From e2fc8e037ea6bb5de92b25ec9c12a624737ac5ca Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 8 Apr 2024 18:41:29 +0200
Subject: Merging upstream version 1:9.18.24.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 bin/tests/system/enginepkcs11/prereq.sh |   2 +-
 bin/tests/system/enginepkcs11/setup.sh  | 163 +++++++++++-----------
 bin/tests/system/enginepkcs11/tests.sh  | 233 ++++++++++++++++----------------
 3 files changed, 196 insertions(+), 202 deletions(-)

(limited to 'bin/tests/system/enginepkcs11')

diff --git a/bin/tests/system/enginepkcs11/prereq.sh b/bin/tests/system/enginepkcs11/prereq.sh
index 296452b..5372924 100644
--- a/bin/tests/system/enginepkcs11/prereq.sh
+++ b/bin/tests/system/enginepkcs11/prereq.sh
@@ -14,7 +14,7 @@
 . ../conf.sh
 
 if [ -n "${SOFTHSM2_MODULE}" ] && command -v softhsm2-util >/dev/null; then
-	exit 0
+  exit 0
 fi
 
 echo_i "skip: softhsm2-util not available"
diff --git a/bin/tests/system/enginepkcs11/setup.sh b/bin/tests/system/enginepkcs11/setup.sh
index 49988ad..7cae90d 100644
--- a/bin/tests/system/enginepkcs11/setup.sh
+++ b/bin/tests/system/enginepkcs11/setup.sh
@@ -18,102 +18,99 @@ set -e
 
 softhsm2-util --init-token --free --pin 1234 --so-pin 1234 --label "softhsm2-enginepkcs11" | awk '/^The token has been initialized and is reassigned to slot/ { print $NF }'
 
-printf '%s' "${HSMPIN:-1234}" > pin
+printf '%s' "${HSMPIN:-1234}" >pin
 PWD=$(pwd)
 
 copy_setports ns1/named.conf.in ns1/named.conf
 
 keygen() {
-	type="$1"
-	bits="$2"
-	zone="$3"
-	id="$4"
-
-	label="${id}-${zone}"
-	p11id=$(echo "${label}" | openssl sha1 -r | awk '{print $1}')
-	pkcs11-tool --module $SOFTHSM2_MODULE --token-label "softhsm2-enginepkcs11" -l -k --key-type $type:$bits --label "${label}" --id "${p11id}" --pin $(cat $PWD/pin) > pkcs11-tool.out.$zone.$id 2> pkcs11-tool.err.$zone.$id || return 1
+  type="$1"
+  bits="$2"
+  zone="$3"
+  id="$4"
+
+  label="${id}-${zone}"
+  p11id=$(echo "${label}" | openssl sha1 -r | awk '{print $1}')
+  pkcs11-tool --module $SOFTHSM2_MODULE --token-label "softhsm2-enginepkcs11" -l -k --key-type $type:$bits --label "${label}" --id "${p11id}" --pin $(cat $PWD/pin) >pkcs11-tool.out.$zone.$id 2>pkcs11-tool.err.$zone.$id || return 1
 }
 
 keyfromlabel() {
-        alg="$1"
-        zone="$2"
-        id="$3"
-	dir="$4"
-        shift 4
-
-	$KEYFRLAB -K $dir -E pkcs11 -a $alg -l "token=softhsm2-enginepkcs11;object=${id}-${zone};pin-source=$PWD/pin" "$@" $zone >> keyfromlabel.out.$zone.$id 2> keyfromlabel.err.$zone.$id || return 1
-	cat keyfromlabel.out.$zone.$id
+  alg="$1"
+  zone="$2"
+  id="$3"
+  dir="$4"
+  shift 4
+
+  $KEYFRLAB -K $dir -E pkcs11 -a $alg -l "token=softhsm2-enginepkcs11;object=${id}-${zone};pin-source=$PWD/pin" "$@" $zone >>keyfromlabel.out.$zone.$id 2>keyfromlabel.err.$zone.$id || return 1
+  cat keyfromlabel.out.$zone.$id
 }
 
-
 # Setup ns1.
 dir="ns1"
 infile="${dir}/template.db.in"
 for algtypebits in rsasha256:rsa:2048 rsasha512:rsa:2048 \
-		   ecdsap256sha256:EC:prime256v1 ecdsap384sha384:EC:prime384v1
-		   # Edwards curves are not yet supported by OpenSC
-		   # ed25519:EC:edwards25519 ed448:EC:edwards448
-do
-	alg=$(echo "$algtypebits" | cut -f 1 -d :)
-	type=$(echo "$algtypebits" | cut -f 2 -d :)
-	bits=$(echo "$algtypebits" | cut -f 3 -d :)
-
-	if $SHELL ../testcrypto.sh $alg; then
-		zone="$alg.example"
-		zonefile="zone.$alg.example.db"
-		ret=0
-
-		echo_i "Generate keys $alg $type:$bits for zone $zone"
-		keygen $type $bits $zone enginepkcs11-zsk || ret=1
-		keygen $type $bits $zone enginepkcs11-ksk || ret=1
-		test "$ret" -eq 0 || exit 1
-
-		echo_i "Get ZSK $alg $zone $type:$bits"
-		zsk1=$(keyfromlabel $alg $zone enginepkcs11-zsk $dir)
-		test -z "$zsk1" && exit 1
-
-		echo_i "Get KSK $alg $zone $type:$bits"
-		ksk1=$(keyfromlabel $alg $zone enginepkcs11-ksk $dir -f KSK)
-		test -z "$ksk1" && exit 1
-
-		(
-			cd $dir
-			zskid1=$(keyfile_to_key_id $zsk1)
-			kskid1=$(keyfile_to_key_id $ksk1)
-			echo "$zskid1" > $zone.zskid1
-			echo "$kskid1" > $zone.kskid1
-		)
-
-		echo_i "Sign zone with $ksk1 $zsk1"
-		cat "$infile" "${dir}/${ksk1}.key" "${dir}/${zsk1}.key" > "${dir}/${zonefile}"
-		$SIGNER -K $dir -E pkcs11 -S -a -g -O full -o "$zone" "${dir}/${zonefile}" > signer.out.$zone || ret=1
-		test "$ret" -eq 0 || exit 1
-
-		echo_i "Generate successor keys $alg $type:$bits for zone $zone"
-		keygen $type $bits $zone enginepkcs11-zsk2 || ret=1
-		keygen $type $bits $zone enginepkcs11-ksk2 || ret=1
-		test "$ret" -eq 0 || exit 1
-
-		echo_i "Get ZSK $alg $id-$zone $type:$bits"
-		zsk2=$(keyfromlabel $alg $zone enginepkcs11-zsk2 $dir)
-		test -z "$zsk2" && exit 1
-
-		echo_i "Get KSK $alg $id-$zone $type:$bits"
-		ksk2=$(keyfromlabel $alg $zone enginepkcs11-ksk2 $dir -f KSK)
-		test -z "$ksk2" && exit 1
-
-		(
-			cd $dir
-			zskid2=$(keyfile_to_key_id $zsk2)
-			kskid2=$(keyfile_to_key_id $ksk2)
-			echo "$zskid2" > $zone.zskid2
-			echo "$kskid2" > $zone.kskid2
-			cp "${zsk2}.key" "${zsk2}.zsk2"
-			cp "${ksk2}.key" "${ksk2}.ksk2"
-		)
-
-		echo_i "Add zone $zone to named.conf"
-		cat >> "${dir}/named.conf" <<EOF
+  ecdsap256sha256:EC:prime256v1 ecdsap384sha384:EC:prime384v1; do # Edwards curves are not yet supported by OpenSC
+  # ed25519:EC:edwards25519 ed448:EC:edwards448
+  alg=$(echo "$algtypebits" | cut -f 1 -d :)
+  type=$(echo "$algtypebits" | cut -f 2 -d :)
+  bits=$(echo "$algtypebits" | cut -f 3 -d :)
+
+  if $SHELL ../testcrypto.sh $alg; then
+    zone="$alg.example"
+    zonefile="zone.$alg.example.db"
+    ret=0
+
+    echo_i "Generate keys $alg $type:$bits for zone $zone"
+    keygen $type $bits $zone enginepkcs11-zsk || ret=1
+    keygen $type $bits $zone enginepkcs11-ksk || ret=1
+    test "$ret" -eq 0 || exit 1
+
+    echo_i "Get ZSK $alg $zone $type:$bits"
+    zsk1=$(keyfromlabel $alg $zone enginepkcs11-zsk $dir)
+    test -z "$zsk1" && exit 1
+
+    echo_i "Get KSK $alg $zone $type:$bits"
+    ksk1=$(keyfromlabel $alg $zone enginepkcs11-ksk $dir -f KSK)
+    test -z "$ksk1" && exit 1
+
+    (
+      cd $dir
+      zskid1=$(keyfile_to_key_id $zsk1)
+      kskid1=$(keyfile_to_key_id $ksk1)
+      echo "$zskid1" >$zone.zskid1
+      echo "$kskid1" >$zone.kskid1
+    )
+
+    echo_i "Sign zone with $ksk1 $zsk1"
+    cat "$infile" "${dir}/${ksk1}.key" "${dir}/${zsk1}.key" >"${dir}/${zonefile}"
+    $SIGNER -K $dir -E pkcs11 -S -a -g -O full -o "$zone" "${dir}/${zonefile}" >signer.out.$zone || ret=1
+    test "$ret" -eq 0 || exit 1
+
+    echo_i "Generate successor keys $alg $type:$bits for zone $zone"
+    keygen $type $bits $zone enginepkcs11-zsk2 || ret=1
+    keygen $type $bits $zone enginepkcs11-ksk2 || ret=1
+    test "$ret" -eq 0 || exit 1
+
+    echo_i "Get ZSK $alg $id-$zone $type:$bits"
+    zsk2=$(keyfromlabel $alg $zone enginepkcs11-zsk2 $dir)
+    test -z "$zsk2" && exit 1
+
+    echo_i "Get KSK $alg $id-$zone $type:$bits"
+    ksk2=$(keyfromlabel $alg $zone enginepkcs11-ksk2 $dir -f KSK)
+    test -z "$ksk2" && exit 1
+
+    (
+      cd $dir
+      zskid2=$(keyfile_to_key_id $zsk2)
+      kskid2=$(keyfile_to_key_id $ksk2)
+      echo "$zskid2" >$zone.zskid2
+      echo "$kskid2" >$zone.kskid2
+      cp "${zsk2}.key" "${zsk2}.zsk2"
+      cp "${ksk2}.key" "${ksk2}.ksk2"
+    )
+
+    echo_i "Add zone $zone to named.conf"
+    cat >>"${dir}/named.conf" <<EOF
 zone "$zone" {
 	type primary;
 	file "${zonefile}.signed";
@@ -121,5 +118,5 @@ zone "$zone" {
 };
 
