summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/rsabigexponent
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--bin/tests/system/rsabigexponent/Makefile.in50
-rw-r--r--bin/tests/system/rsabigexponent/bigkey.c258
-rw-r--r--bin/tests/system/rsabigexponent/clean.sh20
-rw-r--r--bin/tests/system/rsabigexponent/conf/bad01.conf14
-rw-r--r--bin/tests/system/rsabigexponent/conf/bad02.conf14
-rw-r--r--bin/tests/system/rsabigexponent/conf/bad03.conf14
-rw-r--r--bin/tests/system/rsabigexponent/conf/good01.conf14
-rw-r--r--bin/tests/system/rsabigexponent/conf/good02.conf14
-rw-r--r--bin/tests/system/rsabigexponent/conf/good03.conf14
-rw-r--r--bin/tests/system/rsabigexponent/ns1/named.conf.in33
-rw-r--r--bin/tests/system/rsabigexponent/ns1/root.db.in22
-rwxr-xr-xbin/tests/system/rsabigexponent/ns1/sign.sh32
-rw-r--r--bin/tests/system/rsabigexponent/ns2/Xexample.+005+05896.key2
-rw-r--r--bin/tests/system/rsabigexponent/ns2/Xexample.+005+05896.private10
-rw-r--r--bin/tests/system/rsabigexponent/ns2/Xexample.+005+51829.key2
-rw-r--r--bin/tests/system/rsabigexponent/ns2/Xexample.+005+51829.private10
-rw-r--r--bin/tests/system/rsabigexponent/ns2/dsset-example.in2
-rw-r--r--bin/tests/system/rsabigexponent/ns2/example.db.bad110
-rw-r--r--bin/tests/system/rsabigexponent/ns2/example.db.in21
-rw-r--r--bin/tests/system/rsabigexponent/ns2/named.conf.in37
-rwxr-xr-xbin/tests/system/rsabigexponent/ns2/sign.sh27
-rw-r--r--bin/tests/system/rsabigexponent/ns3/named.conf.in34
-rw-r--r--bin/tests/system/rsabigexponent/prereq.sh24
-rw-r--r--bin/tests/system/rsabigexponent/setup.sh23
-rw-r--r--bin/tests/system/rsabigexponent/tests.sh55
25 files changed, 856 insertions, 0 deletions
diff --git a/bin/tests/system/rsabigexponent/Makefile.in b/bin/tests/system/rsabigexponent/Makefile.in
new file mode 100644
index 0000000..af2b0f1
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/Makefile.in
@@ -0,0 +1,50 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# $Id$
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+VERSION=@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
+
+CDEFINES = @CRYPTO@
+CWARNINGS =
+
+DNSLIBS = ../../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCLIBS = ../../../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
+
+DNSDEPLIBS = ../../../../lib/dns/libdns.@A@
+ISCDEPLIBS = ../../../../lib/isc/libisc.@A@
+
+DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
+
+TARGETS = bigkey@EXEEXT@
+
+OBJS = bigkey.@O@
+
+SRCS = bigkey.c
+
+@BIND9_MAKE_RULES@
+
+all: bigkey@EXEEXT@
+
+bigkey@EXEEXT@: ${OBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${OBJS} ${LIBS}
+
+clean distclean::
+ rm -f ${TARGETS}
+
diff --git a/bin/tests/system/rsabigexponent/bigkey.c b/bin/tests/system/rsabigexponent/bigkey.c
new file mode 100644
index 0000000..4462f2e
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/bigkey.c
@@ -0,0 +1,258 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+
+#include <config.h>
+
+#if defined(OPENSSL) || defined(PKCS11CRYPTO)
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <isc/buffer.h>
+#include <isc/entropy.h>
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/region.h>
+#include <isc/stdio.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#define DST_KEY_INTERNAL
+
+#include <dns/dnssec.h>
+#include <dns/fixedname.h>
+#include <dns/keyvalues.h>
+#include <dns/log.h>
+#include <dns/name.h>
+#include <dns/rdataclass.h>
+#include <dns/result.h>
+#include <dns/secalg.h>
+
+#include <dst/dst.h>
+#include <dst/result.h>
+
+#ifdef OPENSSL
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER <= 0x00908000L
+#define USE_FIX_KEY_FILES
+#endif
+#else
+#define USE_FIX_KEY_FILES
+#endif
+
+#ifdef USE_FIX_KEY_FILES
+
+/*
+ * Use a fixed key file pair if OpenSSL doesn't support > 32 bit exponents.
