upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
bind9/bin/tests/system/rsabigexponent
History
Evan Hunt 9e879600c1 standardize CHECK and RETERR macros 
previously, there were over 40 separate definitions of CHECK macros, of
which most used "goto cleanup", and the rest "goto failure" or "goto
out". there were another 10 definitions of RETERR, of which most were
identical to CHECK, but some simply returned a result code instead of
jumping to a cleanup label.

this has now been standardized throughout the code base: RETERR is for
returning an error code in the case of an error, and CHECK is for jumping
to a cleanup tag, which is now always called "cleanup". both macros are
defined in isc/util.h.

(cherry picked from commit 25c9fb54da)
(cherry picked from commit 52bba5cc34)
2025-12-03 19:18:12 -08:00
..
ns1 Reformat shell scripts with shfmt 2023-10-26 13:05:00 +02:00
ns2 Reformat shell scripts with shfmt 2023-10-26 13:05:00 +02:00
ns3 Rename system test directory with common files to _common 2023-09-19 14:56:12 +02:00
.gitignore Revert "Drop bigkey" 2020-11-10 17:34:05 +01:00
bigkey.c standardize CHECK and RETERR macros 2025-12-03 19:18:12 -08:00
options.conf.j2.manual Rewrite rsabigexponent system test to pytest 2024-10-31 18:15:20 +00:00
README.md rsabigexponent: convert the test from RSASHA1 to RSASHA256 2022-08-10 17:26:29 +10:00
setup.sh Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
tests_rsabigexponent.py Log command stdout when using isctest.run.cmd() 2025-06-27 18:09:08 +02:00

README.md

Copyright (C) Internet Systems Consortium, Inc. ("ISC")

SPDX-License-Identifier: MPL-2.0

This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, you can obtain one at https://mozilla.org/MPL/2.0/.

See the COPYRIGHT file distributed with this work for additional information regarding copyright ownership.

The rsabigexponent test is used to check max-rsa-exponent-size.

We only run this test on builds without PKCS#11, as we have control over the RSA exponent size with plain OpenSSL. We have not explored how to do this with PKCS#11, which would require generating such a key and then signing a zone with it. Additionally, even with control of the exponent size with PKCS#11, generating a DNSKEY with this property and signing such a zone would be slow and undesirable for each test run; instead, we use a pregenerated DNSKEY and a saved signed zone. These are located in rsabigexponent/ns2 and currently use RSASHA1 for the DNSKEY algorithm; however, that may need to be changed in the future.

To generate the DNSKEY used in this test, we used bigkey.c, as dnssec-keygen is not capable of generating such keys.

Do not remove bigkey.c as it may be needed to generate a new DNSKEY for testing purposes.

bigkey is used to both test that we are not running under PKCS#11 and generate a DNSKEY key with a large RSA exponent.

To regenerate ns2/example.db.bad comment out the range test in opensslrsa_parse before signing the zone with a ZSK key generated by bigkey.

    if (BN_num_bits(e) > RSA_MAX_PUBEXP_BITS) {
            DST_RET(ISC_R_RANGE);
    }