Petr Menšík 2022-09-21 14:33:11 +02:00
parent 24465000af
commit bbdbcbc779
5 changed files with 89 additions and 102 deletions

2
.gitignore vendored
View File

@ -190,3 +190,5 @@ bind-9.7.2b1.tar.gz
/bind-9.18.5.tar.xz.asc
/bind-9.18.6.tar.xz
/bind-9.18.6.tar.xz.asc
/bind-9.18.7.tar.xz
/bind-9.18.7.tar.xz.asc

View File

@ -1,4 +1,4 @@
From 09030b066846a9b7252b5cb4f483d4a55b4639fc Mon Sep 17 00:00:00 2001
From b1e27453fadcf8ce453beed5b896ad995dfb5534 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 2 Aug 2018 23:46:45 +0200
Subject: [PATCH] FIPS tests changes
@ -81,20 +81,18 @@ Date: Wed Mar 7 10:44:23 2018 +0100
bin/tests/system/nsupdate/ns1/named.conf.in | 2 +-
bin/tests/system/nsupdate/ns2/named.conf.in | 2 +-
bin/tests/system/nsupdate/setup.sh | 6 +-
bin/tests/system/nsupdate/tests.sh | 11 ++-
bin/tests/system/nsupdate/tests.sh | 9 ++-
bin/tests/system/rndc/setup.sh | 2 +-
bin/tests/system/rndc/tests.sh | 22 +++---
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++
bin/tests/system/tsig/setup.sh | 5 ++
bin/tests/system/tsig/tests.sh | 67 ++++++++++++-------
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
bin/tests/system/upforwd/tests.sh | 2 +-
32 files changed, 159 insertions(+), 106 deletions(-)
create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
31 files changed, 147 insertions(+), 106 deletions(-)
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
index 745048a..93cb411 100644
index 8787c6a..b781d0b 100644
--- a/bin/tests/system/acl/ns2/named1.conf.in
+++ b/bin/tests/system/acl/ns2/named1.conf.in
@@ -35,12 +35,12 @@ options {
@ -113,7 +111,7 @@ index 745048a..93cb411 100644
};
diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
index 21aa991..78e71cc 100644
index a95b4c1..3f3f471 100644
--- a/bin/tests/system/acl/ns2/named2.conf.in
+++ b/bin/tests/system/acl/ns2/named2.conf.in
@@ -35,12 +35,12 @@ options {
@ -132,7 +130,7 @@ index 21aa991..78e71cc 100644
};
diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
index 3208c92..bed6325 100644
index 14cc3fe..9507706 100644
--- a/bin/tests/system/acl/ns2/named3.conf.in
+++ b/bin/tests/system/acl/ns2/named3.conf.in
@@ -35,17 +35,17 @@ options {
@ -157,7 +155,7 @@ index 3208c92..bed6325 100644
};
diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
index 14e82ed..a22cafe 100644
index 77cf110..029c91b 100644
--- a/bin/tests/system/acl/ns2/named4.conf.in
+++ b/bin/tests/system/acl/ns2/named4.conf.in
@@ -35,12 +35,12 @@ options {
@ -176,7 +174,7 @@ index 14e82ed..a22cafe 100644
};
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
index f43f33c..f4a865a 100644
index 5ccabf9..6154797 100644
--- a/bin/tests/system/acl/ns2/named5.conf.in
+++ b/bin/tests/system/acl/ns2/named5.conf.in
@@ -37,12 +37,12 @@ options {
@ -539,10 +537,10 @@ index 4af25b0..9f202d5 100644
};
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
index 897dc86..e4b6dc1 100644
index 154bf75..e7a05cd 100644
--- a/bin/tests/system/checkconf/good.conf
+++ b/bin/tests/system/checkconf/good.conf
@@ -270,6 +270,6 @@ dyndb "name" "library.so" {
@@ -283,6 +283,6 @@ dyndb "name" "library.so" {
system;
};
key "mykey" {
@ -608,7 +606,7 @@ index 5cab276..d4a7bf3 100644
};
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
index 04fd34b..e5476ea 100644
index 95158a4..9b9aa0a 100644
