Bug 1679766

Summary: system test dnssec: Bind algorithm ED448 is broken
Product: Red Hat Enterprise Linux 8 Reporter: Petr Menšík <pemensik>
Component: bindAssignee: Petr Menšík <pemensik>
Status: CLOSED ERRATA QA Contact: qe-baseos-daemons
Severity: low Docs Contact:
Priority: unspecified    
Version: 8.0CC: psklenar, rhack
Target Milestone: rcKeywords: Reproducer, TestCaseProvided, Upstream
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: bind-9.11.12-3.el8 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 16:52:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1680920, 1704328    
Bug Blocks: 1743192, 1755139    

Description Petr Menšík 2019-02-21 19:57:19 UTC 
Description of problem:
Upstream system test dnssec is failing on RHEL-8.0.0. 

Version-Release number of selected component (if applicable):
bind-9.11.4-1.P2.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. key1=$(dnssec-keygen -a ED448 testkey)
2. dnssec-settime -P now+3d $key1
3.

Actual results:
dnssec-settime: fatal: Invalid keyfile Ktestkey.+016+13511: failure

Expected results:
Similar to -a ED25519:
./Ktestkey.+015+15805.key
./Ktestkey.+015+15805.private

Additional info:
Known issue upstream [1]. ED448 implementation is broken and not interoperable. They disabled it for now, we should too.

Test in bin/tests/system/dnssec is failing because of this issue.

1. https://gitlab.isc.org/isc-projects/bind9/issues/225
Comment 3 Petr Menšík 2019-08-19 11:46:29 UTC 
ED448 is fixed on upstream release, there is no need to disable it once it is fixed. Rebase to fixed version would fix the issue better than disabled.
Comment 7 Petr Menšík 2019-11-18 13:00:01 UTC 
Fixed by upstream rebase
Comment 11 errata-xmlrpc 2020-04-28 16:52:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:1845