mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-29 05:28:00 +00:00
3266. [bug] The maximum number of NSEC3 iterations for a
DNSKEY RRset was not being properly computed.
[RT #26543]
This commit is contained in:
Mark Andrews
parent
4ec0e6bab0
commit
ef9f4d0977
4
CHANGES
4
CHANGES
@ -1,3 +1,7 @@
|
||||
3266. [bug] The maximum number of NSEC3 iterations for a
|
||||
DNSKEY RRset was not being properly computed.
|
||||
[RT #26543]
|
||||
|
||||
3265. [bug] Address lock order reversal with inline-signing
|
||||
support. [27557]
|
||||
|
||||
|
||||
@ -14,7 +14,7 @@
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: nsec3.c,v 1.24 2011/10/28 06:20:06 each Exp $ */
|
||||
/* $Id: nsec3.c,v 1.25 2012/01/27 00:49:41 marka Exp $ */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
@ -1788,7 +1788,7 @@ dns_nsec3_maxiterations(dns_db_t *db, dns_dbversion_t *version,
|
||||
dst_key_t *key = NULL;
|
||||
isc_buffer_t buffer;
|
||||
isc_result_t result;
|
||||
isc_uint16_t bits, minbits = 4096;
|
||||
unsigned int bits, minbits = 4096;
|
||||
|
||||
result = dns_db_getoriginnode(db, &node);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
@ -1815,7 +1815,7 @@ dns_nsec3_maxiterations(dns_db_t *db, dns_dbversion_t *version,
|
||||
isc_buffer_add(&buffer, rdata.length);
|
||||
CHECK(dst_key_fromdns(dns_db_origin(db), rdataset.rdclass,
|
||||
&buffer, mctx, &key));
|
||||
bits = dst_key_getbits(key);
|
||||
bits = dst_key_size(key);
|
||||
dst_key_free(&key);
|
||||
if (minbits > bits)
|
||||
minbits = bits;
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
# PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
# $Id: Makefile.in,v 1.12 2011/12/08 16:07:21 each Exp $
|
||||
# $Id: Makefile.in,v 1.13 2012/01/27 00:49:41 marka Exp $
|
||||
|
||||
srcdir = @srcdir@
|
||||
VPATH = @srcdir@
|
||||
@ -39,12 +39,13 @@ LIBS = @LIBS@ @ATFLIBS@
|
||||
OBJS = dnstest.@O@
|
||||
SRCS = dnstest.c master_test.c dbiterator_test.c time_test.c \
|
||||
private_test.c update_test.c zonemgr_test.c zt_test.c \
|
||||
dbdiff_test.c
|
||||
dbdiff_test.c nsec3_test.c
|
||||
|
||||
SUBDIRS =
|
||||
TARGETS = master_test@EXEEXT@ dbiterator_test@EXEEXT@ time_test@EXEEXT@ \
|
||||
private_test@EXEEXT@ update_test@EXEEXT@ zonemgr_test@EXEEXT@ \
|
||||
zt_test@EXEEXT@ dbversion_test@EXEEXT@ dbdiff_test@EXEEXT@
|
||||
zt_test@EXEEXT@ dbversion_test@EXEEXT@ dbdiff_test@EXEEXT@ \
|
||||
nsec3_test@EXEEXT@
|
||||
|
||||
@BIND9_MAKE_RULES@
|
||||
|
||||
@ -99,6 +100,11 @@ zt_test@EXEEXT@: zt_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
|
||||
zt_test.@O@ dnstest.@O@ ${DNSLIBS} \
|
||||
${ISCLIBS} ${LIBS}
|
||||
|
||||
nsec3_test@EXEEXT@: nsec3_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
|
||||
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
|
||||
nsec3_test.@O@ dnstest.@O@ ${DNSLIBS} \
|
||||
${ISCLIBS} ${LIBS}
|
||||
|
||||
unit::
|
||||
sh ${top_srcdir}/unit/unittest.sh
|
||||
|
||||
|
||||
86
lib/dns/tests/nsec3_test.c
Normal file
86
lib/dns/tests/nsec3_test.c
Normal file
@ -0,0 +1,86 @@
|
||||
/*
|
||||
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
||||
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
||||
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
||||
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