--- a/bin/tests/system/notify/tests.sh
+++ b/bin/tests/system/notify/tests.sh
@@ -179,7 +179,7 @@ test_start "checking notify to multiple views using tsig"
@ -633,7 +631,7 @@ index 04fd34b..e5476ea 100644
grep "test string" "$fnb" > /dev/null &&
grep "test string" "$fnc" > /dev/null &&
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
index 81d0c99..effbe2e 100644
index 2b67360..a734584 100644
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
@@ -39,7 +39,7 @@ controls {
@ -646,7 +644,7 @@ index 81d0c99..effbe2e 100644
};
diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
index f1a1735..da2b3d1 100644
index c85eef5..428b6b1 100644
--- a/bin/tests/system/nsupdate/ns2/named.conf.in
+++ b/bin/tests/system/nsupdate/ns2/named.conf.in
@@ -34,7 +34,7 @@ controls {
@ -676,26 +674,24 @@ index 50056dc..a4a1a3f 100644
$TSIGKEYGEN -a hmac-sha224 sha224-key > ns1/sha224.key
$TSIGKEYGEN -a hmac-sha256 sha256-key > ns1/sha256.key
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 0863d0a..559def7 100755
index 0bb9d00..ecbc0df 100755
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -841,7 +841,14 @@ fi
n=`expr $n + 1`
@@ -841,7 +841,12 @@ fi
n=$((n + 1))
ret=0
echo_i "check TSIG key algorithms (nsupdate -k) ($n)"
-for alg in md5 sha1 sha224 sha256 sha384 sha512; do
+if $FEATURETEST --md5
+then
+ ALGS="md5 sha1 sha224 sha256 sha384 sha512"
+else
+ ALGS="sha1 sha224 sha256 sha384 sha512"
+MD5ALG='md5'
+if ! $FEATURETEST --md5; then
+ MD5ALG=''
+ echo_i "skipping disabled md5 algorithm"
+fi
+for alg in $ALGS; do
+for alg in $MD5ALG sha1 sha224 sha256 sha384 sha512; do
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
server 10.53.0.1 ${PORT}
update add ${alg}.keytests.nil. 600 A 10.10.10.3
@@ -849,7 +856,7 @@ send
@@ -849,7 +854,7 @@ send
END
done
sleep 2
@ -718,7 +714,7 @@ index 4dd6fa7..1b79263 100644
make_key 3 ${EXTRAPORT3} hmac-sha224
make_key 4 ${EXTRAPORT4} hmac-sha256
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
index e678153..e7ec855 100644
index a66ca15..6ebf78c 100644
--- a/bin/tests/system/rndc/tests.sh
+++ b/bin/tests/system/rndc/tests.sh
@@ -350,15 +350,19 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
@ -778,22 +774,6 @@ index 76cf970..22637af 100644
key "sha1-trunc" {
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
new file mode 100644
index 0000000..0682194
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
@@ -0,0 +1,10 @@
+# Conditionally included when support for MD5 is available
+key "md5" {
+ secret "97rnFx24Tfna4mHPfgnerA==";
+ algorithm hmac-md5;
+};
+
+key "md5-trunc" {
+ secret "97rnFx24Tfna4mHPfgnerA==";
+ algorithm hmac-md5-80;
+};
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
index 34cc73b..d51ff21 100644
--- a/bin/tests/system/tsig/setup.sh

View File

@ -1,7 +1,7 @@
From 561356ec1d46abb939e4eed10ee2c9e639eb88db Mon Sep 17 00:00:00 2001
From 1ecf072a6a556aa386003d1d5b83fe172320e7ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 8 Sep 2022 17:19:20 +0200
Subject: [PATCH 2/3] Do not use OSSL_PARAM when engine API is compiled
Subject: [PATCH] Do not use OSSL_PARAM when engine API is compiled
OpenSSL has deprecated many things in version 3.0. If pkcs11 engine
should work then no builder from OpenSSL 3.0 API can be used.
@ -16,7 +16,7 @@ working keys loading from the engine passed on command line.
