parent
1b89e61546
commit
01dd585828
@ -1,4 +1,4 @@
|
||||
From b8485528f5098e3360560d5b85c9ffc592619c55 Mon Sep 17 00:00:00 2001
|
||||
From eff6dcb62f3cea6df0a848c2220a49bc02cb4a0e Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
||||
Date: Thu, 2 Aug 2018 23:34:45 +0200
|
||||
Subject: [PATCH] FIPS code changes
|
||||
@ -241,7 +241,7 @@ index 5ca3d76..6b7790a 100644
|
||||
port = DEFAULT_PORT;
|
||||
|
||||
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
|
||||
index 2063a3b..8e856c5 100644
|
||||
index 706299e..aaf22e7 100644
|
||||
--- a/bin/dig/dig.c
|
||||
+++ b/bin/dig/dig.c
|
||||
@@ -20,6 +20,7 @@
|
||||
@ -252,7 +252,7 @@ index 2063a3b..8e856c5 100644
|
||||
#include <isc/netaddr.h>
|
||||
#include <isc/parseint.h>
|
||||
#include <isc/platform.h>
|
||||
@@ -1767,10 +1768,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
|
||||
@@ -1774,10 +1775,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
|
||||
ptr = ptr2;
|
||||
ptr2 = ptr3;
|
||||
} else {
|
||||
@ -267,7 +267,7 @@ index 2063a3b..8e856c5 100644
|
||||
digestbits = 0;
|
||||
}
|
||||
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
|
||||
index e75b8b7..9234d35 100644
|
||||
index 93e5b40..afd2700 100644
|
||||
--- a/bin/dig/dighost.c
|
||||
+++ b/bin/dig/dighost.c
|
||||
@@ -80,6 +80,7 @@
|
||||
@ -339,7 +339,7 @@ index 1476d0d..f5c9316 100644
|
||||
alg = DST_ALG_HMACMD5;
|
||||
#else
|
||||
diff --git a/bin/named/config.c b/bin/named/config.c
|
||||
index 7584efb..a153172 100644
|
||||
index 32c454a..dff826b 100644
|
||||
--- a/bin/named/config.c
|
||||
+++ b/bin/named/config.c
|
||||
@@ -18,6 +18,7 @@
|
||||
@ -350,7 +350,7 @@ index 7584efb..a153172 100644
|
||||
#include <isc/mem.h>
|
||||
#include <isc/parseint.h>
|
||||
#include <isc/region.h>
|
||||
@@ -969,6 +970,21 @@ ns_config_getkeyalgorithm(const char *str, dns_name_t **name,
|
||||
@@ -974,6 +975,21 @@ ns_config_getkeyalgorithm(const char *str, dns_name_t **name,
|
||||
return (ns_config_getkeyalgorithm2(str, name, NULL, digestbits));
|
||||
}
|
||||
|
||||
@ -372,7 +372,7 @@ index 7584efb..a153172 100644
|
||||
isc_result_t
|
||||
ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
|
||||
unsigned int *typep, uint16_t *digestbits)
|
||||
@@ -978,7 +994,7 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
|
||||
@@ -983,7 +999,7 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
|
||||
uint16_t bits;
|
||||
isc_result_t result;
|
||||
|
||||
@ -381,7 +381,7 @@ index 7584efb..a153172 100644
|
||||
len = strlen(algorithms[i].str);
|
||||
if (strncasecmp(algorithms[i].str, str, len) == 0 &&
|
||||
(str[len] == '\0' ||
|
||||
@@ -1001,7 +1017,12 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
|
||||
@@ -1006,7 +1022,12 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
|
||||
if (name != NULL) {
|
||||
switch (algorithms[i].hmac) {
|
||||
#ifndef PK11_MD5_DISABLE
|
||||
@ -622,7 +622,7 @@ index bde66a4..70a40c3 100644
|
||||
dst_key_free(&dstkey);
|
||||
CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED);
|
||||
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
|
||||
index 2a0e735..dc80018 100644
|
||||
index ec0ab6d..e0803d4 100644
|
||||
--- a/lib/bind9/check.c
|
||||
+++ b/lib/bind9/check.c
|
||||
@@ -23,6 +23,7 @@
|
||||
@ -633,7 +633,7 @@ index 2a0e735..dc80018 100644
|
||||
#include <isc/mem.h>
|
||||
#include <isc/netaddr.h>
|
||||
#include <isc/parseint.h>
|
||||
@@ -2590,6 +2591,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) {
|
||||
@@ -2618,6 +2619,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) {
|
||||
}
|
||||
|
||||
algorithm = cfg_obj_asstring(algobj);
|
||||
@ -937,10 +937,10 @@ index 9c42c50..f51d548 100644