+ */
+
+int
+main(int argc, char **argv) {
+ FILE *fp;
+
+ UNUSED(argc);
+ UNUSED(argv);
+
+ fp = fopen("Kexample.+005+10264.private", "w");
+ if (fp == NULL) {
+ perror("fopen(Kexample.+005+10264.private)");
+ exit(1);
+ }
+
+ fputs("Private-key-format: v1.3\n", fp);
+ fputs("Algorithm: 5 (RSASHA1)\n", fp);
+ fputs("Modulus: yhNbLRPA7VpLCXcgMvBwsfe7taVaTvLPY3AI+YolKwqD6"
+ "/3nLlCcz4kBOTOkQBf9bmO98WnKuOWoxuEOgudoDvQOzXNl9RJtt61"
+ "IRMscAlsVtTIfAjPLhcGy32l2s5VYWWVXx/qkcf+i/JC38YXIuVdiA"
+ "MtbgQV40ffM4lAbZ7M=\n", fp);
+ fputs("PublicExponent: AQAAAAAAAQ==\n", fp);
+ fputs("PrivateExponent: gfXvioazoFIJp3/H2kJncrRZaqjIf9+21CL1i"
+ "XecBOof03er8ym5AKopZQM8ie+qxvhDkIJ8YDrB7UbDxmFpPceHWYM"
+ "X0vDWQCIiEiKzRfCsBOjgJu6HS15G/oZDqDwKat+yegtzxhg48BCPq"
+ "zfHLXXUvBTA/HK/u8L1LwggqHk=\n", fp);
+ fputs("Prime1: 7xAPHsNnS0w7CoEnIQiu+SrmHsy86HKJOEm9FiQybRVCwf"
+ "h4ZRQl+Z9mUbb9skjPvkM6ZeuzXTFkOjdck2y1NQ==\n", fp);
+ fputs("Prime2: 2GRzzqyRR2gfITPug8Rddxt647/2DrAuKricX/AXyGcuHM"
+ "vTZ+v+mfgJn6TFqSn4SBF2zHJ876lWbQ+12aNORw==\n", fp);
+ fputs("Exponent1: PnGTwxiT59N/Rq/FSAwcwoAudiF/X3iK0X09j9Dl8cY"
+ "DYAJ0bhB9es1LIaSsgLSER2b1kHbCp+FQXGVHJeZ07Q==\n", fp);
+ fputs("Exponent2: Ui+zxA/zbnUSYnz+wdbrfBD2aTeKytZG4ASI3oPDZag"
+ "V9YC0eZRPjI82KQcFXoj1b/fV/HzT9/9rhU4mvCGjLw==\n", fp);
+ fputs("Coefficient: sdCL6AdOaCr9c+RO8NCA492MOT9w7K9d/HauC+fif"
+ "2iWN36dA+BCKaeldS/+6ZTnV2ZVyVFQTeLJM8hplxDBwQ==\n", fp);
+
+ if (fclose(fp) != 0) {
+ perror("fclose(Kexample.+005+10264.private)");
+ exit(1);
+ }
+
+ fp = fopen("Kexample.+005+10264.key", "w");
+ if (fp == NULL) {
+ perror("fopen(Kexample.+005+10264.key)");
+ exit(1);
+ }
+
+ fputs("; This is a zone-signing key, keyid 10264, for example.\n", fp);
+ fputs("example. IN DNSKEY 256 3 5 BwEAAAAAAAHKE1stE8DtWksJdyA"
+ "y8HCx97u1pVpO8s9jcAj5iiUrCoPr /ecuUJzPiQE5M6RAF/1uY73x"
+ "acq45ajG4Q6C52gO9A7Nc2X1Em23rUhE yxwCWxW1Mh8CM8uFwbLfaX"
+ "azlVhZZVfH+qRx/6L8kLfxhci5V2IAy1uB BXjR98ziUBtnsw==\n", fp);
+
+ if (fclose(fp) != 0) {
+ perror("close(Kexample.+005+10264.key)");
+ exit(1);
+ }
+
+ return(0);
+}
+#else
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+
+dst_key_t *key;
+dns_fixedname_t fname;
+dns_name_t *name;
+unsigned int bits = 1024U;
+isc_entropy_t *ectx;
+isc_entropysource_t *source;
+isc_mem_t *mctx;
+isc_log_t *log_;
+isc_logconfig_t *logconfig;
+int level = ISC_LOG_WARNING;
+isc_logdestination_t destination;
+char filename[255];
+isc_result_t result;
+isc_buffer_t buf;
+RSA *rsa;
+BIGNUM *e;
+EVP_PKEY *pkey;
+
+#define CHECK(op, msg) \
+do { result = (op); \
+ if (result != ISC_R_SUCCESS) { \
+ fprintf(stderr, \
+ "fatal error: %s returns %s at file %s line %d\n", \
+ msg, isc_result_totext(result), __FILE__, __LINE__); \
+ exit(1); \
+ } \
+} while (0)
+
+int
+main(int argc, char **argv) {
+ UNUSED(argc);
+ UNUSED(argv);
+
+ rsa = RSA_new();
+ e = BN_new();
+ pkey = EVP_PKEY_new();
+
+ if ((rsa == NULL) || (e == NULL) || (pkey == NULL) ||
+ !EVP_PKEY_set1_RSA(pkey, rsa)) {
+ fprintf(stderr, "fatal error: basic OpenSSL failure\n");
+ exit(1);
+ }
+
+ /* e = 0x1000000000001 */
+ BN_set_bit(e, 0);
+ BN_set_bit(e, 48);
+
+ if (RSA_generate_key_ex(rsa, bits, e, NULL)) {
+ BN_free(e);