||||
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
* PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: nsec3_test.c,v 1.2 2012/01/27 00:49:42 marka Exp $ */
|
||||
|
||||
/*! \file */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#include <atf-c.h>
|
||||
|
||||
#include <unistd.h>
|
||||
|
||||
#include <dns/db.h>
|
||||
#include <dns/nsec3.h>
|
||||
|
||||
#include "dnstest.h"
|
||||
|
||||
/*
|
||||
* Helper functions
|
||||
*/
|
||||
|
||||
static void
|
||||
iteration_test(const char* file, unsigned int expected) {
|
||||
isc_result_t result;
|
||||
dns_db_t *db = NULL;
|
||||
unsigned int iterations;
|
||||
|
||||
result = dns_test_begin(NULL, ISC_FALSE);
|
||||
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
|
||||
|
||||
result = dns_test_loaddb(&db, dns_dbtype_zone, "test", file);
|
||||
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
|
||||
|
||||
result = dns_nsec3_maxiterations(db, NULL, mctx, &iterations);
|
||||
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
|
||||
|
||||
ATF_REQUIRE_EQ(iterations, expected);
|
||||
|
||||
dns_db_detach(&db);
|
||||
|
||||
dns_test_end();
|
||||
}
|
||||
|
||||
/*
|
||||
* Individual unit tests
|
||||
*/
|
||||
|
||||
ATF_TC(max_iterations);
|
||||
ATF_TC_HEAD(max_iterations, tc) {
|
||||
atf_tc_set_md_var(tc, "descr", "check that appropriate max iterations "
|
||||
" is returned for different key size mixes");
|
||||
}
|
||||
ATF_TC_BODY(max_iterations, tc) {
|
||||
|
||||
UNUSED(tc);
|
||||
|
||||
iteration_test("testdata/nsec3/1024.db", 150);
|
||||
iteration_test("testdata/nsec3/2048.db", 500);
|
||||
iteration_test("testdata/nsec3/4096.db", 2500);
|
||||
iteration_test("testdata/nsec3/min-1024.db", 150);
|
||||
iteration_test("testdata/nsec3/min-2048.db", 500);
|
||||
}
|
||||
|
||||
/*
|
||||
* Main
|
||||
*/
|
||||
ATF_TP_ADD_TCS(tp) {
|
||||
ATF_TP_ADD_TC(tp, max_iterations);
|
||||
|
||||
return (atf_no_error());
|
||||
}
|
||||
|
||||
6
lib/dns/tests/testdata/nsec3/1024.db
vendored
Normal file
6
lib/dns/tests/testdata/nsec3/1024.db
vendored
Normal file
@ -0,0 +1,6 @@
|
||||
; Copyright
|
||||
$TTL 0
|
||||
test. SOA . . 0 0 0 0 0
|
||||
test. NS .
|
||||
; 1024 bit key.
|
||||
test. IN DNSKEY 256 3 5 AwEAAd5oKx06HRE6NRrTDz49lljdRmxgp/4YB/cyMkpwUMkaLhDNCfTq hql84ab2LRbtUWLHFXGWENvxPGQzVHeleXu+3ThNfFOwIaySedxHmLGT lTtBRDhPc8iSb+2IYDemmA+ut8kwHhCVz/tDMbD/dgAswdOtmXCpQyJk Q1HqY3Xj
|
||||
6
lib/dns/tests/testdata/nsec3/2048.db
vendored
Normal file
6
lib/dns/tests/testdata/nsec3/2048.db
vendored
Normal file
@ -0,0 +1,6 @@
|
||||
; Copyright
|
||||
$TTL 0
|
||||
test. SOA . . 0 0 0 0 0
|
||||
test. NS .
|
||||
; 2048 bits
|
||||
test. IN DNSKEY 256 3 5 AwEAAcfQX59iZr9gK+XzhTZQ5KWrfCLA0iYHTqheEIhC2dXS8gUSppQS g9SmzH2129u/LSSb7gqJSoLLAsn36iinqCqUXl2BT6xzwznbSP3mn0hn N6DegsykcYhHycKH6ifjZiMN+SGGeNsi5rhoW5Cj9ptw3C3yQnrFNDbS GZCT97z5lpQU3ZcvP4RDNk7dhri7Bh3SJeaCFoqx00NgFvlBR48hosSG bGUbUKzNf58GBTkW4Us2jIWsreZx8LLLev232Hy7NU9L19k+hVq7pJOf Uvtrn5fmGSutWOzsR+8EacOnh0lwssCKjutk5MSmfdFC5P7CTZkdq58L 8he13HGmr00=
|
||||
6
lib/dns/tests/testdata/nsec3/4096.db
vendored
Normal file
6
lib/dns/tests/testdata/nsec3/4096.db
vendored
Normal file
@ -0,0 +1,6 @@
|
||||
; Copyright
|
||||
$TTL 0
|
||||
test. SOA . . 0 0 0 0 0
|
||||
test. NS .
