Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
BIND
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
632
Issues
632
List
Boards
Labels
Service Desk
Milestones
Merge Requests
104
Merge Requests
104
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ISC Open Source Projects
BIND
Commits
dd7d1df8
Commit
dd7d1df8
authored
Apr 21, 2017
by
Mukund Sivaraman
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Increase minimum RSA keygen size to 1024 bits (#36895)
parent
f5c39b07
Changes
60
Hide whitespace changes
Inline
Side-by-side
Showing
60 changed files
with
122 additions
and
111 deletions
+122
-111
CHANGES
CHANGES
+4
-0
bin/dnssec/dnssec-keygen.c
bin/dnssec/dnssec-keygen.c
+5
-5
bin/dnssec/dnssec-keygen.docbook
bin/dnssec/dnssec-keygen.docbook
+1
-1
bin/python/isc/policy.py.in
bin/python/isc/policy.py.in
+4
-4
bin/tests/system/autosign/setup.sh
bin/tests/system/autosign/setup.sh
+1
-1
bin/tests/system/dlv/setup.sh
bin/tests/system/dlv/setup.sh
+1
-1
bin/tests/system/dlvauto/ns1/sign.sh
bin/tests/system/dlvauto/ns1/sign.sh
+2
-2
bin/tests/system/dlvauto/setup.sh
bin/tests/system/dlvauto/setup.sh
+1
-1
bin/tests/system/dlzexternal/setup.sh
bin/tests/system/dlzexternal/setup.sh
+1
-1
bin/tests/system/dns64/setup.sh
bin/tests/system/dns64/setup.sh
+1
-1
bin/tests/system/dnssec/ns1/sign.sh
bin/tests/system/dnssec/ns1/sign.sh
+1
-1
bin/tests/system/dnssec/ns2/sign.sh
bin/tests/system/dnssec/ns2/sign.sh
+2
-2
bin/tests/system/dnssec/ns3/sign.sh
bin/tests/system/dnssec/ns3/sign.sh
+24
-24
bin/tests/system/dnssec/ns6/sign.sh
bin/tests/system/dnssec/ns6/sign.sh
+1
-1
bin/tests/system/dnssec/ns7/sign.sh
bin/tests/system/dnssec/ns7/sign.sh
+2
-2
bin/tests/system/dnssec/setup.sh
bin/tests/system/dnssec/setup.sh
+1
-1
bin/tests/system/dnssec/tests.sh
bin/tests/system/dnssec/tests.sh
+14
-7
bin/tests/system/dsdigest/setup.sh
bin/tests/system/dsdigest/setup.sh
+1
-1
bin/tests/system/ecdsa/setup.sh
bin/tests/system/ecdsa/setup.sh
+1
-1
bin/tests/system/filter-aaaa/setup.sh
bin/tests/system/filter-aaaa/setup.sh
+1
-1
bin/tests/system/gost/setup.sh
bin/tests/system/gost/setup.sh
+1
-1
bin/tests/system/inline/ns1/sign.sh
bin/tests/system/inline/ns1/sign.sh
+1
-1
bin/tests/system/inline/ns3/sign.sh
bin/tests/system/inline/ns3/sign.sh
+10
-10
bin/tests/system/inline/setup.sh
bin/tests/system/inline/setup.sh
+1
-1
bin/tests/system/keepalive/setup.sh
bin/tests/system/keepalive/setup.sh
+1
-1
bin/tests/system/legacy/build.sh
bin/tests/system/legacy/build.sh
+1
-1
bin/tests/system/masterformat/setup.sh
bin/tests/system/masterformat/setup.sh
+1
-1
bin/tests/system/metadata/setup.sh
bin/tests/system/metadata/setup.sh
+1
-1
bin/tests/system/metadata/tests.sh
bin/tests/system/metadata/tests.sh
