Fix OpenSSL random generator initialization
Also fix warning in test.
This commit is contained in:
parent
ecef966359
commit
564c143a1b
@ -1,4 +1,4 @@
|
||||
From 55e649d82a1adc5209738fb8402624f03287ca87 Mon Sep 17 00:00:00 2001
|
||||
From ab9ee91f596c14cfc55a67ba3523b42a54e3e244 Mon Sep 17 00:00:00 2001
|
||||
From: Evan Hunt <each@isc.org>
|
||||
Date: Thu, 28 Sep 2017 10:09:22 -0700
|
||||
Subject: [PATCH] completed and corrected the crypto-random change
|
||||
@ -33,11 +33,11 @@ Subject: [PATCH] completed and corrected the crypto-random change
|
||||
bin/named/include/named/server.h | 2 +
|
||||
bin/named/interfacemgr.c | 1 +
|
||||
bin/named/query.c | 1 +
|
||||
bin/named/server.c | 51 ++++++++++++++--------
|
||||
bin/named/server.c | 52 ++++++++++++++--------
|
||||
bin/nsupdate/nsupdate.c | 4 +-
|
||||
bin/tests/system/pipelined/pipequeries.c | 4 +-
|
||||
bin/tests/system/tkey/keycreate.c | 4 +-
|
||||
bin/tests/system/tkey/keydelete.c | 4 +-
|
||||
bin/tests/system/tkey/keydelete.c | 5 +--
|
||||
doc/arm/Bv9ARM-book.xml | 55 +++++++++++++++++-------
|
||||
doc/arm/notes.xml | 31 +++++++++++++
|
||||
lib/dns/dst_api.c | 4 +-
|
||||
@ -46,7 +46,7 @@ Subject: [PATCH] completed and corrected the crypto-random change
|
||||
lib/isc/include/isc/entropy.h | 50 +++++++++++++++------
|
||||
lib/isc/include/isc/random.h | 28 +++++++-----
|
||||
lib/isccfg/namedconf.c | 2 +-
|
||||
22 files changed, 225 insertions(+), 107 deletions(-)
|
||||
22 files changed, 228 insertions(+), 106 deletions(-)
|
||||
|
||||
diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
|
||||
index 295e16f..0f79aa8 100644
|
||||
@ -76,10 +76,10 @@ index 295e16f..0f79aa8 100644
|
||||
&entropy_source,
|
||||
randomfile,
|
||||
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
|
||||
index ee6a489..17dddb6 100644
|
||||
index 0ae6b41..4562430 100644
|
||||
--- a/bin/dnssec/dnssec-keygen.docbook
|
||||
+++ b/bin/dnssec/dnssec-keygen.docbook
|
||||
@@ -350,15 +350,23 @@
|
||||
@@ -348,15 +348,23 @@
|
||||
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
|
||||
<listitem>
|
||||
<para>
|
||||
@ -140,10 +140,10 @@ index 31a99e7..38c83ed 100644
|
||||
usekeyboard);
|
||||
|
||||
diff --git a/bin/named/client.c b/bin/named/client.c
|
||||
index ce24670..0ce02a9 100644
|
||||
index 29fecad..a12623a 100644
|
||||
--- a/bin/named/client.c
|
||||
+++ b/bin/named/client.c
|
||||
@@ -1754,7 +1754,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
|
||||
@@ -1752,7 +1752,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
|
||||
|
||||
isc_buffer_init(&buf, cookie, sizeof(cookie));
|
||||
isc_stdtime_get(&now);
|
||||
@ -241,7 +241,7 @@ index f5ed2b7..b2c1d05 100644
|
||||
|
||||
struct ns_altsecret {
|
||||
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
|
||||
index d9f6df5..662eb6c 100644
|
||||
index 135533b..4546831 100644
|
||||
--- a/bin/named/interfacemgr.c
|
||||
+++ b/bin/named/interfacemgr.c
|
||||
@@ -17,6 +17,7 @@
|
||||
@ -253,7 +253,7 @@ index d9f6df5..662eb6c 100644
|
||||
#include <isc/task.h>
|
||||
#include <isc/util.h>
|
||||
diff --git a/bin/named/query.c b/bin/named/query.c
|
||||
index 1d3edbc..193efde 100644
|
||||
index f85cc76..43a3661 100644
|
||||
--- a/bin/named/query.c
|
||||
+++ b/bin/named/query.c
|
||||
@@ -19,6 +19,7 @@
|
||||
@ -265,10 +265,10 @@ index 1d3edbc..193efde 100644
|
||||
#include <isc/serial.h>
|
||||
#include <isc/stats.h>
|
||||
diff --git a/bin/named/server.c b/bin/named/server.c
|
||||
index 30e7eac..27ea3bf 100644
|
||||
index 405ff71..700f83d 100644
|
||||
--- a/bin/named/server.c
|
||||
+++ b/bin/named/server.c
|
||||
@@ -8203,21 +8203,30 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
@@ -8203,21 +8203,32 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
* Open the source of entropy.
