Add the ability specify the signing / verification time

When fuzzing it is useful for all signing operations to happen
at a specific time for reproducability.  Add two variables to
the message structure (fuzzing and fuzztime) to specify if a
fixed time should be used and the value of that time.

(cherry picked from commit 3e85d8c3d69d62ee585a5544c1454b452cab917e)

diff --git a/lib/dns/dnssec.c b/lib/dns/dnssec.c
index 17ee8bd87eba8b2be206948d1984cee702901543..2adc9747d9d879fe3ba90ccfe09e27a2832dbc10 100644 (file)
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@@ -973,7 +973,11 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
        sig.labels = 0; /* the root name */
        sig.originalttl = 0;
 
-       isc_stdtime_get(&now);
+       if (msg->fuzzing) {
+               now = msg->fuzztime;
+       } else {
+               isc_stdtime_get(&now);
+       }
        sig.timesigned = now - DNS_TSIG_FUDGE;
        sig.timeexpire = now + DNS_TSIG_FUDGE;
 
@@ -1118,7 +1122,12 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
                goto failure;
        }
 
-       isc_stdtime_get(&now);
+       if (msg->fuzzing) {
+               now = msg->fuzztime;
+       } else {
+               isc_stdtime_get(&now);
+       }
+
        if (isc_serial_lt((uint32_t)now, sig.timesigned)) {
                result = DNS_R_SIGFUTURE;
                msg->sig0status = dns_tsigerror_badtime;

diff --git a/lib/dns/include/dns/message.h b/lib/dns/include/dns/message.h
index ea4574243985f333151fff29095b5ea766430ada..fe51fcfe24ba4a2742aa376da21fcd93e993164b 100644 (file)
--- a/lib/dns/include/dns/message.h
+++ b/lib/dns/include/dns/message.h
@@ -235,6 +235,7 @@ struct dns_message {
        unsigned int cc_bad           : 1;
        unsigned int tkey             : 1;
        unsigned int rdclass_set      : 1;
+       unsigned int fuzzing          : 1;
 
        unsigned int opt_reserved;
        unsigned int sig_reserved;
@@ -277,6 +278,11 @@ struct dns_message {
        isc_region_t query;
        isc_region_t saved;
 
+       /*
+        * Time to be used when fuzzing.
+        */
+       isc_stdtime_t fuzztime;
+
        dns_rdatasetorderfunc_t order;
        dns_sortlist_arg_t      order_arg;
 

diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c
index 8f4c3b9d1b490480616135c56b583b58276e909d..7b0129f1a8f9bbf65649091a92da4d0300b7cefd 100644 (file)
--- a/lib/dns/tsig.c
+++ b/lib/dns/tsig.c
@@ -800,7 +800,12 @@ dns_tsig_sign(dns_message_t *msg) {
        dns_name_init(&tsig.algorithm, NULL);
        dns_name_clone(key->algorithm, &tsig.algorithm);
 
-       isc_stdtime_get(&now);
+       if (msg->fuzzing) {
+               now = msg->fuzztime;
+       } else {
+               isc_stdtime_get(&now);
+       }
+
        tsig.timesigned = now + msg->timeadjust;
        tsig.fudge = DNS_TSIG_FUDGE;
 
@@ -1168,7 +1173,11 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
        /*
         * Get the current time.
         */
-       isc_stdtime_get(&now);
+       if (msg->fuzzing) {
+               now = msg->fuzztime;
+       } else {
+               isc_stdtime_get(&now);
+       }
 
        /*
         * Find dns_tsigkey_t based on keyname.
@@ -1666,7 +1675,11 @@ tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
                /*
                 * Is the time ok?
                 */
-               isc_stdtime_get(&now);
+               if (msg->fuzzing) {
+                       now = msg->fuzztime;
+               } else {
+                       isc_stdtime_get(&now);
+               }
 
                if (now + msg->timeadjust > tsig.timesigned + tsig.fudge) {
                        msg->tsigstatus = dns_tsigerror_badtime;