upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-15 22:09:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib
History
Aydın Mercan 8d093a6b66 disable deterministic ecdsa for fips builds 
FIPS 186-5 [1] allows the usage deterministic ECDSA (Section 6.3) which
is compabile with RFC 6979 [2] but OpenSSL seems to follow FIPS 186-4
(Section 6.3) [3] which only allows for random k values, failing
k value generation for OpenSSL >=3.2. [4]

Fix signing by not using deterministic ECDSA when FIPS mode is active.

[1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf
[2]: https://datatracker.ietf.org/doc/html/rfc6979
[3]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
[4]: 85f17585b0/crypto/ec/ecdsa_ossl.c (L201-L207)
2024-12-09 10:33:01 +00:00
..
dns disable deterministic ecdsa for fips builds 2024-12-09 10:33:01 +00:00
isc Update picohttpparser.{c,h} with upstream repository 2024-12-08 11:14:37 +00:00
isccc Remove redundant parentheses from the return statement 2024-11-19 12:27:22 +01:00
isccfg Implement 'max-query-count' 2024-12-05 14:01:57 +01:00
ns Revert "Attach dnssecsignstats, rcvquerystats, and requeststats" 2024-12-06 19:46:39 +01:00
.gitignore The isc/platform.h header has been completely removed 2021-07-06 05:33:48 +00:00
Makefile.am Move irs_resconf into libdns and remove libirs 2023-02-24 09:38:59 +00:00