 EOF
-        fi
+  fi
 done
diff --git a/bin/tests/system/enginepkcs11/tests.sh b/bin/tests/system/enginepkcs11/tests.sh
index f8f0317..b518c79 100644
--- a/bin/tests/system/enginepkcs11/tests.sh
+++ b/bin/tests/system/enginepkcs11/tests.sh
@@ -23,65 +23,62 @@ ret=0
 n=0
 
 dig_with_opts() (
-	$DIG +tcp +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@"
+  $DIG +tcp +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@"
 )
 
 # Perform tests inside ns1 dir
 cd ns1
 
 for algtypebits in rsasha256:rsa:2048 rsasha512:rsa:2048 \
-		   ecdsap256sha256:EC:prime256v1 ecdsap384sha384:EC:prime384v1
-		   # Edwards curves are not yet supported by OpenSC
-		   # ed25519:EC:edwards25519 ed448:EC:edwards448
-do
-	alg=$(echo "$algtypebits" | cut -f 1 -d :)
-	type=$(echo "$algtypebits" | cut -f 2 -d :)
-	bits=$(echo "$algtypebits" | cut -f 3 -d :)
-	zone="${alg}.example"
-	zonefile="zone.${zone}.db.signed"
-
-        if [ ! -f $zonefile ]; then
-		echo_i "skipping test for ${alg}:${type}:${bits}, no signed zone file ${zonefile}"
-		continue
-	fi
-
-	# Basic checks if setup was successful.
-	n=$((n+1))
-	ret=0
-	echo_i "Test key generation was successful for $zone ($n)"
-	count=$(ls K*.key | grep "K${zone}" | wc -l)
-	test "$count" -eq 4 || ret=1
-	test "$ret" -eq 0 || echo_i "failed (expected 4 keys, got $count)"
-	status=$((status+ret))
-
-	n=$((n+1))
-	ret=0
-	echo_i "Test zone signing was successful for $zone ($n)"
-	$VERIFY -z -o $zone "${zonefile}" > verify.out.$zone.$n 2>&1 || ret=1
-	test "$ret" -eq 0 || echo_i "failed (dnssec-verify failed)"
-	status=$((status+ret))
-
-	# Test inline signing with keys stored in engine.
-	zskid1=$(cat "${zone}.zskid1")
-	zskid2=$(cat "${zone}.zskid2")
-
-	n=$((n+1))
-	ret=0
-	echo_i "Test inline signing for $zone ($n)"
-	dig_with_opts "$zone" @10.53.0.1 SOA > dig.out.soa.$zone.$n || ret=1
-	awk '$4 == "RRSIG" { print $11 }' dig.out.soa.$zone.$n > dig.out.keyids.$zone.$n || return 1
-	numsigs=$(cat dig.out.keyids.$zone.$n | wc -l)
-	test $numsigs -eq 1 || return 1
-	grep -w "$zskid1" dig.out.keyids.$zone.$n > /dev/null || return 1
-	test "$ret" -eq 0 || echo_i "failed (SOA RRset not signed with key $zskid1)"
-	status=$((status+ret))
-
-
-	n=$((n+1))
-	ret=0
-	echo_i "Dynamically update $zone, add new zsk ($n)"
-	zsk2=$(grep -v ';' K${zone}.*.zsk2)
-	cat > "update.cmd.zsk.$zone.$n" <<EOF
+  ecdsap256sha256:EC:prime256v1 ecdsap384sha384:EC:prime384v1; do # Edwards curves are not yet supported by OpenSC
+  # ed25519:EC:edwards25519 ed448:EC:edwards448
+  alg=$(echo "$algtypebits" | cut -f 1 -d :)
+  type=$(echo "$algtypebits" | cut -f 2 -d :)
+  bits=$(echo "$algtypebits" | cut -f 3 -d :)
+  zone="${alg}.example"
+  zonefile="zone.${zone}.db.signed"
+
+  if [ ! -f $zonefile ]; then
+    echo_i "skipping test for ${alg}:${type}:${bits}, no signed zone file ${zonefile}"
+    continue
+  fi
+
+  # Basic checks if setup was successful.
+  n=$((n + 1))
+  ret=0
+  echo_i "Test key generation was successful for $zone ($n)"
+  count=$(ls K*.key | grep "K${zone}" | wc -l)
+  test "$count" -eq 4 || ret=1
+  test "$ret" -eq 0 || echo_i "failed (expected 4 keys, got $count)"
+  status=$((status + ret))
+
+  n=$((n + 1))
+  ret=0
+  echo_i "Test zone signing was successful for $zone ($n)"
+  $VERIFY -z -o $zone "${zonefile}" >verify.out.$zone.$n 2>&1 || ret=1
+  test "$ret" -eq 0 || echo_i "failed (dnssec-verify failed)"
+  status=$((status + ret))
+
+  # Test inline signing with keys stored in engine.
+  zskid1=$(cat "${zone}.zskid1")
+  zskid2=$(cat "${zone}.zskid2")
+
+  n=$((n + 1))
+  ret=0
+  echo_i "Test inline signing for $zone ($n)"
+  dig_with_opts "$zone" @10.53.0.1 SOA >dig.out.soa.$zone.$n || ret=1
+  awk '$4 == "RRSIG" { print $11 }' dig.out.soa.$zone.$n >dig.out.keyids.$zone.$n || return 1
+  numsigs=$(cat dig.out.keyids.$zone.$n | wc -l)
+  test $numsigs -eq 1 || return 1
+  grep -w "$zskid1" dig.out.keyids.$zone.$n >/dev/null || return 1
+  test "$ret" -eq 0 || echo_i "failed (SOA RRset not signed with key $zskid1)"
+  status=$((status + ret))
+
+  n=$((n + 1))
+  ret=0
+  echo_i "Dynamically update $zone, add new zsk ($n)"
+  zsk2=$(grep -v ';' K${zone}.*.zsk2)
+  cat >"update.cmd.zsk.$zone.$n" <<EOF
 server 10.53.0.1 $PORT
 ttl 300
 zone $zone
@@ -89,47 +86,47 @@ update add $zsk2
 send
 EOF
 