+1
-1
bin/tests/system/mkeys/setup.sh
bin/tests/system/mkeys/setup.sh
+1
-1
bin/tests/system/nsupdate/setup.sh
bin/tests/system/nsupdate/setup.sh
+1
-1
bin/tests/system/nsupdate/tests.sh
bin/tests/system/nsupdate/tests.sh
+1
-1
bin/tests/system/padding/setup.sh
bin/tests/system/padding/setup.sh
+1
-1
bin/tests/system/pending/ns2/sign.sh
bin/tests/system/pending/ns2/sign.sh
+1
-1
bin/tests/system/pending/setup.sh
bin/tests/system/pending/setup.sh
+1
-1
bin/tests/system/pipelined/setup.sh
bin/tests/system/pipelined/setup.sh
+1
-1
bin/tests/system/redirect/setup.sh
bin/tests/system/redirect/setup.sh
+1
-1
bin/tests/system/resolver/setup.sh
bin/tests/system/resolver/setup.sh
+1
-1
bin/tests/system/rndc/setup.sh
bin/tests/system/rndc/setup.sh
+1
-1
bin/tests/system/rndc/tests.sh
bin/tests/system/rndc/tests.sh
+2
-2
bin/tests/system/rpz/setup.sh
bin/tests/system/rpz/setup.sh
+2
-2
bin/tests/system/rsabigexponent/prereq.sh
bin/tests/system/rsabigexponent/prereq.sh
+1
-1
bin/tests/system/rsabigexponent/setup.sh
bin/tests/system/rsabigexponent/setup.sh
+1
-1
bin/tests/system/sfcache/ns1/sign.sh
bin/tests/system/sfcache/ns1/sign.sh
+1
-1
bin/tests/system/sfcache/prereq.sh
bin/tests/system/sfcache/prereq.sh
+2
-2
bin/tests/system/sfcache/setup.sh
bin/tests/system/sfcache/setup.sh
+1
-1
bin/tests/system/smartsign/setup.sh
bin/tests/system/smartsign/setup.sh
+1
-1
bin/tests/system/staticstub/ns4/sign.sh
bin/tests/system/staticstub/ns4/sign.sh
+1
-1
bin/tests/system/staticstub/setup.sh
bin/tests/system/staticstub/setup.sh
+1
-1
bin/tests/system/testcrypto.sh
bin/tests/system/testcrypto.sh
+2
-2
bin/tests/system/tkey/setup.sh
bin/tests/system/tkey/setup.sh
+1
-1
bin/tests/system/tsig/setup.sh
bin/tests/system/tsig/setup.sh
+1
-1
bin/tests/system/tsiggss/setup.sh
bin/tests/system/tsiggss/setup.sh
+1
-1
bin/tests/system/unknown/ns3/sign.sh
bin/tests/system/unknown/ns3/sign.sh
+1
-1
bin/tests/system/unknown/setup.sh
bin/tests/system/unknown/setup.sh
+1
-1
bin/tests/system/upforwd/setup.sh
bin/tests/system/upforwd/setup.sh
+1
-1
bin/tests/system/verify/setup.sh
bin/tests/system/verify/setup.sh
+1
-1
bin/tests/system/views/setup.sh
bin/tests/system/views/setup.sh
+1
-1
bin/tests/system/wildcard/setup.sh
bin/tests/system/wildcard/setup.sh
+1
-1
bin/tests/system/zonechecks/setup.sh
bin/tests/system/zonechecks/setup.sh
+1
-1
No files found.
CHANGES
View file @
dd7d1df8
4595. [func] dnssec-keygen will no longer generate RSA keys
less than 1024 bits in length. dnssec-keymgr
was similarly updated. [RT #36895]
4594. [func] "dnstap-read -x" prints a hex dump of the wire
format of each logged DNS message. [RT #44816]
...
...
bin/dnssec/dnssec-keygen.c
View file @
dd7d1df8
...
...
