Add support for OpenSSL provided random data

Modified pkcs11 patch, problem with openssl/pkcs11 includes and ISC_PLATFORM_CRYPTOLIB
2018-05-02 22:31:49 +02:00 · 2018-05-02 22:31:49 +02:00 · 6e9104cae5
commit 6e9104cae5
parent 0ae69e04e1
4 changed files with 2223 additions and 23 deletions
--- a/bind-9.10-dist-native-pkcs11.patch
+++ b/bind-9.10-dist-native-pkcs11.patch
@ -270,7 +270,7 @@ index d92bc9a..6d2bfd1 100644
 CWARNINGS =
 
 diff --git a/bin/pkcs11/Makefile.in b/bin/pkcs11/Makefile.in
-index 70ee8b5..0fd8644 100644
+index a058c91..d4b689a 100644
 --- a/bin/pkcs11/Makefile.in
 +++ b/bin/pkcs11/Makefile.in
@@ -15,13 +15,13 @@ top_srcdir =	@top_srcdir@
@ -291,7 +291,7 @@ index 70ee8b5..0fd8644 100644
 DEPLIBS =	${ISCDEPLIBS}
 
 diff --git a/configure.in b/configure.in
-index 9a1d16d..2f13059 100644
+index 849fa94..69e6373 100644
 --- a/configure.in
 +++ b/configure.in
@@ -1164,12 +1164,14 @@ AC_SUBST(USE_GSSAPI)
@ -346,10 +346,10 @@ index 9a1d16d..2f13059 100644
 		DST_OPENSSL_INC=""
 -		CRYPTO="-DPKCS11CRYPTO"
 +		CRYPTO_PK11="-DPKCS11CRYPTO"
+ 		CRYPTOLIB="pkcs11"
 		OPENSSLECDSALINKOBJS=""
 		OPENSSLECDSALINKSRCS=""
- 		OPENSSLEDDSALINKOBJS=""
-@@ -1605,7 +1607,9 @@ case "$use_openssl" in
+@@ -1606,7 +1608,9 @@ case "$use_openssl" in
 		OPENSSLGOSTLINKSRCS=""
 		OPENSSLLINKOBJS=""
 		OPENSSLLINKSRCS=""
@ -360,24 +360,16 @@ index 9a1d16d..2f13059 100644
 	no)
 		AC_MSG_RESULT(no)
 		DST_OPENSSL_INC=""
-@@ -1635,11 +1639,11 @@ case "$use_openssl" in
- If you don't want OpenSSL, use --without-openssl])
+@@ -1638,7 +1642,7 @@ case "$use_openssl" in
+ If you do not want OpenSSL, use --without-openssl])
 		;;
 	*)
 -		if test "yes" = "$want_native_pkcs11"
-		then
-			AC_MSG_RESULT()
-			AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
-		fi
-+		# if test "yes" = "$want_native_pkcs11"
-+		# then
-+		# 	AC_MSG_RESULT()
-+		# 	AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
-+		# fi
- 		if test "yes" = "$use_openssl"
+		if false # test "yes" = "$want_native_pkcs11"
 		then
- 			# User did not specify a path - guess it
-@@ -2062,6 +2066,7 @@ AC_SUBST(OPENSSL_ED25519)
+ 			AC_MSG_RESULT()
+ 			AC_MSG_ERROR([OpenSSL and native PKCS11 cannot be used together.])
+@@ -2066,6 +2070,7 @@ AC_SUBST(OPENSSL_ED25519)
 AC_SUBST(OPENSSL_GOST)
 
 DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
@ -385,7 +377,7 @@ index 9a1d16d..2f13059 100644
 
 ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
 if test "yes" = "$with_aes"
-@@ -2381,6 +2386,7 @@ esac
+@@ -2384,6 +2389,7 @@ esac
 AC_SUBST(PKCS11LINKOBJS)
 AC_SUBST(PKCS11LINKSRCS)
 AC_SUBST(CRYPTO)
@ -393,7 +385,7 @@ index 9a1d16d..2f13059 100644
 AC_SUBST(PKCS11_ECDSA)
 AC_SUBST(PKCS11_GOST)
 AC_SUBST(PKCS11_ED25519)
-@@ -5434,8 +5440,11 @@ AC_CONFIG_FILES([
+@@ -5497,8 +5503,11 @@ AC_CONFIG_FILES([
 	bin/delv/Makefile
 	bin/dig/Makefile
 	bin/dnssec/Makefile
@ -405,7 +397,7 @@ index 9a1d16d..2f13059 100644
 	bin/nsupdate/Makefile
 	bin/pkcs11/Makefile
 	bin/python/Makefile
-@@ -5509,6 +5518,10 @@ AC_CONFIG_FILES([
+@@ -5572,6 +5581,10 @@ AC_CONFIG_FILES([
 	lib/dns/include/dns/Makefile
 	lib/dns/include/dst/Makefile
 	lib/dns/tests/Makefile
@ -416,7 +408,7 @@ index 9a1d16d..2f13059 100644
 	lib/irs/Makefile
 	lib/irs/include/Makefile
 	lib/irs/include/irs/Makefile
-@@ -5533,6 +5546,24 @@ AC_CONFIG_FILES([
+@@ -5596,6 +5609,24 @@ AC_CONFIG_FILES([
 	lib/isc/unix/include/Makefile
 	lib/isc/unix/include/isc/Makefile
 	lib/isc/unix/include/pkcs11/Makefile
--- a/bind-9.11-rt31459.patch
+++ b/bind-9.11-rt31459.patch
--- a/bind.spec
+++ b/bind.spec
@ -52,7 +52,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.11.4
-Release:  6%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
+Release:  7%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 #
@ -85,6 +85,7 @@ Source46: named-setup-rndc.service
 Source47: named-pkcs11.service
 Source48: setup-named-softhsm.sh
 Source49: named-chroot.files
+Source50: random.data

 # Common patches
 Patch10: bind-9.5-PIE.patch
@ -114,6 +115,7 @@ Patch154:bind-9.11-oot-manual.patch
 Patch155:bind-9.11-pk11.patch
 Patch156:bind-9.11-fips-code.patch
 Patch157:bind-9.11-fips-tests.patch
+Patch158:bind-9.11-rt31459.patch

 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@ -451,6 +453,10 @@ are used for building ISC DHCP.
 %patch155 -p1 -b .pk11-internal
 %patch156 -p1 -b .fips-code
 %patch157 -p1 -b .fips-tests
+%patch158 -p1 -b .rt31459
+
+mkdir lib/dns/tests/testdata/dstrandom
+cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data

 %if %{with PKCS11}
 cp -r bin/named{,-pkcs11}
@ -1415,6 +1421,9 @@ rm -rf ${RPM_BUILD_ROOT}


 %changelog
+* Fri Aug 24 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-7.P1
+- Add support for OpenSSL provided random data
+
 * Mon Aug 13 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-6.P1
 - Fix sdb-chroot devices upgrade (#1592873)
 - Automatically replace obsoleted ISC DLV key with root key (#1595782)
--- a/random.data
+++ b/random.data