From 3474d13bbf08c441783bd72afbc8cec8857baf46 Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>

Date: Tue, 2 Jan 2018 18:13:07 +0100

Subject: [PATCH] Fix pkcs11 variants atf tests

Add dns-pkcs11 tests Makefile to configure

Add pkcs11 Kyuafile, fix dh_test to pass in pkcs11 mode

---

 configure.in                     |  1 +

 lib/Atffile                      |  2 ++

 lib/Kyuafile                     |  2 ++

 lib/dns-pkcs11/tests/Makefile.in | 10 +++++-----

 lib/dns-pkcs11/tests/dh_test.c   |  3 ++-

 lib/isc-pkcs11/tests/Makefile.in |  6 +++---

 lib/isc-pkcs11/tests/hash_test.c | 32 +++++++++++++++++++++++++-------

 7 files changed, 40 insertions(+), 16 deletions(-)

diff --git a/configure.in b/configure.in

index 1edafd1..5466de1 100644

--- a/configure.in

+++ b/configure.in

@@ -5489,6 +5489,7 @@ AC_CONFIG_FILES([

 	lib/dns-pkcs11/include/Makefile

 	lib/dns-pkcs11/include/dns/Makefile

 	lib/dns-pkcs11/include/dst/Makefile

+	lib/dns-pkcs11/tests/Makefile

 	lib/irs/Makefile

 	lib/irs/include/Makefile

 	lib/irs/include/irs/Makefile

diff --git a/lib/Atffile b/lib/Atffile

index 93bbb01..4db3dce 100644

--- a/lib/Atffile

+++ b/lib/Atffile

@@ -3,7 +3,9 @@ Content-Type: application/X-atf-atffile; version="1"

 prop: test-suite = bind9

 tp: dns

+tp: dns-pkcs11

 tp: irs

 tp: isc

+tp: isc-pkcs11

 tp: isccfg

 tp: lwres

diff --git a/lib/Kyuafile b/lib/Kyuafile

index ff9fc56..eaaf0dc 100644

--- a/lib/Kyuafile

+++ b/lib/Kyuafile

@@ -2,7 +2,9 @@ syntax(2)

 test_suite('bind9')

 include('dns/Kyuafile')

+include('dns-pkcs11/Kyuafile')

 include('irs/Kyuafile')

 include('isc/Kyuafile')

+include('isc-pkcs11/Kyuafile')

 include('isccfg/Kyuafile')

 include('lwres/Kyuafile')

diff --git a/lib/dns-pkcs11/tests/Makefile.in b/lib/dns-pkcs11/tests/Makefile.in

index 625e809..6fd4e36 100644

--- a/lib/dns-pkcs11/tests/Makefile.in

+++ b/lib/dns-pkcs11/tests/Makefile.in

@@ -21,12 +21,12 @@ VERSION=@BIND9_VERSION@

 CINCLUDES =	-I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \

 		@DST_OPENSSL_INC@

-CDEFINES =	@CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns/tests/\""

+CDEFINES =	@CRYPTO@ -DTESTS="\"${top_builddir}/lib/dns-pkcs11/tests/\""

-ISCLIBS =	../../isc/libisc.@A@

-ISCDEPLIBS =	../../isc/libisc.@A@

-DNSLIBS =	../libdns.@A@ @DNS_CRYPTO_LIBS@

-DNSDEPLIBS =	../libdns.@A@

+ISCLIBS =	../../isc-pkcs11/libisc-pkcs11.@A@

+ISCDEPLIBS =	../../isc-pkcs11/libisc-pkcs11.@A@

+DNSLIBS =	../libdns-pkcs11.@A@ @DNS_CRYPTO_LIBS@

+DNSDEPLIBS =	../libdns-pkcs11.@A@

 LIBS =		@LIBS@ @ATFLIBS@

diff --git a/lib/dns-pkcs11/tests/dh_test.c b/lib/dns-pkcs11/tests/dh_test.c

index 6216b4e..dd74e58 100644

--- a/lib/dns-pkcs11/tests/dh_test.c

+++ b/lib/dns-pkcs11/tests/dh_test.c

@@ -64,7 +64,8 @@ ATF_TC_BODY(isc_dh_computesecret, tc) {

 	ret = dst_key_computesecret(key, key, &buf;;

 	ATF_REQUIRE_EQ(ret, DST_R_NOTPRIVATEKEY);

 	ret = key->func->computesecret(key, key, &buf;;

-	ATF_REQUIRE_EQ(ret, DST_R_COMPUTESECRETFAILURE);

+	/* PKCS11 variant gives different result, accept both */

+	ATF_REQUIRE(ret == DST_R_COMPUTESECRETFAILURE || ret == DST_R_INVALIDPRIVATEKEY);

 	dst_key_free(&key);

 	dns_test_end();

diff --git a/lib/isc-pkcs11/tests/Makefile.in b/lib/isc-pkcs11/tests/Makefile.in

index add8068..a928dcf 100644

--- a/lib/isc-pkcs11/tests/Makefile.in

+++ b/lib/isc-pkcs11/tests/Makefile.in

@@ -20,10 +20,10 @@ VERSION=@BIND9_VERSION@

 @BIND9_MAKE_INCLUDES@

 CINCLUDES =	-I. -Iinclude ${ISC_INCLUDES} @ISC_OPENSSL_INC@

-CDEFINES =	@CRYPTO@ -DTESTS="\"${top_builddir}/lib/isc/tests/\""

+CDEFINES =	@CRYPTO@ -DTESTS="\"${top_builddir}/lib/isc-pkcs11/tests/\""