@@ -89,10 +89,10 @@ usage(void) {
"NSEC3RSASHA1 if using -3)
\n
"
);
fprintf
(
stderr
,
" -3: use NSEC3-capable algorithm
\n
"
);
fprintf
(
stderr
,
" -b <key size in bits>:
\n
"
);
fprintf
(
stderr
,
" RSAMD5:
\t
[
512
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" RSASHA1:
\t
[
512
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" NSEC3RSASHA1:
\t
[
512
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" RSASHA256:
\t
[
512
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" RSAMD5:
\t
[
1024
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" RSASHA1:
\t
[
1024
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" NSEC3RSASHA1:
\t
[
1024
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" RSASHA256:
\t
[
1024
..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" RSASHA512:
\t
[1024..%d]
\n
"
,
MAX_RSA
);
fprintf
(
stderr
,
" DH:
\t\t
[128..4096]
\n
"
);
fprintf
(
stderr
,
" DSA:
\t\t
[512..1024] and divisible by 64
\n
"
);
...
...
@@ -748,7 +748,7 @@ main(int argc, char **argv) {
case
DNS_KEYALG_RSASHA1
:
case
DNS_KEYALG_NSEC3RSASHA1
:
case
DNS_KEYALG_RSASHA256
:
if
(
size
!=
0
&&
(
size
<
512
||
size
>
MAX_RSA
))
if
(
size
!=
0
&&
(
size
<
1024
||
size
>
MAX_RSA
))
fatal
(
"RSA key size %d out of range"
,
size
);
break
;
case
DNS_KEYALG_RSASHA512
:
...
...
bin/dnssec/dnssec-keygen.docbook
View file @
dd7d1df8
...
...
@@ -144,7 +144,7 @@
<para>
Specifies the number of bits in the key. The choice of key
size depends on the algorithm used. RSA keys must be
between
512
and 2048 bits. Diffie Hellman keys must be between
between
1024
and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
bits and an exact multiple of 64. HMAC keys must be
between 1 and 512 bits. Elliptic curve algorithms don't need
...
...
bin/python/isc/policy.py.in
View file @
dd7d1df8
...
...
@@ -131,11 +131,11 @@ class Policy:
directory = None
valid_key_sz_per_algo = {'DSA': [512, 1024],
'NSEC3DSA': [512, 1024],
'RSAMD5': [
512
, 4096],
'RSASHA1': [
512
, 4096],
'RSAMD5': [
1024
, 4096],
'RSASHA1': [
1024
, 4096],
'NSEC3RSASHA1': [512, 4096],
'RSASHA256': [
512
, 4096],
'RSASHA512': [
512
, 4096],
'RSASHA256': [
1024
, 4096],
'RSASHA512': [
1024
, 4096],
'ECCGOST': None,
'ECDSAP256SHA256': None,
'ECDSAP384SHA384': None}
...
...
bin/tests/system/autosign/setup.sh
View file @
dd7d1df8
...
...
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
.
./clean.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
echo
"I:generating keys and preparing zones"
cd
ns1
&&
$SHELL
keygen.sh
bin/tests/system/dlv/setup.sh
View file @
dd7d1df8
...
...
@@ -9,6 +9,6 @@
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
(
cd
ns1
&&
$SHELL
-e
sign.sh
)
bin/tests/system/dlvauto/ns1/sign.sh
View file @
dd7d1df8
...
...
@@ -13,7 +13,7 @@ zone=dlv.isc.org
infile
=
dlv.isc.org.db.in
zonefile
=
dlv.isc.org.db
dlvkey
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
dlvkey
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$dlvkey
.key
>
$zonefile
$SIGNER
-P
-g
-r
$RANDFILE
-o
$zone
$zonefile
>
/dev/null
...
...
@@ -21,7 +21,7 @@ zone=.
infile
=
root.db.in
zonefile
=
root.db
rootkey
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
rootkey
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$rootkey
.key
>
$zonefile
$SIGNER
-P
-g
-r
$RANDFILE
-o
$zone
$zonefile
>
/dev/null
...