-	$NSUPDATE -v > "update.log.zsk.$zone.$n" < "update.cmd.zsk.$zone.$n" || ret=1
-	test "$ret" -eq 0 || echo_i "failed (update failed)"
-	status=$((status+ret))
-
-	n=$((n+1))
-	ret=0
-	echo_i "Test DNSKEY response for $zone after inline signing ($n)"
-	_dig_dnskey() (
-		dig_with_opts "$zone" @10.53.0.1 DNSKEY > dig.out.dnskey.$zone.$n || return 1
-		count=$(awk 'BEGIN { count = 0 } $4 == "DNSKEY" { count++ } END {print count}' dig.out.dnskey.$zone.$n)
-		test $count -eq 3
-	)
-	retry_quiet 10 _dig_dnskey || ret=1
-	test "$ret" -eq 0 || echo_i "failed (expected 3 DNSKEY records)"
-	status=$((status+ret))
-
-	n=$((n+1))
-	ret=0
-	echo_i "Test SOA response for $zone after inline signing ($n)"
-	_dig_soa() (
-		dig_with_opts "$zone" @10.53.0.1 SOA > dig.out.soa.$zone.$n || return 1
-		awk '$4 == "RRSIG" { print $11 }' dig.out.soa.$zone.$n > dig.out.keyids.$zone.$n || return 1
-		numsigs=$(cat dig.out.keyids.$zone.$n | wc -l)
-		test $numsigs -eq 2 || return 1
-		grep -w "$zskid1" dig.out.keyids.$zone.$n > /dev/null || return 1
-		grep -w "$zskid2" dig.out.keyids.$zone.$n > /dev/null || return 1
-		return 0
-	)
-	retry_quiet 10 _dig_soa || ret=1
-	test "$ret" -eq 0 || echo_i "failed (expected 2 SOA RRSIG records)"
-	status=$((status+ret))
-
-	# Test inline signing with keys stored in engine (key signing).
-	kskid1=$(cat "${zone}.kskid1")
-	kskid2=$(cat "${zone}.kskid2")
-
-	n=$((n+1))
-	ret=0
-	echo_i "Dynamically update $zone, add new ksk ($n)"
-	ksk2=$(grep -v ';' K${zone}.*.ksk2)
-	cat > "update.cmd.ksk.$zone.$n" <<EOF
+  $NSUPDATE -v >"update.log.zsk.$zone.$n" <"update.cmd.zsk.$zone.$n" || ret=1
+  test "$ret" -eq 0 || echo_i "failed (update failed)"
+  status=$((status + ret))
+
+  n=$((n + 1))
+  ret=0
+  echo_i "Test DNSKEY response for $zone after inline signing ($n)"
+  _dig_dnskey() (
+    dig_with_opts "$zone" @10.53.0.1 DNSKEY >dig.out.dnskey.$zone.$n || return 1
+    count=$(awk 'BEGIN { count = 0 } $4 == "DNSKEY" { count++ } END {print count}' dig.out.dnskey.$zone.$n)
+    test $count -eq 3
+  )
+  retry_quiet 10 _dig_dnskey || ret=1
+  test "$ret" -eq 0 || echo_i "failed (expected 3 DNSKEY records)"
+  status=$((status + ret))
+
+  n=$((n + 1))
+  ret=0
+  echo_i "Test SOA response for $zone after inline signing ($n)"
+  _dig_soa() (
+    dig_with_opts "$zone" @10.53.0.1 SOA >dig.out.soa.$zone.$n || return 1
+    awk '$4 == "RRSIG" { print $11 }' dig.out.soa.$zone.$n >dig.out.keyids.$zone.$n || return 1
+    numsigs=$(cat dig.out.keyids.$zone.$n | wc -l)
+    test $numsigs -eq 2 || return 1
+    grep -w "$zskid1" dig.out.keyids.$zone.$n >/dev/null || return 1
+    grep -w "$zskid2" dig.out.keyids.$zone.$n >/dev/null || return 1
+    return 0
+  )
+  retry_quiet 10 _dig_soa || ret=1
+  test "$ret" -eq 0 || echo_i "failed (expected 2 SOA RRSIG records)"
+  status=$((status + ret))
+
+  # Test inline signing with keys stored in engine (key signing).
+  kskid1=$(cat "${zone}.kskid1")
+  kskid2=$(cat "${zone}.kskid2")
+
+  n=$((n + 1))
+  ret=0
+  echo_i "Dynamically update $zone, add new ksk ($n)"
+  ksk2=$(grep -v ';' K${zone}.*.ksk2)
+  cat >"update.cmd.ksk.$zone.$n" <<EOF
 server 10.53.0.1 $PORT
 ttl 300
 zone $zone
@@ -137,40 +134,40 @@ update add $ksk2
 send
 EOF
 
