[PR #2986] [MERGED] Simplify signing #3472

New issue

Closed

opened 2026-03-16 11:45:31 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 11:45:31 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/2986
Author: @djc
Created: 5/10/2025
Status: ✅ Merged
Merged: 5/26/2025
Merged by: @djc

Base: main ← Head: simplify-signing

📝 Commits (10+)

a71c920 proto: simplify signing code
a87dce0 proto: use SerialNumber for SIG state
7f27cf1 proto: extract SigInput type
cd179af proto: reduce repetition in test
e22a178 proto: take SigInput directly for signing and verification
6643165 proto: avoid unnecessary combinators
de44db1 proto: remove problematic SIG::set_sig() API
936c128 proto: hoist creation of SigInput
30edfc2 proto: move message_tbs() to TBS::from_message()
35b5b4f proto: deduplicate SigInput encoding

📊 Changes

17 files changed (+412 additions, -819 deletions)

View changed files

📝 bin/tests/integration/authority_battery/dnssec.rs (+3 -3)
📝 bin/tests/integration/server_harness/mod.rs (+2 -2)
📝 crates/proto/src/dnssec/dnssec_dns_handle/mod.rs (+17 -17)
📝 crates/proto/src/dnssec/dnssec_dns_handle/nsec3_validation.rs (+1 -1)
📝 crates/proto/src/dnssec/rdata/mod.rs (+1 -1)
📝 crates/proto/src/dnssec/rdata/rrsig.rs (+102 -50)
📝 crates/proto/src/dnssec/rdata/sig.rs (+115 -310)
📝 crates/proto/src/dnssec/signer.rs (+64 -79)
📝 crates/proto/src/dnssec/tbs.rs (+75 -183)
📝 crates/proto/src/dnssec/verifier.rs (+6 -5)
📝 crates/proto/src/rr/rr_set.rs (+0 -119)
📝 crates/proto/src/rr/serial_number.rs (+12 -1)
📝 crates/resolver/src/dns_lru.rs (+1 -1)
📝 crates/server/src/store/in_memory/inner.rs (+9 -43)
📝 crates/server/src/store/sqlite/mod.rs (+2 -2)
📝 tests/integration-tests/tests/integration/catalog_tests.rs (+1 -1)
📝 tests/integration-tests/tests/integration/sqlite_authority_tests.rs (+1 -1)

📄 Description

There was a bunch of many-argument functions, partial initialization and weird inside-out construction going on. Try to clean it up by extracting common parts and avoiding partial initialization opportunities via the public API.

@divergentdave this conflicts with your PR -- happy to land this after yours if you prefer.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/2986 **Author:** [@djc](https://github.com/djc) **Created:** 5/10/2025 **Status:** ✅ Merged **Merged:** 5/26/2025 **Merged by:** [@djc](https://github.com/djc) **Base:** `main` ← **Head:** `simplify-signing` --- ### 📝 Commits (10+) - [`a71c920`](https://github.com/hickory-dns/hickory-dns/commit/a71c9200b87f7d86bc18e99f92533673060450f5) proto: simplify signing code - [`a87dce0`](https://github.com/hickory-dns/hickory-dns/commit/a87dce0942374a64c355860d76716c580da69286) proto: use SerialNumber for SIG state - [`7f27cf1`](https://github.com/hickory-dns/hickory-dns/commit/7f27cf1c46b3a51ecda03d6fc735d8b997148b0e) proto: extract SigInput type - [`cd179af`](https://github.com/hickory-dns/hickory-dns/commit/cd179affa7ccb192bddaad89999d65a65fc153f0) proto: reduce repetition in test - [`e22a178`](https://github.com/hickory-dns/hickory-dns/commit/e22a178ee5abad4afc9cad0d581c639df43b470f) proto: take SigInput directly for signing and verification - [`6643165`](https://github.com/hickory-dns/hickory-dns/commit/6643165f444d4099bcfcf013ec737fdf41ca918b) proto: avoid unnecessary combinators - [`de44db1`](https://github.com/hickory-dns/hickory-dns/commit/de44db1cf87868f6c7199a79149ee7baefb6722c) proto: remove problematic SIG::set_sig() API - [`936c128`](https://github.com/hickory-dns/hickory-dns/commit/936c128a106334d8efb788c6682f3c25228dbd7f) proto: hoist creation of SigInput - [`30edfc2`](https://github.com/hickory-dns/hickory-dns/commit/30edfc2756ece1a7827f6874010b9485541be54f) proto: move message_tbs() to TBS::from_message() - [`35b5b4f`](https://github.com/hickory-dns/hickory-dns/commit/35b5b4fbc94db8d6f1a16b41125382423c82e5b9) proto: deduplicate SigInput encoding ### 📊 Changes **17 files changed** (+412 additions, -819 deletions) <details> <summary>View changed files</summary> 📝 `bin/tests/integration/authority_battery/dnssec.rs` (+3 -3) 📝 `bin/tests/integration/server_harness/mod.rs` (+2 -2) 📝 `crates/proto/src/dnssec/dnssec_dns_handle/mod.rs` (+17 -17) 📝 `crates/proto/src/dnssec/dnssec_dns_handle/nsec3_validation.rs` (+1 -1) 📝 `crates/proto/src/dnssec/rdata/mod.rs` (+1 -1) 📝 `crates/proto/src/dnssec/rdata/rrsig.rs` (+102 -50) 📝 `crates/proto/src/dnssec/rdata/sig.rs` (+115 -310) 📝 `crates/proto/src/dnssec/signer.rs` (+64 -79) 📝 `crates/proto/src/dnssec/tbs.rs` (+75 -183) 📝 `crates/proto/src/dnssec/verifier.rs` (+6 -5) 📝 `crates/proto/src/rr/rr_set.rs` (+0 -119) 📝 `crates/proto/src/rr/serial_number.rs` (+12 -1) 📝 `crates/resolver/src/dns_lru.rs` (+1 -1) 📝 `crates/server/src/store/in_memory/inner.rs` (+9 -43) 📝 `crates/server/src/store/sqlite/mod.rs` (+2 -2) 📝 `tests/integration-tests/tests/integration/catalog_tests.rs` (+1 -1) 📝 `tests/integration-tests/tests/integration/sqlite_authority_tests.rs` (+1 -1) </details> ### 📄 Description There was a bunch of many-argument functions, partial initialization and weird inside-out construction going on. Try to clean it up by extracting common parts and avoiding partial initialization opportunities via the public API. @divergentdave this conflicts with your PR -- happy to land this after yours if you prefer. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>