|
||||
|
||||
void
|
||||
diff --git a/lib/dns/tests/rsa_test.c b/lib/dns/tests/rsa_test.c
|
||||
index 16214c6..9b235ba 100644
|
||||
index f9ac6d0..241e17e 100644
|
||||
--- a/lib/dns/tests/rsa_test.c
|
||||
+++ b/lib/dns/tests/rsa_test.c
|
||||
@@ -26,6 +26,7 @@
|
||||
@@ -27,6 +27,7 @@
|
||||
#define UNIT_TESTING
|
||||
#include <cmocka.h>
|
||||
|
||||
@ -948,7 +948,7 @@ index 16214c6..9b235ba 100644
|
||||
#include <isc/util.h>
|
||||
#include <isc/print.h>
|
||||
|
||||
@@ -247,6 +248,8 @@ isc_rsa_verify_test(void **state) {
|
||||
@@ -248,6 +249,8 @@ isc_rsa_verify_test(void **state) {
|
||||
/* RSAMD5 */
|
||||
|
||||
#ifndef PK11_MD5_DISABLE
|
||||
@ -957,7 +957,7 @@ index 16214c6..9b235ba 100644
|
||||
key->key_alg = DST_ALG_RSAMD5;
|
||||
|
||||
ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC,
|
||||
@@ -264,6 +267,7 @@ isc_rsa_verify_test(void **state) {
|
||||
@@ -265,6 +268,7 @@ isc_rsa_verify_test(void **state) {
|
||||
assert_int_equal(ret, ISC_R_SUCCESS);
|
||||
|
||||
dst_context_destroy(&ctx);
|
||||
@ -966,10 +966,10 @@ index 16214c6..9b235ba 100644
|
||||
|
||||
/* RSASHA256 */
|
||||
diff --git a/lib/dns/tests/tsig_test.c b/lib/dns/tests/tsig_test.c
|
||||
index 8e5250e..9accc53 100644
|
||||
index 11d011a..feb2068 100644
|
||||
--- a/lib/dns/tests/tsig_test.c
|
||||
+++ b/lib/dns/tests/tsig_test.c
|
||||
@@ -24,6 +24,7 @@
|
||||
@@ -25,6 +25,7 @@
|
||||
#define UNIT_TESTING
|
||||
#include <cmocka.h>
|
||||
|
||||
@ -1215,7 +1215,7 @@ index 249f3da..628a414 100644
|
||||
|
||||
/*
|
||||
diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c
|
||||
index 0d5b009..bb9912b 100644
|
||||
index 0d5b009..7809e7b 100644
|
||||
--- a/lib/isc/pk11.c
|
||||
+++ b/lib/isc/pk11.c
|
||||
@@ -197,8 +197,6 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) {
|
||||
@ -1227,14 +1227,14 @@ index 0d5b009..bb9912b 100644
|
||||
}
|
||||
|
||||
ISC_LIST_INIT(tokens);
|
||||
@@ -236,6 +234,7 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) {
|
||||
result = PK11_R_NOAESSERVICE;
|
||||
goto unlock;
|
||||
@@ -238,6 +236,7 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) {
|
||||
}
|
||||
+ initialized = true;
|
||||
#endif
|
||||
#endif /* PKCS11CRYPTO */
|
||||
+ initialized = true;
|
||||
unlock:
|
||||
UNLOCK(&sessionlock);
|
||||
return (result);
|
||||
@@ -589,6 +588,8 @@ scan_slots(void) {
|
||||
pk11_token_t *token;
|
||||
unsigned int i;
|
||||
@ -1334,10 +1334,10 @@ index 0d5b009..bb9912b 100644
|
||||
|
||||
/* ECDSA requires digest */
|
||||
diff --git a/lib/isc/tests/hash_test.c b/lib/isc/tests/hash_test.c
|
||||
index 8ddfe70..9c4d299 100644
|
||||
index 31ced94..421131e 100644
|
||||
--- a/lib/isc/tests/hash_test.c
|
||||
+++ b/lib/isc/tests/hash_test.c
|
||||
@@ -776,6 +776,9 @@ isc_md5_test(void **state) {
|
||||
@@ -775,6 +775,9 @@ isc_md5_test(void **state) {
|
||||
|
||||
UNUSED(state);
|
||||
|
||||
@ -1347,7 +1347,7 @@ index 8ddfe70..9c4d299 100644
|
||||
/*
|
||||
* These are the various test vectors. All of these are passed
|
||||
* through the hash function and the results are compared to the
|
||||
@@ -1631,6 +1634,9 @@ isc_hmacmd5_test(void **state) {
|
||||
@@ -1630,6 +1633,9 @@ isc_hmacmd5_test(void **state) {
|
||||
|
||||
UNUSED(state);
|
||||
|
||||
@ -1357,7 +1357,7 @@ index 8ddfe70..9c4d299 100644
|
||||
/*
|
||||
* These are the various test vectors. All of these are passed
|
||||
* through the hash function and the results are compared to the
|
||||
@@ -1941,6 +1947,9 @@ static void
|
||||
@@ -1940,6 +1946,9 @@ static void
|
||||
md5_check_test(void **state) {
|
||||
UNUSED(state);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user