Ubuntu
unbound package

libunbound-dev package on Ubuntu 20 does not validate ed25519/ed448

Asked by Matthew Zipkin

See https://github.com/NLnetLabs/unbound/issues/542

Ubuntu 20 ("focal") comes with OpenSSL version 1.1.1 and has available libunbound-dev version 1.9.4

OpenSSL version 1.1.1 provides support for ed25519 and ed448

However, I am an unable to validate these DNSSEC algorithms with this configuration.

Unbound should support those algorithms if it is built on a system where OpenSSL supports those algortihms: (unbound release notes) (related issue).

This makes me wonder if the Ubuntu package maintainer either accidentally or for-some-reason on purpose disabled those algorithms in the libunbound-dev package available for that version of Ubuntu?

I contribute to a nodejs package that binds to libunbound-dev and I noticed this issue testing on Ubuntu 20 both locally and on Github Actions where 20 is the latest Ubuntu version available.

I was able to fix our CI tests by installing libunbound from source as part of the CI action and now our ed25519 and ed448 tests pass.

Links:

https://packages.ubuntu.com/search?keywords=openssl&searchon=names&suite=focal&section=all

https://packages.ubuntu.com/search?keywords=libunbound&searchon=names&suite=focal&section=all

http://manpages.ubuntu.com/manpages/focal/en/man7/Ed448.7ssl.html

https://www.nlnetlabs.nl/news/2018/May/03/unbound-1.7.1-released/

https://github.com/NLnetLabs/unbound/issues/271

https://github.com/chjj/unbound

https://github.com/chjj/bns/pull/32/commits/bfa401650ca51c35c30d6e1df8d228ad05ccb875

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu unbound Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

There is no "Ubuntu 20".
The release named focal is Ubuntu 20.04, not to be confused with Ubuntu 20.10 (groovy).
see https://wiki.ubuntu.com/Releases and https://ubuntu.com/about/release-cycle

Revision history for this message
Bernard Stafford (bernard010) said (last edit ): 		#2

Would this be any help.
https://launchpad.net/ubuntu/focal/amd64/openssl/1.1.1f-1ubuntu2.8
https://launchpad.net/ubuntu/focal/amd64/openssl/1.1.1f-1ubuntu2.8
https://launchpad.net/ubuntu/focal/+package/openssl
This is a slightly different version of openssl
https://packages.ubuntu.com/focal/libengine-gost-openssl1.1

Revision history for this message
cierra hill (cieraahill) said (last edit ): 		#3

 Ubuntu is a Debian-based operating system that uses the GNU General Public License version 2 or later, the GPL.

Ubuntu 20's libunbound-dev package has not been validated because it must be linked against the version of liblutil.so.2 that is shipped by default with Ubuntu 9 to 10, or else compilation will fail because an undefined symbol will not be found. A 'dlopen' call for the library function, ldconfig() will attempt to locate this library dependency at standard paths and then use dlsym(3) if necessary to obtain its address during last resort loading without success again. I think this help you.

Can you help with this problem?

Provide an answer of your own, or ask Matthew Zipkin for more information if necessary.

To post a message you must log in.