+ RSA_free(rsa);
+ } else {
+ fprintf(stderr,
+ "fatal error: RSA_generate_key_ex() fails "
+ "at file %s line %d\n",
+ __FILE__, __LINE__);
+ exit(1);
+ }
+
+ dns_result_register();
+
+ CHECK(isc_mem_create(0, 0, &mctx), "isc_mem_create()");
+ CHECK(isc_entropy_create(mctx, &ectx), "isc_entropy_create()");
+ CHECK(isc_entropy_usebestsource(ectx, &source,
+ "../random.data",
+ ISC_ENTROPY_KEYBOARDNO),
+ "isc_entropy_usebestsource(\"../random.data\")");
+ CHECK(dst_lib_init2(mctx, ectx, NULL, 0), "dst_lib_init2()");
+ CHECK(isc_log_create(mctx, &log_, &logconfig), "isc_log_create()");
+ isc_log_setcontext(log_);
+ dns_log_init(log_);
+ dns_log_setcontext(log_);
+ CHECK(isc_log_settag(logconfig, "bigkey"), "isc_log_settag()");
+ destination.file.stream = stderr;
+ destination.file.name = NULL;
+ destination.file.versions = ISC_LOG_ROLLNEVER;
+ destination.file.maximum_size = 0;
+ CHECK(isc_log_createchannel(logconfig, "stderr",
+ ISC_LOG_TOFILEDESC,
+ level,
+ &destination,
+ ISC_LOG_PRINTTAG | ISC_LOG_PRINTLEVEL),
+ "isc_log_createchannel()");
+ CHECK(isc_log_usechannel(logconfig, "stderr", NULL, NULL),
+ "isc_log_usechannel()");
+ name = dns_fixedname_initname(&fname);
+ isc_buffer_constinit(&buf, "example.", strlen("example."));
+ isc_buffer_add(&buf, strlen("example."));
+ CHECK(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL),
+ "dns_name_fromtext(\"example.\")");
+
+ CHECK(dst_key_buildinternal(name, DNS_KEYALG_RSASHA1,
+ bits, DNS_KEYOWNER_ZONE,
+ DNS_KEYPROTO_DNSSEC, dns_rdataclass_in,
+ pkey, mctx, &key),
+ "dst_key_buildinternal(...)");
+
+ CHECK(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL),
+ "dst_key_tofile()");
+ isc_buffer_init(&buf, filename, sizeof(filename) - 1);
+ isc_buffer_clear(&buf);
+ CHECK(dst_key_buildfilename(key, 0, NULL, &buf),
+ "dst_key_buildfilename()");
+ printf("%s\n", filename);
+ dst_key_free(&key);
+
+ isc_log_destroy(&log_);
+ isc_log_setcontext(NULL);
+ dns_log_setcontext(NULL);
+ if (source != NULL)
+ isc_entropy_destroysource(&source);
+ isc_entropy_detach(&ectx);
+ dst_lib_destroy();
+ dns_name_destroy();
+ isc_mem_destroy(&mctx);
+ return (0);
+}
+#endif
+
+#else /* OPENSSL || PKCS11CRYPTO */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <isc/util.h>
+
+int
+main(int argc, char **argv) {
+ UNUSED(argc);
+ UNUSED(argv);
+ fprintf(stderr, "Compiled without Crypto\n");
+ exit(1);
+}
+
+#endif /* OPENSSL || PKCS11CRYPTO */
+/*! \file */
diff --git a/bin/tests/system/rsabigexponent/clean.sh b/bin/tests/system/rsabigexponent/clean.sh
new file mode 100644
index 0000000..bba0f11
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/clean.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+rm -f K* */K* */dsset-*. */*.signed */trusted.conf */tmp*
+rm -f ns*/dsset-example
+rm -f ns*/named.run
+rm -f ns*/named.memstats
+rm -f ns1/root.db
+rm -f ns2/signer.err
+rm -f dig.out.*
+rm -f ns*/named.lock
+rm -f ns*/named.conf
diff --git a/bin/tests/system/rsabigexponent/conf/bad01.conf b/bin/tests/system/rsabigexponent/conf/bad01.conf
new file mode 100644
index 0000000..1c56cc3
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/conf/bad01.conf
