Files
bind9/bin/tests/system/rsabigexponent
Ondřej Surý 2bf7921c7e Update the copyright information in all files in the repository
This commit converts the license handling to adhere to the REUSE
specification.  It specifically:

1. Adds used licnses to LICENSES/ directory

2. Add "isc" template for adding the copyright boilerplate

3. Changes all source files to include copyright and SPDX license
   header, this includes all the C sources, documentation, zone files,
   configuration files.  There are notes in the doc/dev/copyrights file
   on how to add correct headers to the new files.

4. Handle the rest that can't be modified via .reuse/dep5 file.  The
   binary (or otherwise unmodifiable) files could have license places
   next to them in <foo>.license file, but this would lead to cluttered
   repository and most of the files handled in the .reuse/dep5 file are
   system test files.

(cherry picked from commit 58bd26b6cf)
2022-01-11 12:22:09 +01:00
..

Copyright (C) Internet Systems Consortium, Inc. ("ISC")

SPDX-License-Identifier: MPL-2.0

This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, you can obtain one at https://mozilla.org/MPL/2.0/.

See the COPYRIGHT file distributed with this work for additional information regarding copyright ownership.

The rsabigexponent test is used to check max-rsa-exponent-size.

We only run this test on builds without PKCS#11, as we have control over the RSA exponent size with plain OpenSSL. We have not explored how to do this with PKCS#11, which would require generating such a key and then signing a zone with it. Additionally, even with control of the exponent size with PKCS#11, generating a DNSKEY with this property and signing such a zone would be slow and undesirable for each test run; instead, we use a pregenerated DNSKEY and a saved signed zone. These are located in rsabigexponent/ns2 and currently use RSASHA1 for the DNSKEY algorithm; however, that may need to be changed in the future.

To generate the DNSKEY used in this test, we used bigkey.c, as dnssec-keygen is not capable of generating such keys.

Do not remove bigkey.c as it may be needed to generate a new DNSKEY for testing purposes.

bigkey is used to both test that we are not running under PKCS#11 and generate a DNSKEY key with a large RSA exponent.