EdDSA support does not work with the final version of OpenSSL 1.1.1 (#579) · Issues · ISC Open Source Projects / BIND

EdDSA support does not work with the final version of OpenSSL 1.1.1

The eddsa system test consistently fails on any platform with OpenSSL 1.1.1 installed:

S:eddsa:Thu Oct  4 11:24:57 CEST 2018
T:eddsa:1:A
A:eddsa:System test eddsa
I:eddsa:PORTRANGE:5300 - 5399
dnssec-signzone: warning: EVP_DigestSignInit failed (failure)
dnssec-signzone: fatal: dnskey './ED25519/30149' failed to sign data: failure
dnssec-signzone: warning: EVP_DigestSignInit failed (failure)
dnssec-signzone: fatal: dnskey 'example.com/ED25519/3613' failed to sign data: failure
I:checking that positive validation works (0)
I:failed
I:checking that test vectors match (1)
grep: ns2/example.com.db.signed: No such file or directory
grep: ns2/example.com.db.signed: No such file or directory
grep: ns2/example.com.db.signed: No such file or directory
grep: ns2/example.com.db.signed: No such file or directory
I:failed
I:exit status: 2
R:eddsa:FAIL
E:eddsa:Thu Oct  4 11:24:59 CEST 2018

Since this includes current Debian sid, the eddsa system test should first be disabled so that CI pipelines can pass and then BIND's EdDSA code should be fixed to work with the final version of OpenSSL 1.1.1.

The `eddsa` system test consistently fails on any platform with OpenSSL 1.1.1 installed:

```
S:eddsa:Thu Oct  4 11:24:57 CEST 2018
T:eddsa:1:A
A:eddsa:System test eddsa
I:eddsa:PORTRANGE:5300 - 5399
dnssec-signzone: warning: EVP_DigestSignInit failed (failure)
dnssec-signzone: fatal: dnskey './ED25519/30149' failed to sign data: failure
dnssec-signzone: warning: EVP_DigestSignInit failed (failure)
dnssec-signzone: fatal: dnskey 'example.com/ED25519/3613' failed to sign data: failure
I:checking that positive validation works (0)
I:failed
I:checking that test vectors match (1)
grep: ns2/example.com.db.signed: No such file or directory
grep: ns2/example.com.db.signed: No such file or directory
grep: ns2/example.com.db.signed: No such file or directory
grep: ns2/example.com.db.signed: No such file or directory
I:failed
I:exit status: 2
R:eddsa:FAIL
E:eddsa:Thu Oct  4 11:24:59 CEST 2018
```

Since this [includes current Debian sid][1], the `eddsa` system test should first be disabled so that CI pipelines can pass and then BIND's EdDSA code should be fixed to work with the final version of OpenSSL 1.1.1.

[1]: https://gitlab.isc.org/isc-projects/bind9/-/jobs/63060

To upload designs, you'll need to enable LFS. More information