From: Petr Špaček <pspacek@isc.org>
Date: Fri, 11 Jul 2025 09:17:05 +0000 (+0200)
Subject: Randomize NSEC3 salt
X-Git-Tag: v9.21.11~22^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=46781845ea96f5e1e6052141b1ac844c5483a8ca;p=thirdparty%2Fbind9.git

Randomize NSEC3 salt

This should prevent the case where are are unlucky enough that static
values hash 'just right' for the test to pass, but only accidentally.
---

diff --git a/bin/tests/system/nsec3-answer/ns1/sign.sh b/bin/tests/system/nsec3-answer/ns1/sign.sh
index c91bbdbd64f..78e33119f6d 100644
--- a/bin/tests/system/nsec3-answer/ns1/sign.sh
+++ b/bin/tests/system/nsec3-answer/ns1/sign.sh
@@ -27,6 +27,8 @@ zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
 
 cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile"
 
-"$SIGNER" -3 - -o "$zone" "$zonefile" 2>&1 >"$zonefile.sign.log"
+SALT="$(printf "%04x" "$(($(date +%s) / 3600 % 65536))")"
+echo_ic "NSEC3 salt for this hour: $SALT"
+"$SIGNER" -3 "$SALT" -o "$zone" "$zonefile" 2>&1 >"$zonefile.sign.log"
 
 keyfile_to_initial_ds "$ksk" >managed-keys.conf