From 0adaa4a2446f3d2cb0834b79551e7dfdcb38deb9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= <pspacek@isc.org>
Date: Fri, 11 Jul 2025 11:17:05 +0200
Subject: [PATCH] Randomize NSEC3 salt

This should prevent the case where are are unlucky enough that static
values hash 'just right' for the test to pass, but only accidentally.

(cherry picked from commit 46781845ea96f5e1e6052141b1ac844c5483a8ca)
---
 bin/tests/system/nsec3-answer/ns1/sign.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/bin/tests/system/nsec3-answer/ns1/sign.sh b/bin/tests/system/nsec3-answer/ns1/sign.sh
index c91bbdbd64..78e33119f6 100644
--- a/bin/tests/system/nsec3-answer/ns1/sign.sh
+++ b/bin/tests/system/nsec3-answer/ns1/sign.sh
@@ -27,6 +27,8 @@ zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
 
 cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile"
 
-"$SIGNER" -3 - -o "$zone" "$zonefile" 2>&1 >"$zonefile.sign.log"
+SALT="$(printf "%04x" "$(($(date +%s) / 3600 % 65536))")"
+echo_ic "NSEC3 salt for this hour: $SALT"
+"$SIGNER" -3 "$SALT" -o "$zone" "$zonefile" 2>&1 >"$zonefile.sign.log"
 
 keyfile_to_initial_ds "$ksk" >managed-keys.conf