]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 33acff2) | patch
Check that we can verify a signature at initialisation time
authorMark Andrews <marka@isc.org>
Tue, 22 Mar 2022 05:16:57 +0000 (16:16 +1100)
committerMark Andrews <marka@isc.org>
Mon, 25 Jul 2022 14:32:13 +0000 (10:32 -0400)
commitedfbe5c30f374db4e52d0ef262f980a10caba4c2
tree7a5c54ce0b58d5316edf7458d6bf9f6ae49d1428tree | snapshot
parent33acff2c672c87f61a4e20f4dd1aef475e01f756commit | diff
Check that we can verify a signature at initialisation time

Fedora 33 doesn't support RSASHA1 in future mode.  There is no easy
check for this other than by attempting to perform a verification
using known good signatures.  We don't attempt to sign with RSASHA1
as that would not work in FIPS mode.  RSASHA1 is verify only.

The test vectors were generated using OpenSSL 3.0 and
util/gen-rsa-sha-vectors.c.  Rerunning will generate a new set of
test vectors as the private key is not preserved.

e.g.
cc util/gen-rsa-sha-vectors.c -I /opt/local/include \
-L /opt/local/lib -lcrypto
lib/dns/opensslrsa_link.c diff | blob | blame | history
util/gen-rsa-sha-vectors.c [new file with mode: 0644] blob
Mirror of https://gitlab.isc.org/isc-projects/bind9.git