3 files changed, 189 insertions(+), 184 deletions(-)
diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c
index d5dbc2e889..96c1d523b7 100644
index 1a01c2b..7df483f 100644
--- a/lib/dns/openssldh_link.c
+++ b/lib/dns/openssldh_link.c
@@ -91,7 +91,7 @@ static BIGNUM *bn2 = NULL, *bn768 = NULL, *bn1024 = NULL, *bn1536 = NULL;
@ -68,16 +68,16 @@ index d5dbc2e889..96c1d523b7 100644
isc_buffer_add(secret, (unsigned int)secret_len);
@@ -165,7 +165,7 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
@@ -166,7 +166,7 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
static bool
openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
bool ret = true;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
DH *dh1, *dh2;
const BIGNUM *pub_key1 = NULL, *pub_key2 = NULL;
const BIGNUM *priv_key1 = NULL, *priv_key2 = NULL;
@@ -175,9 +175,9 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
@@ -176,9 +176,9 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
BIGNUM *pub_key1 = NULL, *pub_key2 = NULL;
BIGNUM *priv_key1 = NULL, *priv_key2 = NULL;
BIGNUM *p1 = NULL, *g1 = NULL, *p2 = NULL, *g2 = NULL;
@ -89,7 +89,7 @@ index d5dbc2e889..96c1d523b7 100644
dh1 = key1->keydata.dh;
dh2 = key2->keydata.dh;
@@ -209,7 +209,7 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
@@ -210,7 +210,7 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_PUB_KEY, &pub_key2);
EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key1);
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key2);
@ -99,15 +99,15 @@ index d5dbc2e889..96c1d523b7 100644
if (BN_cmp(p1, p2) != 0 || BN_cmp(g1, g2) != 0 ||
BN_cmp(pub_key1, pub_key2) != 0)
@@ -226,7 +226,7 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
}
}
err:
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
if (p1 != NULL) {
BN_free(p1);
}
@@ -251,22 +251,23 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
@@ -251,7 +251,8 @@ err:
if (priv_key2 != NULL) {
BN_clear_free(priv_key2);
}
@ -115,11 +115,12 @@ index d5dbc2e889..96c1d523b7 100644
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 \
+ */
return (true);
return (ret);
}
@@ -259,15 +260,15 @@ err:
static bool
openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
bool ret = true;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
DH *dh1, *dh2;
@ -135,7 +136,7 @@ index d5dbc2e889..96c1d523b7 100644
dh1 = key1->keydata.dh;
dh2 = key2->keydata.dh;
@@ -292,13 +293,13 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
@@ -293,14 +294,14 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_FFC_P, &p2);
EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_FFC_G, &g1);
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_FFC_G, &g2);
@ -143,15 +144,16 @@ index d5dbc2e889..96c1d523b7 100644
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
if (BN_cmp(p1, p2) != 0 || BN_cmp(g1, g2) != 0) {
return (false);
DST_RET(false);
}
err:
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
if (p1 != NULL) {
BN_free(p1);
}
@@ -311,12 +312,13 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
@@ -313,12 +314,13 @@ err:
if (g2 != NULL) {
BN_free(g2);
}
@ -159,7 +161,7 @@ index d5dbc2e889..96c1d523b7 100644
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 \
+ */
return (true);
return (ret);
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
@ -167,7 +169,7 @@ index d5dbc2e889..96c1d523b7 100644
static int
progress_cb(int p, int n, BN_GENCB *cb) {
union {
@@ -347,7 +349,7 @@ progress_cb(EVP_PKEY_CTX *ctx) {
@@ -349,7 +351,7 @@ progress_cb(EVP_PKEY_CTX *ctx) {
}
return (1);
}
@ -176,7 +178,7 @@ index d5dbc2e889..96c1d523b7 100644
static isc_result_t
openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -357,7 +359,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -359,7 +361,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
