Add "-r $RANDFILE" where it is missing

If the path to the source of random data is not passed explicitly to
dnssec-keygen or dnssec-signzone and the --with-randomdev compile-time
switch is not used, the aforementioned utilities will hang if the
default source of random data (/dev/random) runs out of entropy.  Use
"-r $RANDFILE" to prevent that from happening in affected system tests.

diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh
index ff55d84b9c8dd146c84d91703814b241017528aa..b5fce0f854089c17436ba5ff747401d26ff26531 100644 (file)
--- a/bin/tests/system/dnssec/ns3/sign.sh
+++ b/bin/tests/system/dnssec/ns3/sign.sh
@@ -219,11 +219,11 @@ zone=dnskey-unsupported.example.
 infile=dnskey-unsupported.example.db.in
 zonefile=dnskey-unsupported.example.db
 
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -r $RANDFILE -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
 
 cat "$infile" "$keyname.key" > "$zonefile"
 
-"$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -3 - -r $RANDFILE -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
 
 awk '$4 == "DNSKEY" { $7 = 255; print } $4 == "RRSIG" { $6 = 255; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
 
@@ -238,13 +238,12 @@ zone=dnskey-unsupported-2.example.
 infile=dnskey-unsupported-2.example.db.in
 zonefile=dnskey-unsupported-2.example.db
 
-ksk=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
-zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ksk=$("$KEYGEN" -f KSK -q -r $RANDFILE -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+zsk=$("$KEYGEN" -q -r $RANDFILE -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
 
 cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key > "$zonefile"
 
-# "$SIGNER" -P -3 - -o "$zone" -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
-"$SIGNER" -P -3 - -o "$zone" -f ${zonefile}.signed "$zonefile"
+"$SIGNER" -P -3 - -r $RANDFILE -o "$zone" -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
 
 #
 # A zone with a unknown DNSKEY algorithm + unknown NSEC3 hash algorithm (-U).

diff --git a/bin/tests/system/dupsigs/ns1/reset_keys.sh b/bin/tests/system/dupsigs/ns1/reset_keys.sh
index f03503f762cb9752f0d281bb05ecac36b95c6c83..42ce8ac20b1d645a091cac34c985ca4949dede9c 100644 (file)
--- a/bin/tests/system/dupsigs/ns1/reset_keys.sh
+++ b/bin/tests/system/dupsigs/ns1/reset_keys.sh
@@ -22,6 +22,8 @@ timetodnssec() {
 }
 
 KEYDIR=keys/signing.test
+KEYGEN="$KEYGEN -r $RANDFILE"
+
 KSK=`$KEYGEN -a RSASHA256 -b 1024 -K $KEYDIR -q -f KSK $zone`
 
 ZSK0=`$KEYGEN -a RSASHA256 -b 1024 -K $KEYDIR -q $zone`

diff --git a/bin/tests/system/keymgr/tests.sh b/bin/tests/system/keymgr/tests.sh
index 66ddf1f0e453ee397621c904f4e8980eb45a1d63..2ed592f43cc04b5dd0a117b8db098058aeb44b81 100644 (file)
--- a/bin/tests/system/keymgr/tests.sh
+++ b/bin/tests/system/keymgr/tests.sh
@@ -116,16 +116,16 @@ done
 
 echo_i "checking domains ending in . ($n)"
 ret=0
-$KEYMGR -g $KEYGEN -s $SETTIME . > keymgr.1.$n 2>&1
+$KEYMGR -g $KEYGEN -r $RANDFILE -s $SETTIME . > keymgr.1.$n 2>&1
 nkeys=`grep dnssec-keygen keymgr.1.$n | wc -l`
 [ "$nkeys" -eq 2 ] || ret=1
-$KEYMGR -g $KEYGEN -s $SETTIME . > keymgr.2.$n 2>&1
+$KEYMGR -g $KEYGEN -r $RANDFILE -s $SETTIME . > keymgr.2.$n 2>&1
 nkeys=`grep dnssec-keygen keymgr.2.$n | wc -l`
 [ "$nkeys" -eq 0 ] || ret=1
-$KEYMGR -g $KEYGEN -s $SETTIME example.com. > keymgr.3.$n 2>&1
+$KEYMGR -g $KEYGEN -r $RANDFILE -s $SETTIME example.com. > keymgr.3.$n 2>&1
 nkeys=`grep dnssec-keygen keymgr.3.$n | wc -l`
 [ "$nkeys" -eq 2 ] || ret=1
-$KEYMGR -g $KEYGEN -s $SETTIME example.com. > keymgr.4.$n 2>&1
+$KEYMGR -g $KEYGEN -r $RANDFILE -s $SETTIME example.com. > keymgr.4.$n 2>&1
 nkeys=`grep dnssec-keygen keymgr.4.$n | wc -l`
 [ "$nkeys" -eq 0 ] || ret=1
 status=`expr $status + $ret`

diff --git a/bin/tests/system/mkeys/ns6/setup.sh b/bin/tests/system/mkeys/ns6/setup.sh
index 3416faf625601fb4c9aa258b9831c87f75233805..6f196c20db4fbac918af6a0b4a808551d11b49a0 100644 (file)
--- a/bin/tests/system/mkeys/ns6/setup.sh
+++ b/bin/tests/system/mkeys/ns6/setup.sh
@@ -16,7 +16,7 @@ zone=.
 zonefile=root.db
 
 # an RSA key
-rsakey=`$KEYGEN -a rsasha256 -b 2048 -qfk rsasha256.`
+rsakey=`$KEYGEN -a rsasha256 -b 2048 -r $RANDFILE -qfk rsasha256.`
 
 # a key with unsupported algorithm
 unsupportedkey=Kunknown.+255+00000