rpms/bind
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Fix broken pkcs11 initialization

Browse Source 
Broken by commit 2a466330c5
This commit is contained in:
Petr Menšík 2019-08-27 15:49:57 +02:00
parent 1b89e61546
commit 01dd585828
1 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
bind-9.11-fips-code.patch
View File

@ -1,4 +1,4 @@
From b8485528f5098e3360560d5b85c9ffc592619c55 Mon Sep 17 00:00:00 2001 From eff6dcb62f3cea6df0a848c2220a49bc02cb4a0e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 2 Aug 2018 23:34:45 +0200 Date: Thu, 2 Aug 2018 23:34:45 +0200
Subject: [PATCH] FIPS code changes Subject: [PATCH] FIPS code changes
@ -241,7 +241,7 @@ index 5ca3d76..6b7790a 100644
port = DEFAULT_PORT; port = DEFAULT_PORT;
diff --git a/bin/dig/dig.c b/bin/dig/dig.c diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 2063a3b..8e856c5 100644 index 706299e..aaf22e7 100644
--- a/bin/dig/dig.c --- a/bin/dig/dig.c
+++ b/bin/dig/dig.c +++ b/bin/dig/dig.c
@@ -20,6 +20,7 @@ @@ -20,6 +20,7 @@
@ -252,7 +252,7 @@ index 2063a3b..8e856c5 100644
#include <isc/netaddr.h> #include <isc/netaddr.h>
#include <isc/parseint.h> #include <isc/parseint.h>
#include <isc/platform.h> #include <isc/platform.h>
@@ -1767,10 +1768,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup, @@ -1774,10 +1775,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
ptr = ptr2; ptr = ptr2;
ptr2 = ptr3; ptr2 = ptr3;
} else { } else {
@ -267,7 +267,7 @@ index 2063a3b..8e856c5 100644
digestbits = 0; digestbits = 0;
} }
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index e75b8b7..9234d35 100644 index 93e5b40..afd2700 100644
--- a/bin/dig/dighost.c --- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c +++ b/bin/dig/dighost.c
@@ -80,6 +80,7 @@ @@ -80,6 +80,7 @@
@ -339,7 +339,7 @@ index 1476d0d..f5c9316 100644
alg = DST_ALG_HMACMD5; alg = DST_ALG_HMACMD5;
#else #else
diff --git a/bin/named/config.c b/bin/named/config.c diff --git a/bin/named/config.c b/bin/named/config.c
index 7584efb..a153172 100644 index 32c454a..dff826b 100644
--- a/bin/named/config.c --- a/bin/named/config.c
+++ b/bin/named/config.c +++ b/bin/named/config.c
@@ -18,6 +18,7 @@ @@ -18,6 +18,7 @@
@ -350,7 +350,7 @@ index 7584efb..a153172 100644
#include <isc/mem.h> #include <isc/mem.h>
#include <isc/parseint.h> #include <isc/parseint.h>
#include <isc/region.h> #include <isc/region.h>
@@ -969,6 +970,21 @@ ns_config_getkeyalgorithm(const char *str, dns_name_t **name, @@ -974,6 +975,21 @@ ns_config_getkeyalgorithm(const char *str, dns_name_t **name,
return (ns_config_getkeyalgorithm2(str, name, NULL, digestbits)); return (ns_config_getkeyalgorithm2(str, name, NULL, digestbits));
} }
@ -372,7 +372,7 @@ index 7584efb..a153172 100644
isc_result_t isc_result_t
ns_config_getkeyalgorithm2(const char *str, dns_name_t **name, ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
unsigned int *typep, uint16_t *digestbits) unsigned int *typep, uint16_t *digestbits)
@@ -978,7 +994,7 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name, @@ -983,7 +999,7 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
uint16_t bits; uint16_t bits;
isc_result_t result; isc_result_t result;
@ -381,7 +381,7 @@ index 7584efb..a153172 100644
len = strlen(algorithms[i].str); len = strlen(algorithms[i].str);
if (strncasecmp(algorithms[i].str, str, len) == 0 && if (strncasecmp(algorithms[i].str, str, len) == 0 &&
(str[len] == '\0' || (str[len] == '\0' ||
@@ -1001,7 +1017,12 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name, @@ -1006,7 +1022,12 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
if (name != NULL) { if (name != NULL) {
switch (algorithms[i].hmac) { switch (algorithms[i].hmac) {
#ifndef PK11_MD5_DISABLE #ifndef PK11_MD5_DISABLE
@ -622,7 +622,7 @@ index bde66a4..70a40c3 100644
dst_key_free(&dstkey); dst_key_free(&dstkey);
CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED); CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED);
diff --git a/lib/bind9/check.c b/lib/bind9/check.c diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index 2a0e735..dc80018 100644 index ec0ab6d..e0803d4 100644
--- a/lib/bind9/check.c --- a/lib/bind9/check.c
+++ b/lib/bind9/check.c +++ b/lib/bind9/check.c
@@ -23,6 +23,7 @@ @@ -23,6 +23,7 @@
@ -633,7 +633,7 @@ index 2a0e735..dc80018 100644
#include <isc/mem.h> #include <isc/mem.h>
#include <isc/netaddr.h> #include <isc/netaddr.h>
#include <isc/parseint.h> #include <isc/parseint.h>