|
||||
; 4096 bits
|
||||
test. IN DNSKEY 256 3 5 AwEAAbYlqbKxXoq9mzkqdsAaSZ3XywBVAb2sCTgrQBCExyGEYNpWw3LN +imCrLQi7jHKQW6GZIqKNgQaiFEwr3zK8nPWbwNwyKU9a2hhINv/gim1 5iA87Vu7DiiJrQ0O79ospvsGsKknBQ41zaaQMp3Q/W1S6WNe4uyh4C/f R0qmxT+8MyXEqCpTGb+e+YT6BuqpNQPuYYYvUJ1/HJltzY/lY2b9RZ+Q ZJ23Zje79YIRM0kJapqj11fDUDeynhDL1DUikYCwRfQiO/blChhOHjIa uTK1qqRY3fqanLGOufpLTr7GRpL7RxeRIMJfDzmcjFLmCsMA1AJ56Bxq jiXr3ODgn9D30vAB74Lr7lqLQSWyrSlJjoZLLhmPrEP/nnuCxEhOhDRA XJpJWpcQ4Hdu+yb5K/qldnsGLLI1Hr0GmhLTDHsxDb6BxM7/8rv8QeQY GKSGshBqD2lO1xUVT8inbi8uXI1iyN68vHX6xoFT5wsjls70PxSZPO5i F40vn6BWNsHtKWOCDqMKYx8hYwiv0zETVwxBaj58vylFwYGU+g1wIQmF Pgi2HKv4KaxgikUvdFISre5rxVoG5VrmmXWiNJcLTbwZ+tE1xujCNU1c V31CaIB5hdSnkEvQADr5V64RTxWAKuSLNMU+XUqTkaJHasSm3OPJOteo SPj2uoesuxNFYps3
|
||||
10
lib/dns/tests/testdata/nsec3/min-1024.db
vendored
Normal file
10
lib/dns/tests/testdata/nsec3/min-1024.db
vendored
Normal file
@ -0,0 +1,10 @@
|
||||
; Copyright
|
||||
$TTL 0
|
||||
test. SOA . . 0 0 0 0 0
|
||||
test. NS .
|
||||
; 1024 bit key.
|
||||
test. IN DNSKEY 256 3 5 AwEAAd5oKx06HRE6NRrTDz49lljdRmxgp/4YB/cyMkpwUMkaLhDNCfTq hql84ab2LRbtUWLHFXGWENvxPGQzVHeleXu+3ThNfFOwIaySedxHmLGT lTtBRDhPc8iSb+2IYDemmA+ut8kwHhCVz/tDMbD/dgAswdOtmXCpQyJk Q1HqY3Xj
|
||||
; 2048 bits
|
||||
test. IN DNSKEY 256 3 5 AwEAAcfQX59iZr9gK+XzhTZQ5KWrfCLA0iYHTqheEIhC2dXS8gUSppQS g9SmzH2129u/LSSb7gqJSoLLAsn36iinqCqUXl2BT6xzwznbSP3mn0hn N6DegsykcYhHycKH6ifjZiMN+SGGeNsi5rhoW5Cj9ptw3C3yQnrFNDbS GZCT97z5lpQU3ZcvP4RDNk7dhri7Bh3SJeaCFoqx00NgFvlBR48hosSG bGUbUKzNf58GBTkW4Us2jIWsreZx8LLLev232Hy7NU9L19k+hVq7pJOf Uvtrn5fmGSutWOzsR+8EacOnh0lwssCKjutk5MSmfdFC5P7CTZkdq58L 8he13HGmr00=
|
||||
; 4096 bits
|
||||