|
||||
*/
|
||||
if (first_time) {
|
||||
@ -304,12 +304,13 @@ index 30e7eac..27ea3bf 100644
|
||||
- isc_entropy_usehook(ns_g_entropy, true);
|
||||
-#else
|
||||
- int level = ISC_LOG_ERROR;
|
||||
- result = isc_entropy_createfilesource(ns_g_entropy,
|
||||
result = isc_entropy_createfilesource(ns_g_entropy,
|
||||
- randomdev);
|
||||
+ randomdev);
|
||||
#ifdef PATH_RANDOMDEV
|
||||
if (ns_g_fallbackentropy != NULL) {
|
||||
level = ISC_LOG_INFO;
|
||||
@@ -8228,8 +8237,8 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
@@ -8228,8 +8239,8 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
NS_LOGCATEGORY_GENERAL,
|
||||
NS_LOGMODULE_SERVER,
|
||||
level,
|
||||
@ -320,7 +321,7 @@ index 30e7eac..27ea3bf 100644
|
||||
randomdev,
|
||||
isc_result_totext(result));
|
||||
}
|
||||
@@ -8249,7 +8258,6 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
@@ -8249,7 +8260,6 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
}
|
||||
isc_entropy_detach(&ns_g_fallbackentropy);
|
||||
}
|
||||
@ -328,7 +329,15 @@ index 30e7eac..27ea3bf 100644
|
||||
#endif
|
||||
}
|
||||
}
|
||||
@@ -9040,6 +9048,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
|
||||
@@ -9014,6 +9024,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
|
||||
server->in_roothints = NULL;
|
||||
server->blackholeacl = NULL;
|
||||
server->keepresporder = NULL;
|
||||
+ server->rngctx = NULL;
|
||||
|
||||
/* Must be first. */
|
||||
CHECKFATAL(dst_lib_init2(ns_g_mctx, ns_g_entropy,
|
||||
@@ -9040,6 +9051,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
|
||||
CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy,
|
||||
&server->tkeyctx),
|
||||
"creating TKEY context");
|
||||
@ -338,7 +347,7 @@ index 30e7eac..27ea3bf 100644
|
||||
|
||||
/*
|
||||
* Setup the server task, which is responsible for coordinating
|
||||
@@ -9246,7 +9257,8 @@ ns_server_destroy(ns_server_t **serverp) {
|
||||
@@ -9246,7 +9260,8 @@ ns_server_destroy(ns_server_t **serverp) {
|
||||
|
||||
if (server->zonemgr != NULL)
|
||||
dns_zonemgr_detach(&server->zonemgr);
|
||||
@ -348,7 +357,7 @@ index 30e7eac..27ea3bf 100644
|
||||
if (server->tkeyctx != NULL)
|
||||
dns_tkeyctx_destroy(&server->tkeyctx);
|
||||
|
||||
@@ -13197,10 +13209,10 @@ newzone_cfgctx_destroy(void **cfgp) {
|
||||
@@ -13197,10 +13212,10 @@ newzone_cfgctx_destroy(void **cfgp) {
|
||||
|
||||
static isc_result_t
|
||||
generate_salt(unsigned char *salt, size_t saltlen) {
|
||||
@ -361,7 +370,7 @@ index 30e7eac..27ea3bf 100644
|
||||
} rnd;
|
||||
unsigned char text[512 + 1];
|
||||
isc_region_t r;
|
||||
@@ -13210,9 +13222,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
|
||||
