]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5503d9a) | patch
Check that we can verify a signature at initialisation time
authorMark Andrews <marka@isc.org>
Tue, 22 Mar 2022 05:16:57 +0000 (16:16 +1100)
committerMark Andrews <marka@isc.org>
Mon, 25 Jul 2022 15:37:49 +0000 (11:37 -0400)
commita1452c32ab6a8e51f2cb809df55d51e2bd70f056
treea1f4fd2dcad3f5c557d3da84f99a48de71a136f6tree | snapshot
parent5503d9aa6806001c7181aabb2df34dc80cfcf789commit | diff
Check that we can verify a signature at initialisation time

Fedora 33 doesn't support RSASHA1 in future mode.  There is no easy
check for this other than by attempting to perform a verification
using known good signatures.  We don't attempt to sign with RSASHA1
as that would not work in FIPS mode.  RSASHA1 is verify only.

The test vectors were generated using OpenSSL 3.0 and
util/gen-rsa-sha-vectors.c.  Rerunning will generate a new set of
test vectors as the private key is not preserved.

e.g.
cc util/gen-rsa-sha-vectors.c -I /opt/local/include \
-L /opt/local/lib -lcrypto

(cherry picked from commit cd3f00874f63a50954cebb78edac8f580a27c0de)
lib/dns/opensslrsa_link.c diff | blob | blame | history
util/gen-rsa-sha-vectors.c [new file with mode: 0644] blob
Mirror of https://gitlab.isc.org/isc-projects/bind9.git