rpms/bind9-next
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adjust patches

Browse Source
This commit is contained in:
Petr Menšík 2022-09-14 21:21:24 +02:00
parent 40707d700e
commit 133078a09b
3 changed files with 79 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
bind-9.18-pkcs11-engine-compat-api.patch
View File

@ -1,7 +1,7 @@
From 561356ec1d46abb939e4eed10ee2c9e639eb88db Mon Sep 17 00:00:00 2001
From 074f65dcd9acb766d45462515847988fd239e7db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 8 Sep 2022 17:19:20 +0200
Subject: [PATCH 2/3] Do not use OSSL_PARAM when engine API is compiled
Subject: [PATCH] Do not use OSSL_PARAM when engine API is compiled
OpenSSL has deprecated many things in version 3.0. If pkcs11 engine
should work then no builder from OpenSSL 3.0 API can be used.
@ -16,7 +16,7 @@ working keys loading from the engine passed on command line.
3 files changed, 189 insertions(+), 184 deletions(-)
diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c
index d5dbc2e889..96c1d523b7 100644
index e76cfbe..cc7c1cc 100644
--- a/lib/dns/openssldh_link.c
+++ b/lib/dns/openssldh_link.c
@@ -91,7 +91,7 @@ static BIGNUM *bn2 = NULL, *bn768 = NULL, *bn1024 = NULL, *bn1536 = NULL;
@ -230,10 +230,10 @@ index d5dbc2e889..96c1d523b7 100644
if (generator != 0) {
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
cb = BN_GENCB_new();
if (callback != NULL) {
cb = BN_GENCB_new();
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
if (cb == NULL) {
@@ -486,10 +488,10 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -484,10 +486,10 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
DST_R_OPENSSLFAILURE));
}
params = OSSL_PARAM_BLD_to_param(bld);
@ -246,7 +246,7 @@ index d5dbc2e889..96c1d523b7 100644
if (DH_generate_key(dh) == 0) {
DST_RET(dst__openssl_toresult2("DH_generate_key",
DST_R_OPENSSLFAILURE));
@@ -557,12 +559,12 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -554,12 +556,12 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
key->keydata.pkey = pkey;
pkey = NULL;
@ -261,7 +261,7 @@ index d5dbc2e889..96c1d523b7 100644
if (dh != NULL) {
DH_free(dh);
}
@@ -594,14 +596,14 @@ err:
@@ -591,14 +593,14 @@ err:
if (g != NULL) {
BN_free(g);
}
@ -278,7 +278,7 @@ index d5dbc2e889..96c1d523b7 100644
DH *dh = key->keydata.dh;
const BIGNUM *priv_key = NULL;
@@ -626,12 +628,12 @@ openssldh_isprivate(const dst_key_t *key) {
@@ -623,12 +625,12 @@ openssldh_isprivate(const dst_key_t *key) {
}
return (ret);
@ -293,7 +293,7 @@ index d5dbc2e889..96c1d523b7 100644
DH *dh = key->keydata.dh;
if (dh == NULL) {
@@ -649,7 +651,7 @@ openssldh_destroy(dst_key_t *key) {
@@ -646,7 +648,7 @@ openssldh_destroy(dst_key_t *key) {
EVP_PKEY_free(pkey);
key->keydata.pkey = NULL;
@ -302,7 +302,7 @@ index d5dbc2e889..96c1d523b7 100644
}
static void
@@ -675,17 +677,17 @@ uint16_fromregion(isc_region_t *region) {
@@ -672,17 +674,17 @@ uint16_fromregion(isc_region_t *region) {
static isc_result_t
openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
@ -323,7 +323,7 @@ index d5dbc2e889..96c1d523b7 100644
REQUIRE(key->keydata.dh != NULL);
dh = key->keydata.dh;
@@ -698,7 +700,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -695,7 +697,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_P, &p);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_G, &g);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);
@ -332,7 +332,7 @@ index d5dbc2e889..96c1d523b7 100644
isc_buffer_availableregion(data, &r);
@@ -745,7 +747,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -742,7 +744,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_buffer_add(data, dnslen);