@@ -13210,9 +13225,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
|
||||
if (saltlen > 256U)
|
||||
return (ISC_R_RANGE);
|
||||
|
||||
@ -376,7 +385,7 @@ index 30e7eac..27ea3bf 100644
|
||||
memmove(salt, rnd.rnd, saltlen);
|
||||
|
||||
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
|
||||
index 6d7a02e..626b1cf 100644
|
||||
index 0286987..0376377 100644
|
||||
--- a/bin/nsupdate/nsupdate.c
|
||||
+++ b/bin/nsupdate/nsupdate.c
|
||||
@@ -283,9 +283,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
|
||||
@ -421,10 +430,18 @@ index fe8698e..937fcc3 100644
|
||||
}
|
||||
#endif
|
||||
diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c
|
||||
index 2146f9b..ac2c311 100644
|
||||
index 2146f9b..64b8e74 100644
|
||||
--- a/bin/tests/system/tkey/keydelete.c
|
||||
+++ b/bin/tests/system/tkey/keydelete.c
|
||||
@@ -182,9 +182,7 @@ main(int argc, char **argv) {
|
||||
@@ -171,6 +171,7 @@ main(int argc, char **argv) {
|
||||
randomfile = argv[2];
|
||||
argv += 2;
|
||||
argc -= 2;
|
||||
+ POST(argc);
|
||||
}
|
||||
keyname = argv[1];
|
||||
|
||||
@@ -182,9 +183,7 @@ main(int argc, char **argv) {
|
||||
ectx = NULL;
|
||||
RUNCHECK(isc_entropy_create(mctx, &ectx));
|
||||
#ifdef ISC_PLATFORM_CRYPTORANDOM
|
||||
@ -436,7 +453,7 @@ index 2146f9b..ac2c311 100644
|
||||
}
|
||||
#endif
|
||||
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
|
||||
index bb79723..888959c 100644
|
||||
index b40cb05..8a81438 100644
|
||||
--- a/doc/arm/Bv9ARM-book.xml
|
||||
+++ b/doc/arm/Bv9ARM-book.xml
|
||||
@@ -5071,22 +5071,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
@ -502,10 +519,10 @@ index bb79723..888959c 100644
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
|
||||
index ba9a7cf..c0256f1 100644
|
||||
index 00ce8f1..527135a 100644
|
||||
--- a/doc/arm/notes.xml
|
||||
+++ b/doc/arm/notes.xml
|
||||
@@ -117,6 +117,37 @@
|
||||
@@ -124,6 +124,37 @@
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
|
@ -53,7 +53,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
|
||||
Name: bind
|
||||
License: MPLv2.0
|
||||
Version: 9.11.7
|
||||
Release: 1%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
||||
Release: 2%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
||||
Epoch: 32
|
||||
Url: https://www.isc.org/downloads/bind/
|
||||
#
|
||||
@ -1511,6 +1511,9 @@ fi;
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Jun 17 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.7-2
|
||||
- Fix OpenSSL random generator initialization
|
||||
|
||||
* Mon Jun 10 2019 Petr Menšík <pemensik@redhat.com> - 32:9.11.7-1
|
||||
- Update to 9.11.7
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user