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ max-rsa-exponent-size 1;
+};
diff --git a/bin/tests/system/rsabigexponent/conf/bad02.conf b/bin/tests/system/rsabigexponent/conf/bad02.conf
new file mode 100644
index 0000000..671199d
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/conf/bad02.conf
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ max-rsa-exponent-size 34;
+};
diff --git a/bin/tests/system/rsabigexponent/conf/bad03.conf b/bin/tests/system/rsabigexponent/conf/bad03.conf
new file mode 100644
index 0000000..d7edae6
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/conf/bad03.conf
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ max-rsa-exponent-size 4097;
+};
diff --git a/bin/tests/system/rsabigexponent/conf/good01.conf b/bin/tests/system/rsabigexponent/conf/good01.conf
new file mode 100644
index 0000000..bfa7a45
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/conf/good01.conf
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ max-rsa-exponent-size 0;
+};
diff --git a/bin/tests/system/rsabigexponent/conf/good02.conf b/bin/tests/system/rsabigexponent/conf/good02.conf
new file mode 100644
index 0000000..d87fb7f
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/conf/good02.conf
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ max-rsa-exponent-size 35;
+};
diff --git a/bin/tests/system/rsabigexponent/conf/good03.conf b/bin/tests/system/rsabigexponent/conf/good03.conf
new file mode 100644
index 0000000..0a70e29
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/conf/good03.conf
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ max-rsa-exponent-size 4096;
+};
diff --git a/bin/tests/system/rsabigexponent/ns1/named.conf.in b/bin/tests/system/rsabigexponent/ns1/named.conf.in
new file mode 100644
index 0000000..a43c02b
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/ns1/named.conf.in
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS1
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable yes;
+ dnssec-validation yes;
+};
+
+zone "." {
+ type master;
+ file "root.db.signed";
+};
+
+include "trusted.conf";
diff --git a/bin/tests/system/rsabigexponent/ns1/root.db.in b/bin/tests/system/rsabigexponent/ns1/root.db.in
new file mode 100644
index 0000000..d205fc8
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/ns1/root.db.in
@@ -0,0 +1,22 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2012050600 ; serial
+ 3600 ; refresh
+ 1200 ; retry
+ 604800 ; expire
+ 60 ; minimum
+ )
+@ NS a.root-servers.nil.
+a.root-servers.nil. A 10.53.0.1
+;
+example. NS ns2.example.
+ns2.example. A 10.53.0.2
diff --git a/bin/tests/system/rsabigexponent/ns1/sign.sh b/bin/tests/system/rsabigexponent/ns1/sign.sh
new file mode 100755
index 0000000..8570855
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/ns1/sign.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+zone=.
+infile=root.db.in
+zonefile=root.db
+
+cp ../ns2/dsset-example.in dsset-example$TP
+
+keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
+
+cat $infile $keyname.key > $zonefile
+
+$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
+
+# Configure the resolving server with a trusted key.
+keyfile_to_trusted_keys $keyname > trusted.conf