@ -341,7 +341,7 @@ index d5dbc2e889..96c1d523b7 100644
if (p != NULL) {
BN_free(p);
}
@@ -755,7 +757,8 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -752,7 +754,8 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
if (pub_key != NULL) {
BN_free(pub_key);
}
@ -351,7 +351,7 @@ index d5dbc2e889..96c1d523b7 100644
return (ISC_R_SUCCESS);
}
@@ -763,14 +766,14 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -760,14 +763,14 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
static isc_result_t
openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
@ -368,7 +368,7 @@ index d5dbc2e889..96c1d523b7 100644
BIGNUM *pub_key = NULL, *p = NULL, *g = NULL;
int key_size;
isc_region_t r;
@@ -782,7 +785,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -779,7 +782,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
return (ISC_R_SUCCESS);
}
@ -377,7 +377,7 @@ index d5dbc2e889..96c1d523b7 100644
dh = DH_new();
if (dh == NULL) {
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
@@ -797,7 +800,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -793,7 +796,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
if (ctx == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
@ -386,7 +386,7 @@ index d5dbc2e889..96c1d523b7 100644
/*
* Read the prime length. 1 & 2 are table entries, > 16 means a
@@ -873,7 +876,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -869,7 +872,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
key_size = BN_num_bits(p);
@ -395,7 +395,7 @@ index d5dbc2e889..96c1d523b7 100644
if (DH_set0_pqg(dh, p, NULL, g) != 1) {
DST_RET(dst__openssl_toresult2("DH_set0_pqg",
DST_R_OPENSSLFAILURE));
@@ -889,7 +892,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -885,7 +888,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
DST_R_OPENSSLFAILURE));
}
@ -404,7 +404,7 @@ index d5dbc2e889..96c1d523b7 100644
if (r.length < 2) {
DST_RET(DST_R_INVALIDPUBLICKEY);
@@ -907,7 +910,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -903,7 +906,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_buffer_forward(data, plen + glen + publen + 6);
@ -413,7 +413,7 @@ index d5dbc2e889..96c1d523b7 100644
#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && \
(LIBRESSL_VERSION_NUMBER <= 0x2070200fL)
/*
@@ -951,14 +954,14 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -947,14 +950,14 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
key->keydata.pkey = pkey;
pkey = NULL;
@ -430,7 +430,7 @@ index d5dbc2e889..96c1d523b7 100644
if (dh != NULL) {
DH_free(dh);
}
@@ -975,7 +978,7 @@ err:
@@ -971,7 +974,7 @@ err:
if (bld != NULL) {
OSSL_PARAM_BLD_free(bld);
}
@ -439,7 +439,7 @@ index d5dbc2e889..96c1d523b7 100644
if (p != NULL) {
BN_free(p);
}
@@ -991,13 +994,13 @@ err:
@@ -987,13 +990,13 @@ err:
static isc_result_t
openssldh_tofile(const dst_key_t *key, const char *directory) {
@ -455,7 +455,7 @@ index d5dbc2e889..96c1d523b7 100644
dst_private_t priv;
unsigned char *bufs[4] = { NULL };
unsigned short i = 0;
@@ -1007,7 +1010,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
@@ -1003,7 +1006,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
return (DST_R_EXTERNALKEY);
}
@ -464,7 +464,7 @@ index d5dbc2e889..96c1d523b7 100644
if (key->keydata.dh == NULL) {
return (DST_R_NULLKEY);
}
@@ -1025,7 +1028,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
@@ -1021,7 +1024,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_G, &g);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key);
@ -473,7 +473,7 @@ index d5dbc2e889..96c1d523b7 100644
