upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-14 14:42:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/tests
History
Aydın Mercan 8d093a6b66 disable deterministic ecdsa for fips builds 
FIPS 186-5 [1] allows the usage deterministic ECDSA (Section 6.3) which
is compabile with RFC 6979 [2] but OpenSSL seems to follow FIPS 186-4
(Section 6.3) [3] which only allows for random k values, failing
k value generation for OpenSSL >=3.2. [4]

Fix signing by not using deterministic ECDSA when FIPS mode is active.

[1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf
[2]: https://datatracker.ietf.org/doc/html/rfc6979
[3]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
[4]: 85f17585b0/crypto/ec/ecdsa_ossl.c (L201-L207)
2024-12-09 10:33:01 +00:00
..
bench Remove redundant parentheses from the return statement 2024-11-19 12:27:22 +01:00
dns disable deterministic ecdsa for fips builds 2024-12-09 10:33:01 +00:00
include/tests Extend ISC_TEST_MAIN for debugging 2024-08-22 09:54:39 +10:00
irs Remove redundant parentheses from the return statement 2024-11-19 12:27:22 +01:00
isc Fix alpine build by removing LargestIntegralType in time_test 2024-11-22 08:52:03 +01:00
isccfg Add a none parameter to query-source[-v6] 2024-11-26 08:45:50 +01:00
libtest Improve the badcache cleaning by adding LRU and using RCU 2024-11-27 17:44:53 +01:00
ns Improve the badcache cleaning by adding LRU and using RCU 2024-11-27 17:44:53 +01:00
.gitignore Move all the unit tests to /tests/<libname>/ 2022-05-28 14:53:02 -07:00
Makefile.am Build libtest even if CMOCKA is not available 2023-03-29 02:29:18 +00:00
unit-test-driver.sh.in Reformat shell scripts with shfmt 2023-10-26 10:23:50 +02:00