+cp trusted.conf ../ns2/trusted.conf
+cp trusted.conf ../ns3/trusted.conf
+
+cd ../ns2 && $SHELL -e ./sign.sh
diff --git a/bin/tests/system/rsabigexponent/ns2/Xexample.+005+05896.key b/bin/tests/system/rsabigexponent/ns2/Xexample.+005+05896.key
new file mode 100644
index 0000000..1030c21
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/ns2/Xexample.+005+05896.key
@@ -0,0 +1,2 @@
+; This is a key-signing key, keyid 5896, for example.
+example. IN DNSKEY 257 3 5 AwEAAaLNbgMfH/XUwZC9DBVG4OpYVUVyCyZEBqhk3k6WziIAY+2f7MN3 L9CoZR9GqfqM+/c6g8gfkIaZZ2YP/YUUaN73xH/nxtHYkrP5Rqe/dw7q ONnsVwvf3HJ8HvURG3wjaOrPoe207+HpNTNhe/sT2usKhokSU8yKB0DK lnrKQvp9vScsIB/RsIxOXWmYgOMkSXtpI3lQ07l1i2Tv6UnecD9s8ruk fl/gPbRBketLYACrqpb2j/1f7ciQv+rz1GnN9ma8XK1Yw8173/hrVL1S /ZqTGczwdeA3AVyiHThOZ15EPhSuL7jaJusHOi43Aa8ZfCMCeimT73F5 epktGomAxFU=
diff --git a/bin/tests/system/rsabigexponent/ns2/Xexample.+005+05896.private b/bin/tests/system/rsabigexponent/ns2/Xexample.+005+05896.private
new file mode 100644
index 0000000..dbac306
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/ns2/Xexample.+005+05896.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.3
+Algorithm: 5 (RSASHA1)
+Modulus: os1uAx8f9dTBkL0MFUbg6lhVRXILJkQGqGTeTpbOIgBj7Z/sw3cv0KhlH0ap+oz79zqDyB+QhplnZg/9hRRo3vfEf+fG0diSs/lGp793Duo42exXC9/ccnwe9REbfCNo6s+h7bTv4ek1M2F7+xPa6wqGiRJTzIoHQMqWespC+n29JywgH9GwjE5daZiA4yRJe2kjeVDTuXWLZO/pSd5wP2zyu6R+X+A9tEGR60tgAKuqlvaP/V/tyJC/6vPUac32ZrxcrVjDzXvf+GtUvVL9mpMZzPB14DcBXKIdOE5nXkQ+FK4vuNom6wc6LjcBrxl8IwJ6KZPvcXl6mS0aiYDEVQ==
+PublicExponent: AQAB
+PrivateExponent: K9juX1LbtccmlwgDoBtl6lf+J2UO0bCSpnn8UehV/lxijZZ8Gy0XqLgh/Cl5EG02U6Dj61ts/oOEkL2Px272y86pktVm/A+7e1ORDw8HTvIQe8kmrKEPa5o4cEK6R1X2JP/lGfOYhBzeYkdIMBhp5tH/6B0Sis1GJNIrc0jUf0g+JvOH/j1SpLoKoDpHUwOWnAt92AZsYhyJgeDXgw+xTBcOVvRfmh3Zmoi6x58lmQsU3loloqQ2V2V3xw1qEhTwBtFiguqeUV/FZl+RerT+lld7v2KkuxchyxlCCavgq6bZSUpn3TxcmnK6pj42oTy11hG9PHvIS8VNpGLr0p6mpQ==
+Prime1: 2KZlb2BXJHEJJv2iuJoddNuDlDStG77cA7FR84Dsarbc5rHj1BjwOPDec235LQOzNAAVMTh3B8/8kcAkx/U0F2FPfgAS/ZK2dOBKcJFU4bmUQDsLMXJn67Pf7d1HeDYfVPSFp1Ib/G91dXuo11+nRZJRfKUW19aFYXybSLVmifM=
+Prime2: wF9HHnv17f1L3VLBJ+qndiPcp/l24fVk5xWrbZlivK+WFrZkHFbmN+WRIkjKbe1mBf4z2fMp1JZKt8wViJVG9Bkk2wSCQA74MrejPFlD9AEMC/TrV7F/l89DryG9YeLAk6td38opGiAmRHzSdrjstUF+iv7IAW+fghPQ3O4ogpc=
+Exponent1: Nmtlo1phyUeTcvXW/+PGbmoNXRb2PLfucAcEfNPvjsasKk6Y2dgBz2vBlOEU7Be31eIHcLusOowl9z56fre7A/xviUjffE50AluslyYKWkDRWmj6YMtKC0y9fPROVYXSzPY29FaNrRUaPg531NG0JKeiTFrzp/e8vUYdg1/9h70=
+Exponent2: r5+MNwlmaQJBG2psivuQLKvqy7NU1E8K8mj3G1TYLniCpnOXC8RN4yQDDvCzVg5QgRIk1kpHmxwmVIvN8OaPY1P9MLJ6Eu9Xqj26meLIxd+a1uOfY2zZloeTPDSqR84Sj/338tIGGiLVrNrj7Z1ABO4pD84wXBdC4SckHD6U3zs=
+Coefficient: c1jE021ke1G/1+C/mqhVtXF9/+ivfw9Ae6na3PofQREs3wiBJH7kpbLmTqc1ovXrHA3BbD1CfWUBhrFK/n5MvsU59VGmz5mD+HGsHC1eoaS4JCG5EWFUP8MStiv+JJGyfuK8MUGsEXQorfQmzGXhe5N2S+4dEYDfksSVd9Wg9d0=
diff --git a/bin/tests/system/rsabigexponent/ns2/Xexample.+005+51829.key b/bin/tests/system/rsabigexponent/ns2/Xexample.+005+51829.key
new file mode 100644
index 0000000..5343267
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/ns2/Xexample.+005+51829.key
@@ -0,0 +1,2 @@
+; This is a zone-signing key, keyid 51829, for example.
