG_RESULT(no)
fi
AC_CHECK_FUNCS(EVP_sha256 EVP_sha512)
AC_MSG_CHECKING(for OpenSSL GOST support)
have_gost=""
AC_TRY_RUN([
#include <openssl/conf.h>
#include <openssl/engine.h>
int main() {
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
ENGINE *e;
OPENSSL_config(NULL);
e = ENGINE_by_id("gost");
if (e == NULL)
return (1);
if (ENGINE_init(e) <= 0)
return (1);
return (0);
#else
return (1);
#endif
}
],
[AC_MSG_RESULT(yes)
have_gost="yes"],
[AC_MSG_RESULT(no)
have_gost="no"])
case $have_gost in
yes)
OPENSSL_GOST="yes"
AC_DEFINE(HAVE_OPENSSL_GOST, 1,
[Define if your OpenSSL version supports GOST.])
;;
*)
;;
esac
CFLAGS="$saved_cflags"
LIBS="$saved_libs"
OPENSSLLINKOBJS='${OPENSSLLINKOBJS}'
...
...
@@ -689,6 +726,7 @@ AC_SUBST(USE_OPENSSL)
AC_SUBST(DST_OPENSSL_INC)
AC_SUBST(OPENSSLLINKOBJS)
AC_SUBST(OPENSSLLINKSRCS)
AC_SUBST(OPENSSL_GOST)
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DNS_OPENSSL_LIBS"
#
...
...
@@ -840,7 +878,12 @@ case "$use_gssapi" in
# -L/usr/local/lib to LIBS, which can make the
# -lgssapi_krb5 test succeed with shared libraries even
# when you are trying to build with KTH in /usr/lib.
LIBS="-L$use_gssapi/lib $TRY_LIBS"
if test "$use_gssapi" = "/usr"
then
LIBS="$TRY_LIBS"
else
LIBS="-L$use_gssapi/lib $TRY_LIBS"
fi
AC_MSG_CHECKING(linking as $TRY_LIBS)
AC_TRY_LINK( , [gss_acquire_cred();krb5_init_context()],
gssapi_linked=yes, gssapi_linked=no)
...
...
@@ -3289,6 +3332,7 @@ AC_CONFIG_FILES([
bin/tests/sockaddr/Makefile
bin/tests/system/Makefile
bin/tests/system/conf.sh
bin/tests/system/gost/prereq.sh
bin/tests/system/filter-aaaa/Makefile
bin/tests/system/lwresd/Makefile
bin/tests/system/tkey/Makefile
...
...
lib/dns/Makefile.in
View file @
37dee1ff
...
...
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.17
2
2010/12/
08 02:46:16
marka Exp $
# $Id: Makefile.in,v 1.17
3
2010/12/
23 04:07:58
marka Exp $
srcdir
=
@srcdir@
VPATH
=
@srcdir@
...
...
@@ -47,7 +47,7 @@ LIBS = @LIBS@
# Alphabetically
OPENSSLLINKOBJS
=
openssl_link.@O@ openssldh_link.@O@ openssldsa_link.@O@
\
opensslrsa_link.@O@
opensslgost_link.@O@
opensslrsa_link.@O@
DSTOBJS
=
@DST_EXTRA_OBJS@ @OPENSSLLINKOBJS@
\
dst_api.@O@ dst_lib.@O@ dst_parse.@O@ dst_result.@O@
\
...
...
@@ -75,8 +75,8 @@ DNSOBJS = acache.@O@ acl.@O@ adb.@O@ byaddr.@O@ \
OBJS
=
${DNSOBJS}
${OTHEROBJS}
${DSTOBJS}
# Alphabetically
OPENSSLLINKSRCS
=
openssl_link.c openssldh_link.c
\
openssl
dsa
_link.c opensslrsa_link.c
OPENSSLLINKSRCS
=
openssl_link.c openssldh_link.c
openssldsa_link.c
\
openssl
gost
_link.c opensslrsa_link.c
DSTSRCS
=
@DST_EXTRA_SRCS@ @OPENSSLLINKSRCS@
\
dst_api.c dst_lib.c dst_parse.c
\
...
...
lib/dns/ds.c
View file @
37dee1ff
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: ds.c,v 1.1
1
20
07/06/19 23:47:16 tbox
Exp $ */
/* $Id: ds.c,v 1.1
2
20
10/12/23 04:07:58 marka
Exp $ */