test. IN DNSKEY 256 3 5 AwEAAbYlqbKxXoq9mzkqdsAaSZ3XywBVAb2sCTgrQBCExyGEYNpWw3LN +imCrLQi7jHKQW6GZIqKNgQaiFEwr3zK8nPWbwNwyKU9a2hhINv/gim1 5iA87Vu7DiiJrQ0O79ospvsGsKknBQ41zaaQMp3Q/W1S6WNe4uyh4C/f R0qmxT+8MyXEqCpTGb+e+YT6BuqpNQPuYYYvUJ1/HJltzY/lY2b9RZ+Q ZJ23Zje79YIRM0kJapqj11fDUDeynhDL1DUikYCwRfQiO/blChhOHjIa uTK1qqRY3fqanLGOufpLTr7GRpL7RxeRIMJfDzmcjFLmCsMA1AJ56Bxq jiXr3ODgn9D30vAB74Lr7lqLQSWyrSlJjoZLLhmPrEP/nnuCxEhOhDRA XJpJWpcQ4Hdu+yb5K/qldnsGLLI1Hr0GmhLTDHsxDb6BxM7/8rv8QeQY GKSGshBqD2lO1xUVT8inbi8uXI1iyN68vHX6xoFT5wsjls70PxSZPO5i F40vn6BWNsHtKWOCDqMKYx8hYwiv0zETVwxBaj58vylFwYGU+g1wIQmF Pgi2HKv4KaxgikUvdFISre5rxVoG5VrmmXWiNJcLTbwZ+tE1xujCNU1c V31CaIB5hdSnkEvQADr5V64RTxWAKuSLNMU+XUqTkaJHasSm3OPJOteo SPj2uoesuxNFYps3
|
||||
8
lib/dns/tests/testdata/nsec3/min-2048.db
vendored
Normal file
8
lib/dns/tests/testdata/nsec3/min-2048.db
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
; Copyright
|
||||
$TTL 0
|
||||
test. SOA . . 0 0 0 0 0
|
||||
test. NS .
|
||||
; 2048 bits
|
||||
test. IN DNSKEY 256 3 5 AwEAAcfQX59iZr9gK+XzhTZQ5KWrfCLA0iYHTqheEIhC2dXS8gUSppQS g9SmzH2129u/LSSb7gqJSoLLAsn36iinqCqUXl2BT6xzwznbSP3mn0hn N6DegsykcYhHycKH6ifjZiMN+SGGeNsi5rhoW5Cj9ptw3C3yQnrFNDbS GZCT97z5lpQU3ZcvP4RDNk7dhri7Bh3SJeaCFoqx00NgFvlBR48hosSG bGUbUKzNf58GBTkW4Us2jIWsreZx8LLLev232Hy7NU9L19k+hVq7pJOf Uvtrn5fmGSutWOzsR+8EacOnh0lwssCKjutk5MSmfdFC5P7CTZkdq58L 8he13HGmr00=
|
||||
; 4096 bits
|
||||
test. IN DNSKEY 256 3 5 AwEAAbYlqbKxXoq9mzkqdsAaSZ3XywBVAb2sCTgrQBCExyGEYNpWw3LN +imCrLQi7jHKQW6GZIqKNgQaiFEwr3zK8nPWbwNwyKU9a2hhINv/gim1 5iA87Vu7DiiJrQ0O79ospvsGsKknBQ41zaaQMp3Q/W1S6WNe4uyh4C/f R0qmxT+8MyXEqCpTGb+e+YT6BuqpNQPuYYYvUJ1/HJltzY/lY2b9RZ+Q ZJ23Zje79YIRM0kJapqj11fDUDeynhDL1DUikYCwRfQiO/blChhOHjIa uTK1qqRY3fqanLGOufpLTr7GRpL7RxeRIMJfDzmcjFLmCsMA1AJ56Bxq jiXr3ODgn9D30vAB74Lr7lqLQSWyrSlJjoZLLhmPrEP/nnuCxEhOhDRA XJpJWpcQ4Hdu+yb5K/qldnsGLLI1Hr0GmhLTDHsxDb6BxM7/8rv8QeQY GKSGshBqD2lO1xUVT8inbi8uXI1iyN68vHX6xoFT5wsjls70PxSZPO5i F40vn6BWNsHtKWOCDqMKYx8hYwiv0zETVwxBaj58vylFwYGU+g1wIQmF Pgi2HKv4KaxgikUvdFISre5rxVoG5VrmmXWiNJcLTbwZ+tE1xujCNU1c V31CaIB5hdSnkEvQADr5V64RTxWAKuSLNMU+XUqTkaJHasSm3OPJOteo SPj2uoesuxNFYps3
|
||||
Loading…
x
Reference in New Issue
Block a user