+example. IN DNSKEY 256 3 5 BwEAAAAAAAGfDKVFak/2o446xOsi39QnfZmRidaRyg3LaCxDBM6kVqCH QKI3a2lEf4FWVSbp+dYjGavsqWJ/Z7poMRy9JJol2bMLhtsZhESK5EYR aR/2dLw5H10SR+wb/qRVVYovWlk67sql7XYc3x5cjc4XaMVziBBrQMiW qkQS2oGQLwKCLw==
diff --git a/bin/tests/system/rsabigexponent/ns2/Xexample.+005+51829.private b/bin/tests/system/rsabigexponent/ns2/Xexample.+005+51829.private
new file mode 100644
index 0000000..35acd10
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/ns2/Xexample.+005+51829.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.3
+Algorithm: 5 (RSASHA1)
+Modulus: nwylRWpP9qOOOsTrIt/UJ32ZkYnWkcoNy2gsQwTOpFagh0CiN2tpRH+BVlUm6fnWIxmr7Klif2e6aDEcvSSaJdmzC4bbGYREiuRGEWkf9nS8OR9dEkfsG/6kVVWKL1pZOu7Kpe12HN8eXI3OF2jFc4gQa0DIlqpEEtqBkC8Cgi8=
+PublicExponent: AQAAAAAAAQ==
+PrivateExponent: Aidz1Ah0WnUxdjZQ5J2bkXXOvP7ZhxtrmNvaQkQpEOjc5EW0mh+8f6rmp19CZHVwjk1nRfTgSnPk/y+xsyfroBRf5RH+6bjvB3mk+uSor6+xibdTy+HlEyd5YPdGzHmqFUe7pcL25kO0QSqdEVjvBP9SCgscDBhrTHURYsPxudE=
+Prime1: 0nuP62sq8a1OyjGqmsqhf6XrpwRXSKYVjdJEdRzogi/fnU/AWDZdc2W8JOC1nxdbfVC68b8G+Vc+5GOsuUw56Q==
+Prime2: wXG1f8INIsNLGtEhAuqw320onFrqBEgs+EkEZeUxHP5hUkchoUSnqTZrfRUA+UuOD2sI0NtA3OYCXaihgWu0Vw==
+Exponent1: QooxjUxTEcn9N5ehnpK0VD3gKwoW3C2NIv/2GeKVpL+ZcsD6iMzmHou/WVOAt0oz+RdWDLxpEzakwUhslPN6+Q==
+Exponent2: PP9JlJFaGEs3ckmvj53NXKz0fkbjtIOJvWwnkT7WrVpTgaUISjuSxLOfUDrrFC9JGAIAmoWDrI76QrTanbLiyw==
+Coefficient: u4jEvCVMxzmDBCjw8MLuTZtuBqs0ScAT7NkceBrjhdpCV1DtzVGJgbwI2GEHqEcSlcVAQCM92vPz76lL4Q94zw==
diff --git a/bin/tests/system/rsabigexponent/ns2/dsset-example.in b/bin/tests/system/rsabigexponent/ns2/dsset-example.in
new file mode 100644
index 0000000..06bc89a
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/ns2/dsset-example.in
@@ -0,0 +1,2 @@
+example. IN DS 5896 5 1 07766192DA7BDE32F6DC719B9F5A3476686F8758
+example. IN DS 5896 5 2 CFBFD9C06EA15B0A984566573A18ACEC234FDC9C09103C0C53E75989 088A8FB4
diff --git a/bin/tests/system/rsabigexponent/ns2/example.db.bad b/bin/tests/system/rsabigexponent/ns2/example.db.bad
new file mode 100644
index 0000000..1d0d4b5
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/ns2/example.db.bad
@@ -0,0 +1,110 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+example. 300 IN SOA mname1. . (
+ 2012050601 ; serial
+ 3600 ; refresh (1 hour)
+ 600 ; retry (10 minutes)
+ 604800 ; expire (1 week)
+ 3600 ; minimum (1 hour)
+ )
+ 300 RRSIG SOA 5 1 300 (
+ 20361231235959 20000101000000 51829 example.
+ HW8O/KHJEObWSYtQD14+3MRtD6rasy/AeIAo
+ 1HmtELxeUoMvVcQzm7z1RoeV6S7+r/SrUjAz
+ PwtlE4TpyTEj9sfTr4mJhU0DwrNW6dN6qHCw
+ vB3nuURVOKzU8V26PdFcjJB+/HnJT2LyLUqr
+ KAzHwU1tAXkgx0FOwfyOs2rxooo= )
+ 300 NS ns2.example.
+ 300 RRSIG NS 5 1 300 (
+ 20361231235959 20000101000000 51829 example.
+ EO8/KzfhppvhD2b0hGCdEN8/WTNexK6zkC1Z
+ oW3vu0cFVvac+wrV9Vox90lHI0jTce/R+bvT
+ T9RbpZiZcBKLVyBuHIdFPOdc3ogHMPwaPNkD
+ pvVvLfV6auHCvINiVw+jWinBpTjqoROH/yTC
+ 03BQ41vewKsz3fYZ03XUr2xga5Q= )
+ 3600 NSEC a.example. NS SOA RRSIG NSEC DNSKEY
+ 3600 RRSIG NSEC 5 1 3600 (
+ 20361231235959 20000101000000 51829 example.
