search

PowerDNS / pdns

PowerDNS Authoritative, PowerDNS Recursor, dnsdist
https://www.powerdns.com/
GNU General Public License v2.0
3.69k stars 906 forks source link

listing available algorithms is a mess #8278

Open stbuehler opened 5 years ago

stbuehler commented 5 years ago

OpenSSLEDDSADNSCryptoKeyEngine::getBits() returns d_len, which stores the length of the key in bytes.

Also pdnsutil doesn't list ed448, although it actually works.

Using pdns 4.2.0-1 from debian sid:

$ /usr/sbin/pdns_server --version
[date] PowerDNS Authoritative Server 4.2.0 (C) 2001-2019 PowerDNS.COM BV
[date] Using 64-bits mode. Built using gcc 9.2.1 20190827.
[date] PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it according to the terms of the GPL version 2.
[date] Features: libcrypto-ecdsa libcrypto-ed25519 libcrypto-ed448 libcrypto-eddsa libgeoip libmaxminddb lua lua-records sodium 
[date] Built-in modules: 
[date] Configured with: " '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--sysconfdir=/etc/powerdns' '--with-dynmodules=bind ldap lmdb pipe gmysql godbc gpgsql gsqlite3 geoip lua mydns remote random tinydns' '--with-modules=' '--enable-ixfrdist' '--enable-tools' '--without-protobuf' '--enable-unit-tests' '--enable-reproducible' '--disable-silent-rules' '--enable-systemd' '--with-systemd=/lib/systemd/system' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/pdns-A1fRnG/pdns-4.2.0=. -fstack-protector-strong -Wformat -Werror=format-security' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/pdns-A1fRnG/pdns-4.2.0=. -fstack-protector-strong -Wformat -Werror=format-security -DPACKAGEVERSION='\''"4.2.0-1.Debian"'\'''"
Habbie commented 5 years ago

Also pdnsutil doesn't list ed448, although it actually works.

Subtitled:

09:58Z <Habbie> pdnsutil help text lists ed448 if we have decaf
09:58Z <Habbie> but not for libcrypto-ed448
Habbie commented 5 years ago

Also pdnsutil doesn't list ed448, although it actually works.

8425 corrects that, but I'd like to replace all those ifdefs with a simpler by-number algo availability check at some point.