upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
bind9/bin/tests/system/rsabigexponent
History
Ondřej Surý f7e5c1db38
Change the 'isc_g_mctx' to be always available 
This required couple of internal changes to the isc_mem_debugging.

The isc_mem_debugging is now internal to isc_mem unit and there are
three new functions:

1. isc_mem_setdebugging() can change the debugging setting for an
   individual memory context.  This is need for the memory contexts used
   for OpenSSL, libxml and libuv accounting as recording and tracing
   memory is broken there.

2. isc_mem_debugon() / isc_mem_debugoff() can be used to change default
   memory debugging flags as well as debugging flags for isc_g_mctx.

Additionally, the memory debugging is inconsistent across the code-base.
For now, we are keeping the existing flags, but three new environment
variables have been added 'ISC_MEM_DEBUGRECORD', 'ISC_MEM_DEBUGTRACE'
and 'ISC_MEM_DEBUGUSAGE' to set the global debugging flags at any
program using the memory contexts.
2025-08-04 11:29:50 +02:00
..
ns1 Deprecate max-rsa-exponent-size, always use 4096 instead 2025-05-21 00:50:08 +02:00
ns2 Reformat shell scripts with shfmt 2023-10-26 10:23:50 +02:00
.gitignore Revert "Drop bigkey" 2020-11-10 17:34:05 +01:00
bigkey.c Change the 'isc_g_mctx' to be always available 2025-08-04 11:29:50 +02:00
options.conf.j2.manual Rewrite rsabigexponent system test to pytest 2024-10-31 16:46:51 +00:00
README.md rsabigexponent: convert the test from RSASHA1 to RSASHA256 2022-08-09 16:22:19 +02:00
setup.sh Deprecate max-rsa-exponent-size, always use 4096 instead 2025-05-21 00:50:08 +02:00
tests_rsabigexponent.py Log command stdout when using isctest.run.cmd() 2025-06-27 16:31:49 +02:00

README.md

Copyright (C) Internet Systems Consortium, Inc. ("ISC")

SPDX-License-Identifier: MPL-2.0

This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, you can obtain one at https://mozilla.org/MPL/2.0/.

See the COPYRIGHT file distributed with this work for additional information regarding copyright ownership.

The rsabigexponent test is used to check max-rsa-exponent-size.

We only run this test on builds without PKCS#11, as we have control over the RSA exponent size with plain OpenSSL. We have not explored how to do this with PKCS#11, which would require generating such a key and then signing a zone with it. Additionally, even with control of the exponent size with PKCS#11, generating a DNSKEY with this property and signing such a zone would be slow and undesirable for each test run; instead, we use a pregenerated DNSKEY and a saved signed zone. These are located in rsabigexponent/ns2 and currently use RSASHA1 for the DNSKEY algorithm; however, that may need to be changed in the future.

To generate the DNSKEY used in this test, we used bigkey.c, as dnssec-keygen is not capable of generating such keys.

Do not remove bigkey.c as it may be needed to generate a new DNSKEY for testing purposes.

bigkey is used to both test that we are not running under PKCS#11 and generate a DNSKEY key with a large RSA exponent.

To regenerate ns2/example.db.bad comment out the range test in opensslrsa_parse before signing the zone with a ZSK key generated by bigkey.

    if (BN_num_bits(e) > RSA_MAX_PUBEXP_BITS) {
            DST_RET(ISC_R_RANGE);
    }