+ FiUyrwO7MV9Lhg6yu0XN/hLZPOiDg/NqIIUc
+ HfA9Yix90Z9G/yzn8NBC92Yp5EPiI4HiE24T
+ t1p4YwHe6n/IJA4KZUIpCxEY5xhQL/mVMeuj
+ dlFA2LaiDwbOh//42zdocaeGPrcV+u6OmXoU
+ xkQIuWeJ1QCaD5FXJdN6zELZsnw= )
+ 300 DNSKEY 256 3 5 (
+ BwEAAAAAAAGfDKVFak/2o446xOsi39QnfZmR
+ idaRyg3LaCxDBM6kVqCHQKI3a2lEf4FWVSbp
+ +dYjGavsqWJ/Z7poMRy9JJol2bMLhtsZhESK
+ 5EYRaR/2dLw5H10SR+wb/qRVVYovWlk67sql
+ 7XYc3x5cjc4XaMVziBBrQMiWqkQS2oGQLwKC
+ Lw==
+ ) ; ZSK; alg = RSASHA1; key id = 51829
+ 300 DNSKEY 257 3 5 (
+ AwEAAaLNbgMfH/XUwZC9DBVG4OpYVUVyCyZE
+ Bqhk3k6WziIAY+2f7MN3L9CoZR9GqfqM+/c6
+ g8gfkIaZZ2YP/YUUaN73xH/nxtHYkrP5Rqe/
+ dw7qONnsVwvf3HJ8HvURG3wjaOrPoe207+Hp
+ NTNhe/sT2usKhokSU8yKB0DKlnrKQvp9vScs
+ IB/RsIxOXWmYgOMkSXtpI3lQ07l1i2Tv6Une
+ cD9s8rukfl/gPbRBketLYACrqpb2j/1f7ciQ
+ v+rz1GnN9ma8XK1Yw8173/hrVL1S/ZqTGczw
+ deA3AVyiHThOZ15EPhSuL7jaJusHOi43Aa8Z
+ fCMCeimT73F5epktGomAxFU=
+ ) ; KSK; alg = RSASHA1; key id = 5896
+ 300 RRSIG DNSKEY 5 1 300 (
+ 20361231235959 20000101000000 5896 example.
+ b07impYEH+uW8iPCVE0QXqYSs6Yyu7Nb8q1f
+ rXv+NgE5wbsIvdo4PDdSfScP41WgVKdLPipH
+ gaTyk4CKAuGSvIBMzlc3yib03zdvzBDgn3Yi
+ lONpl2yH47vhvn5iXYcVV4kbuYE9+SFVoVO8
+ m6xvihm1D17m8emivnG6DuJSpJJM09v0toSd
+ 3yGI3bgUtki85ehOPU0ZkvA20InVgP5kKUgw
+ /M4vP4VkcwenNO7koMZOorI02KFOH3vvZSI4
+ hzuwJVaQZ35IBBVmSSMAD+0LTBk6sMPSpcmP
+ Pff75NLhU+4+UflWie6mzWIvm3ovcG3fveq0
+ W4G3TCriTIKSjY3Jqg== )
+ 300 RRSIG DNSKEY 5 1 300 (
+ 20361231235959 20000101000000 51829 example.
+ a7WU2WcHEpDfM5NBUzN7t4WXEwldn1EM/HkH
+ XEo9NnZhFV16414qbuwWMlUsc5MTii+T4OFZ
+ p2+XHj9M8glM1d98o+EDSYT7LdrrE7AqdtSO
+ gcXdeY6WRI9R5wkLP3cP6kADp5WIOcQ78IPb
+ pRJ4jhxqMPFV3cqCWH/Lp8JPghY= )
+a.example. 300 IN A 10.0.0.1
+ 300 RRSIG A 5 2 300 (
+ 20361231235959 20000101000000 51829 example.
+ h4WyY0hUkZobUbt2xWC4lJLEbGvzxGczH/mN
+ WHZBpgg+1tuoTAdVbt6a2TfQcJV/iPQGAHte
+ Vu/U6tD8KzP08krlqrcefwvR5LDAQygWRdjt
+ Rx105w9F0GiL6kpDH6S9T8xCw3aF5Rl1lu/u
+ 8eiUzDIMIBTijhXmM96Nde18RdA= )
+ 3600 NSEC ns2.example. A RRSIG NSEC
+ 3600 RRSIG NSEC 5 2 3600 (
+ 20361231235959 20000101000000 51829 example.
+ LbzeWbk9r119I95TVCebEPfnCCk9zBRq4nAR
+ swliQVQ84bCjwVJfakvlD4mgilSPtypxpyXC
+ DQaiOQWOz9LFzro5u71VuSS5fY7U4elp/lq6
+ 5BJB6o/dmk5xASAHHbOO6e5dcoQ5vRxcnJaE
+ 0vE1jGppo2FiQzkVi7Zbrghoolg= )
+ns2.example. 300 IN A 10.53.0.2
+ 300 RRSIG A 5 2 300 (
+ 20361231235959 20000101000000 51829 example.
+ Jfp3xzrym5GksbZ+a2rjOXzV/Ct+eX2DCo8a
+ lSbriEhuK9OR3WUnXoDqp1X/d7adNL2lI9c+
+ B3UVL+EOCyvNxt9kECcN8KgQdXKExZEQUwnN
+ UB51QESM9pW6akavhXJu98sjnhtpdTwrtKbg
+ nMJkfYe5Mw3e/8RFY+wpEq/8cHw= )
+ 3600 NSEC example. A RRSIG NSEC
+ 3600 RRSIG NSEC 5 2 3600 (
+ 20361231235959 20000101000000 51829 example.
