diff --git a/bind-9.11-fips-code.patch b/bind-9.11-fips-code.patch index 74dbb05..cf00104 100644 --- a/bind-9.11-fips-code.patch +++ b/bind-9.11-fips-code.patch @@ -1,4 +1,4 @@ -From b8485528f5098e3360560d5b85c9ffc592619c55 Mon Sep 17 00:00:00 2001 +From eff6dcb62f3cea6df0a848c2220a49bc02cb4a0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Thu, 2 Aug 2018 23:34:45 +0200 Subject: [PATCH] FIPS code changes @@ -241,7 +241,7 @@ index 5ca3d76..6b7790a 100644 port = DEFAULT_PORT; diff --git a/bin/dig/dig.c b/bin/dig/dig.c -index 2063a3b..8e856c5 100644 +index 706299e..aaf22e7 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -20,6 +20,7 @@ @@ -252,7 +252,7 @@ index 2063a3b..8e856c5 100644 #include #include #include -@@ -1767,10 +1768,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, +@@ -1774,10 +1775,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, ptr = ptr2; ptr2 = ptr3; } else { @@ -267,7 +267,7 @@ index 2063a3b..8e856c5 100644 digestbits = 0; } diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c -index e75b8b7..9234d35 100644 +index 93e5b40..afd2700 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -80,6 +80,7 @@ @@ -339,7 +339,7 @@ index 1476d0d..f5c9316 100644 alg = DST_ALG_HMACMD5; #else diff --git a/bin/named/config.c b/bin/named/config.c -index 7584efb..a153172 100644 +index 32c454a..dff826b 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -18,6 +18,7 @@ @@ -350,7 +350,7 @@ index 7584efb..a153172 100644 #include #include #include -@@ -969,6 +970,21 @@ ns_config_getkeyalgorithm(const char *str, dns_name_t **name, +@@ -974,6 +975,21 @@ ns_config_getkeyalgorithm(const char *str, dns_name_t **name, return (ns_config_getkeyalgorithm2(str, name, NULL, digestbits)); } @@ -372,7 +372,7 @@ index 7584efb..a153172 100644 isc_result_t ns_config_getkeyalgorithm2(const char *str, dns_name_t **name, unsigned int *typep, uint16_t *digestbits) -@@ -978,7 +994,7 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name, +@@ -983,7 +999,7 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name, uint16_t bits; isc_result_t result; @@ -381,7 +381,7 @@ index 7584efb..a153172 100644 len = strlen(algorithms[i].str); if (strncasecmp(algorithms[i].str, str, len) == 0 && (str[len] == '\0' || -@@ -1001,7 +1017,12 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name, +@@ -1006,7 +1022,12 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name, if (name != NULL) { switch (algorithms[i].hmac) { #ifndef PK11_MD5_DISABLE @@ -622,7 +622,7 @@ index bde66a4..70a40c3 100644 dst_key_free(&dstkey); CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED); diff --git a/lib/bind9/check.c b/lib/bind9/check.c -index 2a0e735..dc80018 100644 +index ec0ab6d..e0803d4 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -23,6 +23,7 @@ @@ -633,7 +633,7 @@ index 2a0e735..dc80018 100644 #include #include #include -@@ -2590,6 +2591,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) { +@@ -2618,6 +2619,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) { } algorithm = cfg_obj_asstring(algobj); @@ -937,10 +937,10 @@ index 9c42c50..f51d548 100644 void diff --git a/lib/dns/tests/rsa_test.c b/lib/dns/tests/rsa_test.c -index 16214c6..9b235ba 100644 +index f9ac6d0..241e17e 100644 --- a/lib/dns/tests/rsa_test.c +++ b/lib/dns/tests/rsa_test.c -@@ -26,6 +26,7 @@ +@@ -27,6 +27,7 @@ #define UNIT_TESTING #include @@ -948,7 +948,7 @@ index 16214c6..9b235ba 100644 #include #include -@@ -247,6 +248,8 @@ isc_rsa_verify_test(void **state) { +@@ -248,6 +249,8 @@ isc_rsa_verify_test(void **state) { /* RSAMD5 */ #ifndef PK11_MD5_DISABLE @@ -957,7 +957,7 @@ index 16214c6..9b235ba 100644 key->key_alg = DST_ALG_RSAMD5; ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC, -@@ -264,6 +267,7 @@ isc_rsa_verify_test(void **state) { +@@ -265,6 +268,7 @@ isc_rsa_verify_test(void **state) { assert_int_equal(ret, ISC_R_SUCCESS); dst_context_destroy(&ctx); @@ -966,10 +966,10 @@ index 16214c6..9b235ba 100644 /* RSASHA256 */ diff --git a/lib/dns/tests/tsig_test.c b/lib/dns/tests/tsig_test.c -index 8e5250e..9accc53 100644 +index 11d011a..feb2068 100644 --- a/lib/dns/tests/tsig_test.c +++ b/lib/dns/tests/tsig_test.c -@@ -24,6 +24,7 @@ +@@ -25,6 +25,7 @@ #define UNIT_TESTING #include @@ -1215,7 +1215,7 @@ index 249f3da..628a414 100644 /* diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c -index 0d5b009..bb9912b 100644 +index 0d5b009..7809e7b 100644 --- a/lib/isc/pk11.c +++ b/lib/isc/pk11.c @@ -197,8 +197,6 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) { @@ -1227,14 +1227,14 @@ index 0d5b009..bb9912b 100644 } ISC_LIST_INIT(tokens); -@@ -236,6 +234,7 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) { - result = PK11_R_NOAESSERVICE; - goto unlock; +@@ -238,6 +236,7 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) { } -+ initialized = true; #endif #endif /* PKCS11CRYPTO */ ++ initialized = true; unlock: + UNLOCK(&sessionlock); + return (result); @@ -589,6 +588,8 @@ scan_slots(void) { pk11_token_t *token; unsigned int i; @@ -1334,10 +1334,10 @@ index 0d5b009..bb9912b 100644 /* ECDSA requires digest */ diff --git a/lib/isc/tests/hash_test.c b/lib/isc/tests/hash_test.c -index 8ddfe70..9c4d299 100644 +index 31ced94..421131e 100644 --- a/lib/isc/tests/hash_test.c +++ b/lib/isc/tests/hash_test.c -@@ -776,6 +776,9 @@ isc_md5_test(void **state) { +@@ -775,6 +775,9 @@ isc_md5_test(void **state) { UNUSED(state); @@ -1347,7 +1347,7 @@ index 8ddfe70..9c4d299 100644 /* * These are the various test vectors. All of these are passed * through the hash function and the results are compared to the -@@ -1631,6 +1634,9 @@ isc_hmacmd5_test(void **state) { +@@ -1630,6 +1633,9 @@ isc_hmacmd5_test(void **state) { UNUSED(state); @@ -1357,7 +1357,7 @@ index 8ddfe70..9c4d299 100644 /* * These are the various test vectors. All of these are passed * through the hash function and the results are compared to the -@@ -1941,6 +1947,9 @@ static void +@@ -1940,6 +1946,9 @@ static void md5_check_test(void **state) { UNUSED(state);