-	$NSUPDATE -v > "update.log.ksk.$zone.$n" < "update.cmd.ksk.$zone.$n" || ret=1
-	test "$ret" -eq 0 || echo_i "failed (update failed)"
-	status=$((status+ret))
-
-	n=$((n+1))
-	ret=0
-	echo_i "Test DNSKEY response for $zone after inline signing (key signing) ($n)"
-	_dig_dnskey_ksk() (
-		dig_with_opts "$zone" @10.53.0.1 DNSKEY > dig.out.dnskey.$zone.$n || return 1
-		count=$(awk 'BEGIN { count = 0 } $4 == "DNSKEY" { count++ } END {print count}' dig.out.dnskey.$zone.$n)
-		test $count -eq 4 || return 1
-		awk '$4 == "RRSIG" { print $11 }' dig.out.dnskey.$zone.$n > dig.out.keyids.$zone.$n || return 1
-		numsigs=$(cat dig.out.keyids.$zone.$n | wc -l)
-		test $numsigs -eq 2 || return 1
-		grep -w "$kskid1" dig.out.keyids.$zone.$n > /dev/null || return 1
-		grep -w "$kskid2" dig.out.keyids.$zone.$n > /dev/null || return 1
-		return 0
-	)
-	retry_quiet 10 _dig_dnskey_ksk || ret=1
-	test "$ret" -eq 0 || echo_i "failed (expected 4 DNSKEY records, 2 KSK signatures)"
-	status=$((status+ret))
+  $NSUPDATE -v >"update.log.ksk.$zone.$n" <"update.cmd.ksk.$zone.$n" || ret=1
+  test "$ret" -eq 0 || echo_i "failed (update failed)"
+  status=$((status + ret))
+
+  n=$((n + 1))
+  ret=0
+  echo_i "Test DNSKEY response for $zone after inline signing (key signing) ($n)"
+  _dig_dnskey_ksk() (
+    dig_with_opts "$zone" @10.53.0.1 DNSKEY >dig.out.dnskey.$zone.$n || return 1
+    count=$(awk 'BEGIN { count = 0 } $4 == "DNSKEY" { count++ } END {print count}' dig.out.dnskey.$zone.$n)
+    test $count -eq 4 || return 1
+    awk '$4 == "RRSIG" { print $11 }' dig.out.dnskey.$zone.$n >dig.out.keyids.$zone.$n || return 1
+    numsigs=$(cat dig.out.keyids.$zone.$n | wc -l)
+    test $numsigs -eq 2 || return 1
+    grep -w "$kskid1" dig.out.keyids.$zone.$n >/dev/null || return 1
+    grep -w "$kskid2" dig.out.keyids.$zone.$n >/dev/null || return 1
+    return 0
+  )
+  retry_quiet 10 _dig_dnskey_ksk || ret=1
+  test "$ret" -eq 0 || echo_i "failed (expected 4 DNSKEY records, 2 KSK signatures)"
+  status=$((status + ret))
 
 done
 
 # Go back to main test dir.
 cd ..
 
-n=$((n+1))
+n=$((n + 1))
 ret=0
 echo_i "Checking for assertion failure in pk11_numbits()"
 $PERL ../packet.pl -a "10.53.0.1" -p "$PORT" -t udp 2037-pk11_numbits-crash-test.pkt
-dig_with_opts @10.53.0.1 version.bind. CH TXT > dig.out.pk11_numbits || ret=1
+dig_with_opts @10.53.0.1 version.bind. CH TXT >dig.out.pk11_numbits || ret=1
 test "$ret" -eq 0 || echo_i "failed"
-status=$((status+ret))
+status=$((status + ret))
 
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
-- 
cgit v1.2.3