...
bin/tests/system/dlvauto/setup.sh
View file @
dd7d1df8
...
...
@@ -11,6 +11,6 @@ SYSTEMTESTTOP=..
$SHELL
clean.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
cd
ns1
&&
$SHELL
sign.sh
bin/tests/system/dlzexternal/setup.sh
View file @
dd7d1df8
...
...
@@ -9,6 +9,6 @@
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
$DDNSCONFGEN
-q
-r
$RANDFILE
-z
example.nil
>
ns1/ddns.key
bin/tests/system/dns64/setup.sh
View file @
dd7d1df8
...
...
@@ -11,6 +11,6 @@ SYSTEMTESTTOP=..
$SHELL
clean.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
cd
ns1
&&
$SHELL
sign.sh
bin/tests/system/dnssec/ns1/sign.sh
View file @
dd7d1df8
...
...
@@ -24,7 +24,7 @@ cp ../ns2/dsset-in-addr.arpa$TP .
grep
"8 [12] "
../ns2/dsset-algroll
$TP
>
dsset-algroll
$TP
cp
../ns6/dsset-optout-tld
$TP
.
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
bin/tests/system/dnssec/ns2/sign.sh
View file @
dd7d1df8
...
...
@@ -98,7 +98,7 @@ privzone=private.secure.example.
privinfile
=
private.secure.example.db.in
privzonefile
=
private.secure.example.db
privkeyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$privzone
`
privkeyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$privzone
`
cat
$privinfile
$privkeyname
.key
>
$privzonefile
...
...
@@ -112,7 +112,7 @@ dlvinfile=dlv.db.in
dlvzonefile
=
dlv.db
dlvsetfile
=
dlvset-
`
echo
$privzone
|sed
-e
"s/
\.
$/
/g"
`
$TP
dlvkeyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$dlvzone
`
dlvkeyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$dlvzone
`
cat
$dlvinfile
$dlvkeyname
.key
$dlvsetfile
>
$dlvzonefile
...
...
bin/tests/system/dnssec/ns3/sign.sh
View file @
dd7d1df8
...
...
@@ -13,9 +13,9 @@ zone=secure.example.
infile
=
secure.example.db.in
zonefile
=
secure.example.db
cnameandkey
=
`
$KEYGEN
-T
KEY
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
host cnameandkey.
$zone
`
dnameandkey
=
`
$KEYGEN
-T
KEY
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
host dnameandkey.
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
cnameandkey
=
`
$KEYGEN
-T
KEY
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
host cnameandkey.
$zone
`
dnameandkey
=
`
$KEYGEN
-T
KEY
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
host dnameandkey.
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$cnameandkey
.key
$dnameandkey
.key
$keyname
.key
>
$zonefile
...
...
@@ -25,7 +25,7 @@ zone=bogus.example.
infile
=
bogus.example.db.in
zonefile
=
bogus.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -35,7 +35,7 @@ zone=dynamic.example.
infile
=
dynamic.example.db.in
zonefile
=
dynamic.example.db
keyname1
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
keyname1
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
keyname2
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
-f
KSK
$zone
`
cat
$infile
$keyname1
.key
$keyname2
.key
>
$zonefile
...
...
@@ -46,7 +46,7 @@ zone=keyless.example.
infile
=
generic.example.db.in
zonefile
=
keyless.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -66,7 +66,7 @@ zone=secure.nsec3.example.
infile
=
secure.nsec3.example.db.in
zonefile
=
secure.nsec3.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -79,7 +79,7 @@ zone=nsec3.nsec3.example.
infile
=
nsec3.nsec3.example.db.in
zonefile
=
nsec3.nsec3.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -92,7 +92,7 @@ zone=optout.nsec3.example.