+ Wxkz4nY5rty6O90QhFZguyqbaz9njnJKUs7m
+ qYF9u7dDk8vUf3yS97fw3e0N13X5zGZa7hTr
+ +65U4NKEOqYDBbvWaXSVFxrzVfSVXqY6l4jX
+ kWjA6q4q5TTgcjOUJ0MfvcjtgxcaKUiPGmPJ
+ RWdOV7t9YMWnf7QAbPI55QN9sfY= )
diff --git a/bin/tests/system/rsabigexponent/ns2/example.db.in b/bin/tests/system/rsabigexponent/ns2/example.db.in
new file mode 100644
index 0000000..3a958b5
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/ns2/example.db.in
@@ -0,0 +1,21 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2012050601 ; serial
+ 3600 ; refresh
+ 600 ; retry
+ 604800 ; expire
+ 3600 ; minimum
+ )
+ NS ns2
+ns2 A 10.53.0.2
+
+a A 10.0.0.1
diff --git a/bin/tests/system/rsabigexponent/ns2/named.conf.in b/bin/tests/system/rsabigexponent/ns2/named.conf.in
new file mode 100644
index 0000000..2e8eb7a
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/ns2/named.conf.in
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS2
+
+options {
+ query-source address 10.53.0.2;
+ notify-source 10.53.0.2;
+ transfer-source 10.53.0.2;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.2; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify yes;
+ dnssec-enable yes;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+zone "example" {
+ type master;
+ file "example.db.bad";
+};
+
+include "trusted.conf";
diff --git a/bin/tests/system/rsabigexponent/ns2/sign.sh b/bin/tests/system/rsabigexponent/ns2/sign.sh
new file mode 100755
index 0000000..da479b2
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/ns2/sign.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+zone=example.
+infile=example.db.in
+outfile=example.db.bad
+
+for i in Xexample.+005+51829.key Xexample.+005+51829.private \
+ Xexample.+005+05896.key Xexample.+005+05896.private
+do
+ cp $i `echo $i | sed s/X/K/`
+done
+
+$SIGNER -r $RANDFILE -g -s 20000101000000 -e 20361231235959 -o $zone \
+ $infile Kexample.+005+51829 Kexample.+005+51829 \
+ > /dev/null 2> signer.err
diff --git a/bin/tests/system/rsabigexponent/ns3/named.conf.in b/bin/tests/system/rsabigexponent/ns3/named.conf.in
new file mode 100644
index 0000000..99d2a0d
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/ns3/named.conf.in
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS3
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion yes;
+ notify yes;
+ dnssec-enable yes;
+ dnssec-validation yes;
+ max-rsa-exponent-size 35;
+};
+
+zone "." {
+ type hint;
+ file "../../common/root.hint";
+};
+
+include "trusted.conf";
diff --git a/bin/tests/system/rsabigexponent/prereq.sh b/bin/tests/system/rsabigexponent/prereq.sh
new file mode 100644
index 0000000..e27f193
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/prereq.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
+
+if $BIGKEY > /dev/null 2>&1
+then
+ rm -f Kexample.*
+else
+ echo_i "This test requires cryptography" >&2
+ echo_i "configure with --with-openssl, or --with-pkcs11 and --enable-native-pkcs11" >&2
+ exit 255
+fi
diff --git a/bin/tests/system/rsabigexponent/setup.sh b/bin/tests/system/rsabigexponent/setup.sh
new file mode 100644
index 0000000..ad46921
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/setup.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+$SHELL clean.sh
+
+test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
+
+copy_setports ns1/named.conf.in ns1/named.conf
+copy_setports ns2/named.conf.in ns2/named.conf
+copy_setports ns3/named.conf.in ns3/named.conf
+
+cd ns1 && $SHELL -e sign.sh
diff --git a/bin/tests/system/rsabigexponent/tests.sh b/bin/tests/system/rsabigexponent/tests.sh
new file mode 100644
index 0000000..b530528
--- /dev/null
+++ b/bin/tests/system/rsabigexponent/tests.sh
@@ -0,0 +1,55 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+
+rm -f dig.out.*
+
+DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
+
+for f in conf/good*.conf
+do
+ echo_i "checking '$f'"
+ ret=0
+ $CHECKCONF $f > /dev/null || ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=`expr $status + $ret`
+done
+
+for f in conf/bad*.conf
+do
+ echo_i "checking '$f'"
+ ret=0
+ $CHECKCONF $f > /dev/null && ret=1
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=`expr $status + $ret`
+done
+
+echo_i "checking that RSA big exponent keys can't be loaded"
+ret=0
+grep "out of range" ns2/signer.err > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking that RSA big exponent signature can't validate"
+ret=0
+$DIG $DIGOPTS a.example @10.53.0.2 > dig.out.ns2 || ret=1
+$DIG $DIGOPTS a.example @10.53.0.3 > dig.out.ns3 || ret=1
+grep "status: NOERROR" dig.out.ns2 > /dev/null || ret=1
+grep "status: SERVFAIL" dig.out.ns3 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "exit status: $status"
+[ $status -eq 0 ] || exit 1