5cd6c173ff
Meson is a modern build system that has seen a rise in adoption and some version of it is available in almost every platform supported. Compared to automake, meson has the following advantages: * Meson provides a significant boost to the build and configuration time by better exploiting parallelism. * Meson is subjectively considered to be better in readability. These merits alone justify experimenting with meson as a way of improving development time and ergonomics. However, there are some compromises to ensure the transition goes relatively smooth: * The system tests currently rely on various files within the source directory. Changing this requirement is a non-trivial task that can't be currently justified. Currently the last compiled build directory writes into the source tree which is in turn used by pytest. * The minimum version supported has been fixed at 0.61. Increasing this value will require choosing a baseline of distributions that can package with meson. On the contrary, there will likely be an attempt to decrease this value to ensure almost universal support for building BIND 9 with meson. |
||
|---|---|---|
| .. | ||
| ns1 | ||
| ns2 | ||
| .gitignore | ||
| bigkey.c | ||
| options.conf.j2.manual | ||
| README.md | ||
| setup.sh | ||
| tests_rsabigexponent.py | ||
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
SPDX-License-Identifier: MPL-2.0
This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, you can obtain one at https://mozilla.org/MPL/2.0/.
See the COPYRIGHT file distributed with this work for additional information regarding copyright ownership.
The rsabigexponent test is used to check max-rsa-exponent-size.
We only run this test on builds without PKCS#11, as we have control over
the RSA exponent size with plain OpenSSL. We have not explored how to do
this with PKCS#11, which would require generating such a key and then
signing a zone with it. Additionally, even with control of the exponent
size with PKCS#11, generating a DNSKEY with this property and signing
such a zone would be slow and undesirable for each test run; instead, we
use a pregenerated DNSKEY and a saved signed zone. These are located in
rsabigexponent/ns2 and currently use RSASHA1 for the DNSKEY
algorithm; however, that may need to be changed in the future.
To generate the DNSKEY used in this test, we used bigkey.c, as
dnssec-keygen is not capable of generating such keys.
Do not remove bigkey.c as it may be needed to generate a new
DNSKEY for testing purposes.
bigkey is used to both test that we are not running under PKCS#11 and
generate a DNSKEY key with a large RSA exponent.
To regenerate ns2/example.db.bad comment out the range test in
opensslrsa_parse before signing the zone with a ZSK key generated
by bigkey.
if (BN_num_bits(e) > RSA_MAX_PUBEXP_BITS) {
DST_RET(ISC_R_RANGE);
}