infile
=
optout.nsec3.example.db.in
zonefile
=
optout.nsec3.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -105,7 +105,7 @@ zone=nsec3.example.
infile
=
nsec3.example.db.in
zonefile
=
nsec3.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -118,7 +118,7 @@ zone=secure.optout.example.
infile
=
secure.optout.example.db.in
zonefile
=
secure.optout.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -131,7 +131,7 @@ zone=nsec3.optout.example.
infile
=
nsec3.optout.example.db.in
zonefile
=
nsec3.optout.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -144,7 +144,7 @@ zone=optout.optout.example.
infile
=
optout.optout.example.db.in
zonefile
=
optout.optout.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -157,7 +157,7 @@ zone=optout.example.
infile
=
optout.example.db.in
zonefile
=
optout.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -170,7 +170,7 @@ zone=nsec3-unknown.example.
infile
=
nsec3-unknown.example.db.in
zonefile
=
nsec3-unknown.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -183,7 +183,7 @@ zone=optout-unknown.example.
infile
=
optout-unknown.example.db.in
zonefile
=
optout-unknown.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -197,7 +197,7 @@ zone=dnskey-unknown.example.
infile
=
dnskey-unknown.example.db.in
zonefile
=
dnskey-unknown.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -216,7 +216,7 @@ zone=dnskey-nsec3-unknown.example.
infile
=
dnskey-nsec3-unknown.example.db.in
zonefile
=
dnskey-nsec3-unknown.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -234,7 +234,7 @@ zone=multiple.example.
infile
=
multiple.example.db.in
zonefile
=
multiple.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -257,7 +257,7 @@ zone=rsasha256.example.
infile
=
rsasha256.example.db.in
zonefile
=
rsasha256.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
@@ -362,7 +362,7 @@ zonefile=ttlpatch.example.db
signedfile
=
ttlpatch.example.db.signed
patchedfile
=
ttlpatch.example.db.patched
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
$SIGNER
-P
-r
$RANDFILE
-f
$signedfile
-o
$zone
$zonefile
>
/dev/null 2>&1
...
...
@@ -377,7 +377,7 @@ infile=split-dnssec.example.db.in
zonefile
=
split-dnssec.example.db
signedfile
=
split-dnssec.example.db.signed
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
echo
'$INCLUDE "'
"
$signedfile
"
'"'
>>
$zonefile
:
>
$signedfile
...
...
@@ -391,7 +391,7 @@ infile=split-smart.example.db.in
zonefile
=
split-smart.example.db
signedfile
=
split-smart.example.db.signed
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
cp
$infile
$zonefile
echo
'$INCLUDE "'
"
$signedfile
"
'"'
>>
$zonefile
:
>
$signedfile
...
...
@@ -495,7 +495,7 @@ zone=badds.example.
infile
=
bogus.example.db.in
zonefile
=
badds.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSAMD5
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
bin/tests/system/dnssec/ns6/sign.sh
View file @
dd7d1df8
...
...
@@ -15,7 +15,7 @@ zone=optout-tld
infile
=
optout-tld.db.in
zonefile
=
optout-tld.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
...
...
bin/tests/system/dnssec/ns7/sign.sh
View file @
dd7d1df8
...
...
@@ -15,8 +15,8 @@ zone=split-rrsig
infile
=
split-rrsig.db.in
zonefile
=
split-rrsig.db
k1
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
768
-n
zone
$zone
`
k2
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
768
-n
zone
$zone
`
k1
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
1024
-n
zone
$zone
`
k2
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA256
-b
1024
-n
zone
$zone
`
cat
$infile
$k1
.key
$k2
.key
>
$zonefile
...
...
bin/tests/system/dnssec/setup.sh
View file @
dd7d1df8
...
...
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
$SHELL
clean.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
cd
ns1
&&
$SHELL
sign.sh
...
...
bin/tests/system/dnssec/tests.sh
View file @
dd7d1df8
...
...
