1 # Copyright (C) Internet Systems Consortium, Inc. ("ISC") 2 # 3 # SPDX-License-Identifier: MPL-2.0 4 # 5 # This Source Code Form is subject to the terms of the Mozilla Public 6 # License, v. 2.0. If a copy of the MPL was not distributed with this 7 # file, you can obtain one at https://mozilla.org/MPL/2.0/. 8 # 9 # See the COPYRIGHT file distributed with this work for additional 10 # information regarding copyright ownership. 11 12 import os 13 import subprocess 14 15 import dns.message 16 import pytest 17 18 import isctest 19 20 pytestmark = pytest.mark.extra_artifacts( 21 [ 22 "dig.out.*", 23 "options.conf", 24 "ns*/dsset-*", 25 "ns*/K*", 26 "ns*/trusted.conf", 27 "ns*/*.signed", 28 "ns1/root.db", 29 "ns2/signer.err", 30 ] 31 ) 32 33 CHECKCONF = os.environ["CHECKCONF"] 34 35 36 @pytest.mark.parametrize("exponent_size", [0, 35, 666, 1024, 2048, 3072, 4096]) 37 def test_max_rsa_exponent_size_good(exponent_size, templates): 38 templates.render("options.conf", {"max_rsa_exponent_size": exponent_size}) 39 isctest.run.cmd([CHECKCONF, "options.conf"]) 40 41 42 @pytest.mark.parametrize("exponent_size", [1, 34, 4097]) 43 def test_max_rsa_exponent_size_bad(exponent_size, templates): 44 templates.render("options.conf", {"max_rsa_exponent_size": exponent_size}) 45 with pytest.raises(subprocess.CalledProcessError): 46 isctest.run.cmd([CHECKCONF, "options.conf"]) 47 48 49 def test_rsa_big_exponent_keys_cant_load(): 50 with open("ns2/signer.err", encoding="utf-8") as file: 51 assert ( 52 "dnssec-signzone: fatal: cannot load dnskey Kexample.+008+52810.key: out of range" 53 in file.read() 54 ) 55 56 57 def test_rsa_big_exponent_keys_cant_validate(): 58 msg = dns.message.make_query("a.example.", "A") 59 res2 = isctest.query.tcp(msg, "10.53.0.2") 60 isctest.check.noerror(res2) 61 res3 = isctest.query.tcp(msg, "10.53.0.3") 62 isctest.check.servfail(res3) 63
Indexes created Wed Mar 04 05:31:52 UTC 2026