void (*fptr)(int);
} u;
BIGNUM *p = NULL, *g = NULL;
@ -185,7 +187,7 @@ index d5dbc2e889..96c1d523b7 100644
DH *dh = NULL;
BN_GENCB *cb = NULL;
#if !HAVE_BN_GENCB_NEW
@@ -370,9 +372,9 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -372,9 +374,9 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *param_pkey = NULL;
EVP_PKEY *pkey = NULL;
@ -197,7 +199,7 @@ index d5dbc2e889..96c1d523b7 100644
dh = DH_new();
if (dh == NULL) {
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
@@ -386,7 +388,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -388,7 +390,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
if (param_ctx == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
@ -206,7 +208,7 @@ index d5dbc2e889..96c1d523b7 100644
if (generator == 0) {
/*
@@ -406,7 +408,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -408,7 +410,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
if (p == NULL || g == NULL) {
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
}
@ -215,7 +217,7 @@ index d5dbc2e889..96c1d523b7 100644
if (DH_set0_pqg(dh, p, NULL, g) != 1) {
DST_RET(dst__openssl_toresult2(
"DH_set0_pqg", DST_R_OPENSSLFAILURE));
@@ -430,7 +432,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -432,7 +434,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
DST_R_OPENSSLFAILURE));
}
params = OSSL_PARAM_BLD_to_param(bld);
@ -224,7 +226,7 @@ index d5dbc2e889..96c1d523b7 100644
} else {
/*
@@ -443,7 +445,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -445,7 +447,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
}
if (generator != 0) {
@ -233,7 +235,7 @@ index d5dbc2e889..96c1d523b7 100644
cb = BN_GENCB_new();
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
if (cb == NULL) {
@@ -486,10 +488,10 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -488,10 +490,10 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
DST_R_OPENSSLFAILURE));
}
params = OSSL_PARAM_BLD_to_param(bld);
@ -246,7 +248,7 @@ index d5dbc2e889..96c1d523b7 100644
if (DH_generate_key(dh) == 0) {
DST_RET(dst__openssl_toresult2("DH_generate_key",
DST_R_OPENSSLFAILURE));
@@ -557,12 +559,12 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -559,12 +561,12 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
key->keydata.pkey = pkey;
pkey = NULL;
@ -261,7 +263,7 @@ index d5dbc2e889..96c1d523b7 100644
if (dh != NULL) {
DH_free(dh);
}
@@ -594,14 +596,14 @@ err:
@@ -596,14 +598,14 @@ err:
if (g != NULL) {
BN_free(g);
}
@ -278,7 +280,7 @@ index d5dbc2e889..96c1d523b7 100644
DH *dh = key->keydata.dh;
const BIGNUM *priv_key = NULL;
@@ -626,12 +628,12 @@ openssldh_isprivate(const dst_key_t *key) {
@@ -628,12 +630,12 @@ openssldh_isprivate(const dst_key_t *key) {
}
return (ret);
@ -293,7 +295,7 @@ index d5dbc2e889..96c1d523b7 100644
DH *dh = key->keydata.dh;
if (dh == NULL) {
@@ -649,7 +651,7 @@ openssldh_destroy(dst_key_t *key) {
@@ -651,7 +653,7 @@ openssldh_destroy(dst_key_t *key) {
EVP_PKEY_free(pkey);
key->keydata.pkey = NULL;
@ -302,10 +304,10 @@ index d5dbc2e889..96c1d523b7 100644
}
static void
@@ -675,17 +677,17 @@ uint16_fromregion(isc_region_t *region) {
@@ -678,17 +680,17 @@ uint16_fromregion(isc_region_t *region) {
static isc_result_t
openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret = ISC_R_SUCCESS;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
DH *dh;
@ -323,7 +325,7 @@ index d5dbc2e889..96c1d523b7 100644
REQUIRE(key->keydata.dh != NULL);
dh = key->keydata.dh;
@@ -698,7 +700,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -701,7 +703,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_P, &p);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_G, &g);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);
@ -332,16 +334,16 @@ index d5dbc2e889..96c1d523b7 100644
isc_buffer_availableregion(data, &r);