-ISCLIBS =	../libisc.@A@ @ISC_OPENSSL_LIBS@

-ISCDEPLIBS =	../libisc.@A@

+ISCLIBS =	../libisc-pkcs11.@A@ @ISC_OPENSSL_LIBS@

+ISCDEPLIBS =	../libisc-pkcs11.@A@

 LIBS =		@LIBS@ @ATFLIBS@

diff --git a/lib/isc-pkcs11/tests/hash_test.c b/lib/isc-pkcs11/tests/hash_test.c

index 7eb1552..048ae9d 100644

--- a/lib/isc-pkcs11/tests/hash_test.c

+++ b/lib/isc-pkcs11/tests/hash_test.c

@@ -78,7 +78,7 @@ typedef struct hash_testcase {

 typedef struct hash_test_key {

 	const char *key;

-	const int len;

+	const unsigned len;

 } hash_test_key_t;

 /* non-hmac tests */

@@ -961,8 +961,11 @@ ATF_TC_BODY(isc_hmacsha1, tc) {

 	hash_test_key_t *test_key = test_keys;

 	while (testcase->input != NULL && testcase->result != NULL) {

+		int len = ISC_MAX(test_key->len, ISC_SHA1_DIGESTLENGTH);

+

+		memset(buffer, 0, ISC_SHA1_DIGESTLENGTH);

 		memmove(buffer, test_key->key, test_key->len);

-		isc_hmacsha1_init(&hmacsha1, buffer, test_key->len);

+		isc_hmacsha1_init(&hmacsha1, buffer, len);

 		isc_hmacsha1_update(&hmacsha1,

 				    (const uint8_t *) testcase->input,

 				    testcase->input_len);

@@ -1124,8 +1127,11 @@ ATF_TC_BODY(isc_hmacsha224, tc) {

 	hash_test_key_t *test_key = test_keys;

 	while (testcase->input != NULL && testcase->result != NULL) {

+		int len = ISC_MAX(test_key->len, ISC_SHA224_DIGESTLENGTH);

+

+		memset(buffer, 0, ISC_SHA224_DIGESTLENGTH);

 		memmove(buffer, test_key->key, test_key->len);

-		isc_hmacsha224_init(&hmacsha224, buffer, test_key->len);

+		isc_hmacsha224_init(&hmacsha224, buffer, len);

 		isc_hmacsha224_update(&hmacsha224,

 				      (const uint8_t *) testcase->input,

 				      testcase->input_len);

@@ -1287,8 +1293,11 @@ ATF_TC_BODY(isc_hmacsha256, tc) {

 	hash_test_key_t *test_key = test_keys;

 	while (testcase->input != NULL && testcase->result != NULL) {

+		int len = ISC_MAX(test_key->len, ISC_SHA256_DIGESTLENGTH);

+

+		memset(buffer, 0, ISC_SHA256_DIGESTLENGTH);

 		memmove(buffer, test_key->key, test_key->len);

-		isc_hmacsha256_init(&hmacsha256, buffer, test_key->len);

+		isc_hmacsha256_init(&hmacsha256, buffer, len);

 		isc_hmacsha256_update(&hmacsha256,

 				      (const uint8_t *) testcase->input,

 				      testcase->input_len);

@@ -1456,8 +1465,11 @@ ATF_TC_BODY(isc_hmacsha384, tc) {

 	hash_test_key_t *test_key = test_keys;

 	while (testcase->input != NULL && testcase->result != NULL) {

+		int len = ISC_MAX(test_key->len, ISC_SHA384_DIGESTLENGTH);

+

+		memset(buffer, 0, ISC_SHA384_DIGESTLENGTH);

 		memmove(buffer, test_key->key, test_key->len);

-		isc_hmacsha384_init(&hmacsha384, buffer, test_key->len);

+		isc_hmacsha384_init(&hmacsha384, buffer, len);

 		isc_hmacsha384_update(&hmacsha384,

 				      (const uint8_t *) testcase->input,

 				      testcase->input_len);

@@ -1625,8 +1637,11 @@ ATF_TC_BODY(isc_hmacsha512, tc) {

 	hash_test_key_t *test_key = test_keys;

 	while (testcase->input != NULL && testcase->result != NULL) {

+		int len = ISC_MAX(test_key->len, ISC_SHA512_DIGESTLENGTH);

+

+		memset(buffer, 0, ISC_SHA512_DIGESTLENGTH);

 		memmove(buffer, test_key->key, test_key->len);

-		isc_hmacsha512_init(&hmacsha512, buffer, test_key->len);

+		isc_hmacsha512_init(&hmacsha512, buffer, len);

 		isc_hmacsha512_update(&hmacsha512,

 				      (const uint8_t *) testcase->input,

 				      testcase->input_len);

@@ -1769,8 +1784,11 @@ ATF_TC_BODY(isc_hmacmd5, tc) {

 	hash_test_key_t *test_key = test_keys;

 	while (testcase->input != NULL && testcase->result != NULL) {

+		int len = ISC_MAX(test_key->len, ISC_MD5_DIGESTLENGTH);

+

+		memset(buffer, 0, ISC_MD5_DIGESTLENGTH);

 		memmove(buffer, test_key->key, test_key->len);

-		isc_hmacmd5_init(&hmacmd5, buffer, test_key->len);

+		isc_hmacmd5_init(&hmacmd5, buffer, len);

 		isc_hmacmd5_update(&hmacmd5,

 				   (const uint8_t *) testcase->input,

 				   testcase->input_len);

-- 

2.14.4