@@ -2938,16 +2938,23 @@ until test $alg = 256
do
size
=
case
$alg
in
1
)
size
=
"-b 512"
;;
1
)
# RSA/MD5
size
=
"-b 1024"
;;
2
)
# Diffie Helman
alg
=
`
expr
$alg
+ 1
`
continue
;;
3
)
size
=
"-b 512"
;;
5
)
size
=
"-b 512"
;;
6
)
size
=
"-b 512"
;;
7
)
size
=
"-b 512"
;;
8
)
size
=
"-b 512"
;;
10
)
size
=
"-b 1024"
;;
3
)
# DSA/SHA1
size
=
"-b 512"
;;
5
)
# RSA/SHA-1
size
=
"-b 1024"
;;
6
)
# DSA-NSEC3-SHA1
size
=
"-b 512"
;;
7
)
# RSASHA1-NSEC3-SHA1
size
=
"-b 1024"
;;
8
)
# RSA/SHA-256
size
=
"-b 1024"
;;
10
)
# RSA/SHA-512
size
=
"-b 1024"
;;
157|160|161|162|163|164|165
)
# private - non standard
alg
=
`
expr
$alg
+ 1
`
continue
;;
...
...
bin/tests/system/dsdigest/setup.sh
View file @
dd7d1df8
...
...
@@ -9,6 +9,6 @@
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
cd
ns1
&&
$SHELL
sign.sh
bin/tests/system/ecdsa/setup.sh
View file @
dd7d1df8
...
...
@@ -9,6 +9,6 @@
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
cd
ns1
&&
$SHELL
sign.sh
bin/tests/system/filter-aaaa/setup.sh
View file @
dd7d1df8
...
...
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
$SHELL
clean.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
cp
ns1/named1.conf ns1/named.conf
cp
ns2/named1.conf ns2/named.conf
...
...
bin/tests/system/gost/setup.sh
View file @
dd7d1df8
...
...
@@ -9,6 +9,6 @@
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
cd
ns1
&&
$SHELL
sign.sh
bin/tests/system/inline/ns1/sign.sh
View file @
dd7d1df8
...
...
@@ -14,7 +14,7 @@ SYSTEMTESTTOP=../..
zone
=
.
rm
-f
K.+
*
+
*
.key
rm
-f
K.+
*
+
*
.private
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
-f
KSK
$zone
`
$SIGNER
-S
-x
-T
1200
-o
${
zone
}
root.db
>
signer.out 2>&1
[
$?
=
0
]
||
cat
signer.out
...
...
bin/tests/system/inline/ns3/sign.sh
View file @
dd7d1df8
...
...
@@ -12,35 +12,35 @@ SYSTEMTESTTOP=../..
zone
=
bits
rm
-f
K
${
zone
}
.+
*
+
*
.key
rm
-f
K
${
zone
}
.+
*
+
*
.private
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
-f
KSK
$zone
`
$DSFROMKEY
-T
1200
$keyname
>>
../ns1/root.db
zone
=
noixfr
rm
-f
K
${
zone
}
.+
*
+
*
.key
rm
-f
K
${
zone
}
.+
*
+
*
.private
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
-f
KSK
$zone
`
$DSFROMKEY
-T
1200
$keyname
>>
../ns1/root.db
zone
=
master
rm
-f
K
${
zone
}
.+
*
+
*
.key
rm
-f
K
${
zone
}
.+
*
+
*
.private
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
-f
KSK
$zone
`
$DSFROMKEY
-T
1200
$keyname
>>
../ns1/root.db
zone
=
dynamic
rm
-f
K
${
zone
}
.+
*
+
*
.key
rm
-f
K
${
zone
}
.+
*
+
*
.private
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
-f
KSK
$zone
`
$DSFROMKEY
-T
1200
$keyname
>>
../ns1/root.db
zone
=
updated
rm
-f
K
${
zone
}
.+
*
+
*
.key
rm
-f
K
${
zone
}
.+
*
+
*
.private
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
-f
KSK
$zone
`
$DSFROMKEY
-T
1200
$keyname
>>
../ns1/root.db
$SIGNER
-S
-O
raw
-L
2000042407
-o
${
zone
}
${
zone
}
.db
>
/dev/null 2>&1
...
