mir/bind - bind - Mike's Git repositories

mir/bind

Fork 0

mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-28 13:08:06 +00:00

Commit Graph

Author	SHA1	Message	Date
Mark Andrews	936b73cb57	Free evp_md_ctx and pkey at exit	2023-09-01 12:01:20 +10:00
Mark Andrews	8529be30bb	Clear OpenSSL errors on EVP_MD_CTX_create failures	2023-09-01 12:01:19 +10:00
Mark Andrews	edfbe5c30f	Check that we can verify a signature at initialisation time Fedora 33 doesn't support RSASHA1 in future mode. There is no easy check for this other than by attempting to perform a verification using known good signatures. We don't attempt to sign with RSASHA1 as that would not work in FIPS mode. RSASHA1 is verify only. The test vectors were generated using OpenSSL 3.0 and util/gen-rsa-sha-vectors.c. Rerunning will generate a new set of test vectors as the private key is not preserved. e.g. cc util/gen-rsa-sha-vectors.c -I /opt/local/include \ -L /opt/local/lib -lcrypto	2022-07-25 10:32:13 -04:00

Author

SHA1

Message

Date

Mark Andrews

936b73cb57

Free evp_md_ctx and pkey at exit

2023-09-01 12:01:20 +10:00

Mark Andrews

8529be30bb

Clear OpenSSL errors on EVP_MD_CTX_create failures

2023-09-01 12:01:19 +10:00

Mark Andrews

edfbe5c30f

Check that we can verify a signature at initialisation time

Fedora 33 doesn't support RSASHA1 in future mode.  There is no easy
check for this other than by attempting to perform a verification
using known good signatures.  We don't attempt to sign with RSASHA1
as that would not work in FIPS mode.  RSASHA1 is verify only.

The test vectors were generated using OpenSSL 3.0 and
util/gen-rsa-sha-vectors.c.  Rerunning will generate a new set of
test vectors as the private key is not preserved.

e.g.
	cc util/gen-rsa-sha-vectors.c -I /opt/local/include \
		-L /opt/local/lib -lcrypto

2022-07-25 10:32:13 -04:00

3 Commits