@@ -745,7 +747,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -749,7 +751,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_buffer_add(data, dnslen);
err:
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
if (p != NULL) {
BN_free(p);
}
@@ -755,7 +757,8 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -759,7 +761,8 @@ err:
if (pub_key != NULL) {
BN_free(pub_key);
}
@ -349,9 +351,9 @@ index d5dbc2e889..96c1d523b7 100644
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 \
+ */
return (ISC_R_SUCCESS);
return (ret);
}
@@ -763,14 +766,14 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -767,14 +770,14 @@ err:
static isc_result_t
openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
@ -368,7 +370,7 @@ index d5dbc2e889..96c1d523b7 100644
BIGNUM *pub_key = NULL, *p = NULL, *g = NULL;
int key_size;
isc_region_t r;
@@ -782,7 +785,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -786,7 +789,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
return (ISC_R_SUCCESS);
}
@ -377,7 +379,7 @@ index d5dbc2e889..96c1d523b7 100644
dh = DH_new();
if (dh == NULL) {
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
@@ -797,7 +800,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -801,7 +804,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
if (ctx == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
@ -386,7 +388,7 @@ index d5dbc2e889..96c1d523b7 100644
/*
* Read the prime length. 1 & 2 are table entries, > 16 means a
@@ -873,7 +876,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -877,7 +880,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
key_size = BN_num_bits(p);
@ -395,7 +397,7 @@ index d5dbc2e889..96c1d523b7 100644
if (DH_set0_pqg(dh, p, NULL, g) != 1) {
DST_RET(dst__openssl_toresult2("DH_set0_pqg",
DST_R_OPENSSLFAILURE));
@@ -889,7 +892,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -893,7 +896,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
DST_R_OPENSSLFAILURE));
}
@ -404,7 +406,7 @@ index d5dbc2e889..96c1d523b7 100644
if (r.length < 2) {
DST_RET(DST_R_INVALIDPUBLICKEY);
@@ -907,7 +910,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -911,7 +914,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_buffer_forward(data, plen + glen + publen + 6);
@ -413,7 +415,7 @@ index d5dbc2e889..96c1d523b7 100644
#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && \
(LIBRESSL_VERSION_NUMBER <= 0x2070200fL)
/*
@@ -951,14 +954,14 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -955,14 +958,14 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
key->keydata.pkey = pkey;
pkey = NULL;
@ -430,7 +432,7 @@ index d5dbc2e889..96c1d523b7 100644
if (dh != NULL) {
DH_free(dh);
}
@@ -975,7 +978,7 @@ err:
@@ -979,7 +982,7 @@ err:
if (bld != NULL) {
OSSL_PARAM_BLD_free(bld);
}
@ -439,7 +441,7 @@ index d5dbc2e889..96c1d523b7 100644
if (p != NULL) {
BN_free(p);
}
@@ -991,13 +994,13 @@ err:
@@ -995,13 +998,13 @@ err:
static isc_result_t
openssldh_tofile(const dst_key_t *key, const char *directory) {
@ -455,7 +457,7 @@ index d5dbc2e889..96c1d523b7 100644
dst_private_t priv;
unsigned char *bufs[4] = { NULL };
unsigned short i = 0;
@@ -1007,7 +1010,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
@@ -1011,7 +1014,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
return (DST_R_EXTERNALKEY);
}
@ -464,7 +466,7 @@ index d5dbc2e889..96c1d523b7 100644
if (key->keydata.dh == NULL) {
return (DST_R_NULLKEY);
}
@@ -1025,7 +1028,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
@@ -1029,7 +1032,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_G, &g);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key);
@ -473,7 +475,7 @@ index d5dbc2e889..96c1d523b7 100644
priv.elements[i].tag = TAG_DH_PRIME;
priv.elements[i].length = BN_num_bytes(p);
@@ -1065,7 +1068,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