...
@@ -50,7 +50,7 @@ cp master2.db.in updated.db
zone
=
expired
rm
-f
K
${
zone
}
.+
*
+
*
.key
rm
-f
K
${
zone
}
.+
*
+
*
.private
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
-f
KSK
$zone
`
$DSFROMKEY
-T
1200
$keyname
>>
../ns1/root.db
$SIGNER
-PS
-s
20100101000000
-e
20110101000000
-O
raw
-L
2000042407
-o
${
zone
}
${
zone
}
.db
>
/dev/null 2>&1
...
...
@@ -58,7 +58,7 @@ $SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone}
zone
=
retransfer
rm
-f
K
${
zone
}
.+
*
+
*
.key
rm
-f
K
${
zone
}
.+
*
+
*
.private
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
-f
KSK
$zone
`
$DSFROMKEY
-T
1200
$keyname
>>
../ns1/root.db
...
...
@@ -71,20 +71,20 @@ $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
zone
=
retransfer3
rm
-f
K
${
zone
}
.+
*
+
*
.key
rm
-f
K
${
zone
}
.+
*
+
*
.private
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
NSEC3RSASHA1
-b
1024
-n
zone
-f
KSK
$zone
`
$DSFROMKEY
-T
1200
$keyname
>>
../ns1/root.db
for
s
in
a c d h k l m q z
do
zone
=
test-
$s
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
done
for
s
in
b f i o p t v
do
zone
=
test-
$s
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
-f
KSK
$zone
`
done
...
...
bin/tests/system/inline/setup.sh
View file @
dd7d1df8
...
...
@@ -9,7 +9,7 @@ SYSTEMTESTTOP=..
$SHELL
clean.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
cp
ns1/root.db.in ns1/root.db
rm
-f
ns1/root.db.signed
...
...
bin/tests/system/keepalive/setup.sh
View file @
dd7d1df8
...
...
@@ -11,4 +11,4 @@ SYSTEMTESTTOP=..
$SHELL
clean.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
bin/tests/system/legacy/build.sh
View file @
dd7d1df8
...
...
@@ -9,7 +9,7 @@
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
$SHELL
clean.sh
...
...
bin/tests/system/masterformat/setup.sh
View file @
dd7d1df8
...
...
@@ -7,7 +7,7 @@
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
rm
-f
named-compilezone
ln
-s
$CHECKZONE
named-compilezone
...
...
bin/tests/system/metadata/setup.sh
View file @
dd7d1df8
...
...
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
$SHELL
./clean.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE
test
-r
$RANDFILE
||
$GENRANDOM
8
00
$RANDFILE
pzone
=
parent.nil
czone
=
child.parent.nil
...
...
bin/tests/system/metadata/tests.sh
View file @
dd7d1df8
...
...
@@ -28,7 +28,7 @@ rolling=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < rolling.key`
standby
=
`
sed
's/^K'
${
czone
}
'.+005+0*\([0-9]\)/\1/'
< standby.key
`
zsk
=
`
sed
's/^K'
${
czone
}
'.+005+0*\([0-9]\)/\1/'
< zsk.key
`
$GENRANDOM
4
00
$RANDFILE
$GENRANDOM
8
00
$RANDFILE
echo
"I:signing zones"
$SIGNER
-Sg
-o
$czone
$cfile
>
/dev/null 2>&1
...
...
bin/tests/system/mkeys/setup.sh
View file @
dd7d1df8
...
...
@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
$SHELL
clean.sh
test
-r
$RANDFILE
||
$GENRANDOM
4
00
$RANDFILE