Commit 57c39ddb authored by Ondřej Surý's avatar Ondřej Surý

Fix the check for non-operational algs 15 and 16 in PKCS#11

parent 101672f6
......@@ -19,7 +19,7 @@ rm -f ./*/named.run ./*/named.run.prev
rm -f ./*/named.secroots
rm -f ./*/tmp* ./*/*.jnl ./*/*.bk ./*/*.jbk
rm -f ./*/trusted.conf ./*/managed.conf ./*/revoked.conf
rm -f ./Kexample.*
rm -f ./Kexample.* ./Kkeygen* ./keygen*.err
rm -f ./canonical?.*
rm -f ./delv.out*
rm -f ./delve.out*
......
......@@ -3237,6 +3237,7 @@ ret=0
alg=1
until test $alg -eq 256
do
zone="keygen-$alg."
case $alg in
2) # Diffie Helman
alg=$((alg+1))
......@@ -3245,21 +3246,21 @@ do
alg=$((alg+1))
continue;;
1|5|7|8|10) # RSA algorithms
key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true)
key1=$($KEYGEN -a "$alg" -b "1024" -n zone "$zone" 2> "keygen-$alg.err" || true)
;;
15|16)
key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true)
key1=$($KEYGEN -a "$alg" -n zone "$zone" 2> "keygen-$alg.err" || true)
# Soft-fail in case HSM doesn't support Edwards curves
if grep "not found" keygen.err > /dev/null && [ "$CRYPTO" = "pkcs11" ]; then
if grep "not found" "keygen-$alg.err" > /dev/null && [ "$CRYPTO" = "pkcs11" ]; then
echo_i "Algorithm $alg not supported by HSM: skipping"
alg=$((alg+1))
continue
fi
;;
*)
key1=$($KEYGEN -a "$alg" -n zone example 2> keygen.err || true)
key1=$($KEYGEN -a "$alg" -n zone "$zone" 2> "keygen-$alg.err" || true)
esac
if grep "unsupported algorithm" keygen.err > /dev/null
if grep "unsupported algorithm" "keygen-$alg.err" > /dev/null
then
alg=$((alg+1))
continue
......@@ -3267,7 +3268,7 @@ do
if test -z "$key1"
then
echo_i "'$KEYGEN -a $alg': failed"
cat keygen.err
cat "keygen-$alg.err"
ret=1
alg=$((alg+1))
continue
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment