mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 22:57:08 +00:00
Merge branch 'InfrastructureServices-fips-mode-algo-ed25519'
This commit is contained in:
commit
bcf7a8aed2
@ -222,6 +222,10 @@
|
||||
/* Define to 1 if you have the `EVP_cleanup' function. */
|
||||
#undef HAVE_EVP_CLEANUP
|
||||
|
||||
/* Define to 1 if you have the `EVP_default_properties_is_fips_enabled'
|
||||
function. */
|
||||
#undef HAVE_EVP_DEFAULT_PROPERTIES_IS_FIPS_ENABLED
|
||||
|
||||
/* Define to 1 if you have the `EVP_DigestVerify' function. */
|
||||
#undef HAVE_EVP_DIGESTVERIFY
|
||||
|
||||
|
2
configure
vendored
2
configure
vendored
@ -18546,7 +18546,7 @@ fi
|
||||
|
||||
done
|
||||
|
||||
for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex
|
||||
for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex
|
||||
do :
|
||||
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
|
||||
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
|
||||
|
@ -907,7 +907,7 @@ else
|
||||
AC_MSG_RESULT([no])
|
||||
fi
|
||||
AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h openssl/core_names.h openssl/param_build.h],,, [AC_INCLUDES_DEFAULT])
|
||||
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex])
|
||||
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_default_properties_is_fips_enabled EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ENGINE_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback EVP_MAC_CTX_set_params OSSL_PARAM_BLD_new BIO_set_callback_ex])
|
||||
|
||||
# these check_funcs need -lssl
|
||||
BAKLIBS="$LIBS"
|
||||
|
@ -215,6 +215,10 @@ ds_digest_size_supported(int algo)
|
||||
switch(algo) {
|
||||
case LDNS_SHA1:
|
||||
#if defined(HAVE_EVP_SHA1) && defined(USE_SHA1)
|
||||
#ifdef HAVE_EVP_DEFAULT_PROPERTIES_IS_FIPS_ENABLED
|
||||
if (EVP_default_properties_is_fips_enabled(NULL))
|
||||
return 0;
|
||||
#endif
|
||||
return SHA_DIGEST_LENGTH;
|
||||
#else
|
||||
if(fake_sha1) return 20;
|
||||
@ -325,7 +329,11 @@ dnskey_algo_id_is_supported(int id)
|
||||
case LDNS_RSASHA1:
|
||||
case LDNS_RSASHA1_NSEC3:
|
||||
#ifdef USE_SHA1
|
||||
#ifdef HAVE_EVP_DEFAULT_PROPERTIES_IS_FIPS_ENABLED
|
||||
return !EVP_default_properties_is_fips_enabled(NULL);
|
||||
#else
|
||||
return 1;
|
||||
#endif
|
||||
#else
|
||||
if(fake_sha1) return 1;
|
||||
return 0;
|
||||
@ -341,15 +349,22 @@ dnskey_algo_id_is_supported(int id)
|
||||
case LDNS_ECDSAP256SHA256:
|
||||
case LDNS_ECDSAP384SHA384:
|
||||
#endif
|
||||
#if (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) || defined(USE_ECDSA)
|
||||
return 1;
|
||||
#endif
|
||||
#ifdef USE_ED25519
|
||||
case LDNS_ED25519:
|
||||
#endif
|
||||
#ifdef USE_ED448
|
||||
case LDNS_ED448:
|
||||
#endif
|
||||
#if (defined(HAVE_EVP_SHA256) && defined(USE_SHA2)) || (defined(HAVE_EVP_SHA512) && defined(USE_SHA2)) || defined(USE_ECDSA) || defined(USE_ED25519) || defined(USE_ED448)
|
||||
#if defined(USE_ED25519) || defined(USE_ED448)
|
||||
#ifdef HAVE_EVP_DEFAULT_PROPERTIES_IS_FIPS_ENABLED
|
||||
return !EVP_default_properties_is_fips_enabled(NULL);
|
||||
#else
|
||||
return 1;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef USE_GOST
|
||||
case LDNS_ECC_GOST:
|
||||
|
Loading…
Reference in New Issue
Block a user