@@ -1069,7 +1072,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
}
}
@ -482,7 +484,7 @@ index d5dbc2e889..96c1d523b7 100644
if (p != NULL) {
BN_free(p);
}
@@ -1078,7 +1081,8 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
@@ -1082,7 +1085,8 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
if (priv_key != NULL) {
BN_clear_free(priv_key);
}
@ -492,7 +494,7 @@ index d5dbc2e889..96c1d523b7 100644
return (result);
}
@@ -1088,14 +1092,14 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1092,14 +1096,14 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t ret;
int i;
@ -509,7 +511,7 @@ index d5dbc2e889..96c1d523b7 100644
BIGNUM *pub_key = NULL, *priv_key = NULL, *p = NULL, *g = NULL;
int key_size = 0;
isc_mem_t *mctx;
@@ -1113,7 +1117,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1117,7 +1121,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
DST_RET(DST_R_EXTERNALKEY);
}
@ -518,7 +520,7 @@ index d5dbc2e889..96c1d523b7 100644
dh = DH_new();
if (dh == NULL) {
DST_RET(ISC_R_NOMEMORY);
@@ -1128,7 +1132,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1132,7 +1136,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
if (ctx == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
@ -527,7 +529,7 @@ index d5dbc2e889..96c1d523b7 100644
for (i = 0; i < priv.nelements; i++) {
BIGNUM *bn;
@@ -1155,7 +1159,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1159,7 +1163,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
}
@ -536,7 +538,7 @@ index d5dbc2e889..96c1d523b7 100644
if (DH_set0_key(dh, pub_key, priv_key) != 1) {
DST_RET(dst__openssl_toresult2("DH_set0_key",
DST_R_OPENSSLFAILURE));
@@ -1202,13 +1206,13 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1206,13 +1210,13 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
key->keydata.pkey = pkey;
pkey = NULL;
@ -552,7 +554,7 @@ index d5dbc2e889..96c1d523b7 100644
if (dh != NULL) {
DH_free(dh);
}
@@ -1225,7 +1229,7 @@ err:
@@ -1229,7 +1233,7 @@ err:
if (bld != NULL) {
OSSL_PARAM_BLD_free(bld);
}
@ -562,7 +564,7 @@ index d5dbc2e889..96c1d523b7 100644
BN_free(p);
}
diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index 519e88b7e7..04f0d80b5e 100644
index 519e88b..04f0d80 100644
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -17,14 +17,14 @@
@ -1045,7 +1047,7 @@ index 519e88b7e7..04f0d80b5e 100644
key->keydata.generic = NULL;
}
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index fc905b7d60..867b486a2f 100644
index fc905b7..867b486 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -18,7 +18,7 @@
@ -1550,5 +1552,5 @@ index fc905b7d60..867b486a2f 100644
RSA_free(rsa);
}
--
2.37.2
2.37.3

View File

@ -62,8 +62,8 @@ Conflicts: %1 \
Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
Name: bind
License: MPLv2.0
Version: 9.18.6
Release: 4%{?dist}
Version: 9.18.7
Release: 1%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -954,6 +954,9 @@ fi;
%endif
%changelog
* Wed Sep 21 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.7-1
- Update to 9.18.7 (#2128609)
* Wed Sep 14 2022 Petr Menšík <pemensik@redhat.com> - 32:9.18.6-4
- Disable yet another test (##2122010)

View File

@ -1,2 +1,2 @@
SHA512 (bind-9.18.6.tar.xz) = 6b31eb56cf25b2cb1d8af0f76f9cac0e0985c78cbe3ba80164d773cb0bf77116dd98b5c4b84e3c74fd35b5da501ee6ba2dc0fae12267104edde2cb2daa1e1ba7
SHA512 (bind-9.18.6.tar.xz.asc) = 13629b56acb02ca1fe861e6a17e949fee276de83624d972174893e48cc5de650a2a0081262e5e0d6913360861e2c91fed6b808ed8ae702e5cb2e2380eacf163b
SHA512 (bind-9.18.7.tar.xz) = 2cdceb4125b8759f5225296c6ffecdbb895b0a27dfcfcd98b04b9ad78552d16c16b0452fb823dc47d11cec21d2c6ecb05a107dd3094f8e7419bb9717d68820c5
SHA512 (bind-9.18.7.tar.xz.asc) = 40030c2259858f1ba7ce4fbcd523025631ed78687ca87863d0f0bcd0fd530d96052e0601808ffa37e59d574a9a9c84bb2ededc66f730b9eaf560a00a6ef29c48