@@ -2590,6 +2591,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) { @@ -2618,6 +2619,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) {
} }
algorithm = cfg_obj_asstring(algobj); algorithm = cfg_obj_asstring(algobj);
@ -937,10 +937,10 @@ index 9c42c50..f51d548 100644
void void
diff --git a/lib/dns/tests/rsa_test.c b/lib/dns/tests/rsa_test.c diff --git a/lib/dns/tests/rsa_test.c b/lib/dns/tests/rsa_test.c
index 16214c6..9b235ba 100644 index f9ac6d0..241e17e 100644
--- a/lib/dns/tests/rsa_test.c --- a/lib/dns/tests/rsa_test.c
+++ b/lib/dns/tests/rsa_test.c +++ b/lib/dns/tests/rsa_test.c
@@ -26,6 +26,7 @@ @@ -27,6 +27,7 @@
#define UNIT_TESTING #define UNIT_TESTING
#include <cmocka.h> #include <cmocka.h>
@ -948,7 +948,7 @@ index 16214c6..9b235ba 100644
#include <isc/util.h> #include <isc/util.h>
#include <isc/print.h> #include <isc/print.h>
@@ -247,6 +248,8 @@ isc_rsa_verify_test(void **state) { @@ -248,6 +249,8 @@ isc_rsa_verify_test(void **state) {
/* RSAMD5 */ /* RSAMD5 */
#ifndef PK11_MD5_DISABLE #ifndef PK11_MD5_DISABLE
@ -957,7 +957,7 @@ index 16214c6..9b235ba 100644
key->key_alg = DST_ALG_RSAMD5; key->key_alg = DST_ALG_RSAMD5;
ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC, ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC,
@@ -264,6 +267,7 @@ isc_rsa_verify_test(void **state) { @@ -265,6 +268,7 @@ isc_rsa_verify_test(void **state) {
assert_int_equal(ret, ISC_R_SUCCESS); assert_int_equal(ret, ISC_R_SUCCESS);
dst_context_destroy(&ctx); dst_context_destroy(&ctx);
@ -966,10 +966,10 @@ index 16214c6..9b235ba 100644
/* RSASHA256 */ /* RSASHA256 */
diff --git a/lib/dns/tests/tsig_test.c b/lib/dns/tests/tsig_test.c diff --git a/lib/dns/tests/tsig_test.c b/lib/dns/tests/tsig_test.c
index 8e5250e..9accc53 100644 index 11d011a..feb2068 100644
--- a/lib/dns/tests/tsig_test.c --- a/lib/dns/tests/tsig_test.c
+++ b/lib/dns/tests/tsig_test.c +++ b/lib/dns/tests/tsig_test.c
@@ -24,6 +24,7 @@ @@ -25,6 +25,7 @@
#define UNIT_TESTING #define UNIT_TESTING
#include <cmocka.h> #include <cmocka.h>
@ -1215,7 +1215,7 @@ index 249f3da..628a414 100644
/* /*
diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c
index 0d5b009..bb9912b 100644 index 0d5b009..7809e7b 100644
--- a/lib/isc/pk11.c --- a/lib/isc/pk11.c
+++ b/lib/isc/pk11.c +++ b/lib/isc/pk11.c
@@ -197,8 +197,6 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) { @@ -197,8 +197,6 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) {
@ -1227,14 +1227,14 @@ index 0d5b009..bb9912b 100644
} }
ISC_LIST_INIT(tokens); ISC_LIST_INIT(tokens);
@@ -236,6 +234,7 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) { @@ -238,6 +236,7 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) {
result = PK11_R_NOAESSERVICE;
goto unlock;
} }
+ initialized = true;
#endif #endif
#endif /* PKCS11CRYPTO */ #endif /* PKCS11CRYPTO */
+ initialized = true;
unlock: unlock:
UNLOCK(&sessionlock);
return (result);
@@ -589,6 +588,8 @@ scan_slots(void) { @@ -589,6 +588,8 @@ scan_slots(void) {
pk11_token_t *token; pk11_token_t *token;
unsigned int i; unsigned int i;
@ -1334,10 +1334,10 @@ index 0d5b009..bb9912b 100644
/* ECDSA requires digest */ /* ECDSA requires digest */
diff --git a/lib/isc/tests/hash_test.c b/lib/isc/tests/hash_test.c diff --git a/lib/isc/tests/hash_test.c b/lib/isc/tests/hash_test.c
index 8ddfe70..9c4d299 100644 index 31ced94..421131e 100644
--- a/lib/isc/tests/hash_test.c --- a/lib/isc/tests/hash_test.c
+++ b/lib/isc/tests/hash_test.c +++ b/lib/isc/tests/hash_test.c
@@ -776,6 +776,9 @@ isc_md5_test(void **state) { @@ -775,6 +775,9 @@ isc_md5_test(void **state) {
UNUSED(state); UNUSED(state);
@ -1347,7 +1347,7 @@ index 8ddfe70..9c4d299 100644
/* /*
* These are the various test vectors. All of these are passed * These are the various test vectors. All of these are passed
* through the hash function and the results are compared to the * through the hash function and the results are compared to the
@@ -1631,6 +1634,9 @@ isc_hmacmd5_test(void **state) { @@ -1630,6 +1633,9 @@ isc_hmacmd5_test(void **state) {
UNUSED(state); UNUSED(state);
@ -1357,7 +1357,7 @@ index 8ddfe70..9c4d299 100644
/* /*
* These are the various test vectors. All of these are passed * These are the various test vectors. All of these are passed
* through the hash function and the results are compared to the * through the hash function and the results are compared to the
@@ -1941,6 +1947,9 @@ static void @@ -1940,6 +1946,9 @@ static void
md5_check_test(void **state) { md5_check_test(void **state) {
UNUSED(state); UNUSED(state);