Bug 1020446

Summary: Enable GOST (ECC based) algorithms for DNS resolving
Product: [Fedora] Fedora Reporter: Paul Wouters <pwouters>
Component: unboundAssignee: Paul Wouters <pwouters>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: jorti, lemenkov, ppisar, pwouters, thozza, vonsch
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-26 20:54:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1019390    
Bug Blocks:    

Description Paul Wouters 2013-10-17 16:58:56 UTC
Due to legal reasons, unbound was not allowed to be compiled with ghost support. It is compiled using --disable-gost

Some parts of ECC are now being allowed into fedora, but it is unclear whether GOST is an allowed ECC algorithm.

unbound itself provides not ECC - it depends on openssl to provode this.

See also bug#1019390

Comment 1 Jaroslav Reznik 2015-03-03 15:08:57 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22

Comment 2 Tomáš Hozza 2015-04-08 13:01:52 UTC
(In reply to Paul Wouters from comment #0)
> Due to legal reasons, unbound was not allowed to be compiled with ghost
> support. It is compiled using --disable-gost
> 
> Some parts of ECC are now being allowed into fedora, but it is unclear
> whether GOST is an allowed ECC algorithm.

Please note that ldns is compiled with GOST.

Comment 3 Paul Wouters 2015-04-27 17:51:37 UTC
I've rebuild ldns to enable ecdsa but disable gost.

note that ldns doesn't itself do GOST crypto, it uses openssl for that which never has contained gost code (I hope)