priv.elements[i].tag = TAG_DH_PRIME;
priv.elements[i].length = BN_num_bytes(p);
@@ -1065,7 +1068,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
@@ -1061,7 +1064,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
}
}
@ -482,7 +482,7 @@ index d5dbc2e889..96c1d523b7 100644
if (p != NULL) {
BN_free(p);
}
@@ -1078,7 +1081,8 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
@@ -1074,7 +1077,8 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
if (priv_key != NULL) {
BN_clear_free(priv_key);
}
@ -492,7 +492,7 @@ index d5dbc2e889..96c1d523b7 100644
return (result);
}
@@ -1088,14 +1092,14 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1084,14 +1088,14 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t ret;
int i;
@ -509,7 +509,7 @@ index d5dbc2e889..96c1d523b7 100644
BIGNUM *pub_key = NULL, *priv_key = NULL, *p = NULL, *g = NULL;
int key_size = 0;
isc_mem_t *mctx;
@@ -1113,7 +1117,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1109,7 +1113,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
DST_RET(DST_R_EXTERNALKEY);
}
@ -518,7 +518,7 @@ index d5dbc2e889..96c1d523b7 100644
dh = DH_new();
if (dh == NULL) {
DST_RET(ISC_R_NOMEMORY);
@@ -1128,7 +1132,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1123,7 +1127,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
if (ctx == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
@ -527,7 +527,7 @@ index d5dbc2e889..96c1d523b7 100644
for (i = 0; i < priv.nelements; i++) {
BIGNUM *bn;
@@ -1155,7 +1159,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1150,7 +1154,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
}
@ -536,7 +536,7 @@ index d5dbc2e889..96c1d523b7 100644
if (DH_set0_key(dh, pub_key, priv_key) != 1) {
DST_RET(dst__openssl_toresult2("DH_set0_key",
DST_R_OPENSSLFAILURE));
@@ -1202,13 +1206,13 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1197,13 +1201,13 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
key->keydata.pkey = pkey;
pkey = NULL;
@ -552,7 +552,7 @@ index d5dbc2e889..96c1d523b7 100644
if (dh != NULL) {
DH_free(dh);
}
@@ -1225,7 +1229,7 @@ err:
@@ -1220,7 +1224,7 @@ err:
if (bld != NULL) {
OSSL_PARAM_BLD_free(bld);
}
@ -562,7 +562,7 @@ index d5dbc2e889..96c1d523b7 100644
BN_free(p);
}
diff --git a/lib/dns/opensslecdsa_link.c b/lib/dns/opensslecdsa_link.c
index 519e88b7e7..04f0d80b5e 100644
index 519e88b..04f0d80 100644
--- a/lib/dns/opensslecdsa_link.c
+++ b/lib/dns/opensslecdsa_link.c
@@ -17,14 +17,14 @@
@ -1045,7 +1045,7 @@ index 519e88b7e7..04f0d80b5e 100644
key->keydata.generic = NULL;
}
diff --git a/lib/dns/opensslrsa_link.c b/lib/dns/opensslrsa_link.c
index fc905b7d60..867b486a2f 100644
index 2e03a2f..50d0d63 100644
--- a/lib/dns/opensslrsa_link.c
+++ b/lib/dns/opensslrsa_link.c
@@ -18,7 +18,7 @@
@ -1203,7 +1203,7 @@ index fc905b7d60..867b486a2f 100644
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
if (e == NULL || rsa == NULL || pkey == NULL || cb == NULL) {
if (e == NULL || rsa == NULL || pkey == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
@@ -398,7 +398,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
@ -1224,7 +1224,7 @@ index fc905b7d60..867b486a2f 100644
if (EVP_PKEY_set1_RSA(pkey, rsa) != 1) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
@@ -476,7 +476,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
@@ -481,7 +481,7 @@ opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen",
DST_R_OPENSSLFAILURE));
}
@ -1233,7 +1233,7 @@ index fc905b7d60..867b486a2f 100644
key->keydata.pkey = pkey;
pkey = NULL;
@@ -486,7 +486,7 @@ err:
@@ -491,7 +491,7 @@ err:
if (pkey != NULL) {
EVP_PKEY_free(pkey);
}
@ -1242,7 +1242,7 @@ index fc905b7d60..867b486a2f 100644
if (rsa != NULL) {
RSA_free(rsa);
}
@@ -497,7 +497,7 @@ err:
@@ -502,7 +502,7 @@ err:
if (ctx != NULL) {
EVP_PKEY_CTX_free(ctx);
}
@ -1251,7 +1251,7 @@ index fc905b7d60..867b486a2f 100644
if (e != NULL) {
BN_free(e);
}
@@ -508,12 +508,12 @@ static bool
@@ -513,12 +513,12 @@ static bool
opensslrsa_isprivate(const dst_key_t *key) {
bool ret;
EVP_PKEY *pkey;
@ -1266,7 +1266,7 @@ index fc905b7d60..867b486a2f 100644
REQUIRE(key->key_alg == DST_ALG_RSASHA1 ||
key->key_alg == DST_ALG_NSEC3RSASHA1 ||
@@ -525,7 +525,7 @@ opensslrsa_isprivate(const dst_key_t *key) {
@@ -530,7 +530,7 @@ opensslrsa_isprivate(const dst_key_t *key) {
return (false);
}
@ -1275,7 +1275,7 @@ index fc905b7d60..867b486a2f 100644
rsa = EVP_PKEY_get1_RSA(pkey);
INSIST(rsa != NULL);
@@ -542,7 +542,7 @@ opensslrsa_isprivate(const dst_key_t *key) {
@@ -547,7 +547,7 @@ opensslrsa_isprivate(const dst_key_t *key) {
if (d != NULL) {
BN_clear_free(d);
}
@ -1284,7 +1284,7 @@ index fc905b7d60..867b486a2f 100644
return (ret);
}
@@ -564,19 +564,19 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -569,19 +569,19 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
unsigned int mod_bytes;
isc_result_t ret;
EVP_PKEY *pkey;
@ -1307,7 +1307,7 @@ index fc905b7d60..867b486a2f 100644
rsa = EVP_PKEY_get1_RSA(pkey);
if (rsa == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
@@ -588,7 +588,7 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -593,7 +593,7 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
if (e == NULL || n == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
@ -1316,7 +1316,7 @@ index fc905b7d60..867b486a2f 100644
mod_bytes = BN_num_bytes(n);
e_bytes = BN_num_bytes(e);
@@ -621,7 +621,7 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -626,7 +626,7 @@ opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
ret = ISC_R_SUCCESS;
err:
@ -1325,7 +1325,7 @@ index fc905b7d60..867b486a2f 100644
if (rsa != NULL) {
RSA_free(rsa);
}
@@ -632,7 +632,7 @@ err:
@@ -637,7 +637,7 @@ err:
if (n != NULL) {
BN_free(n);
}
@ -1334,7 +1334,7 @@ index fc905b7d60..867b486a2f 100644
return (ret);
}
@@ -643,13 +643,13 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -648,13 +648,13 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_region_t r;
unsigned int e_bytes;
unsigned int length;
@ -1350,7 +1350,7 @@ index fc905b7d60..867b486a2f 100644
EVP_PKEY *pkey = NULL;
BIGNUM *e = NULL, *n = NULL;
@@ -691,7 +691,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -696,7 +696,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_buffer_forward(data, length);
@ -1359,7 +1359,7 @@ index fc905b7d60..867b486a2f 100644
rsa = RSA_new();
if (rsa == NULL) {
DST_RET(dst__openssl_toresult2("RSA_new",
@@ -749,7 +749,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -754,7 +754,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
DST_RET(dst__openssl_toresult2("EVP_PKEY_fromdata",
DST_R_OPENSSLFAILURE));
}
@ -1368,7 +1368,7 @@ index fc905b7d60..867b486a2f 100644
key->keydata.pkey = pkey;
pkey = NULL;
@@ -757,7 +757,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -762,7 +762,7 @@ opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
err:
@ -1377,7 +1377,7 @@ index fc905b7d60..867b486a2f 100644
if (rsa != NULL) {
RSA_free(rsa);
}
@@ -771,7 +771,7 @@ err:
@@ -776,7 +776,7 @@ err:
if (bld != NULL) {
OSSL_PARAM_BLD_free(bld);
}
@ -1386,7 +1386,7 @@ index fc905b7d60..867b486a2f 100644
if (n != NULL) {
BN_free(n);
}
@@ -792,7 +792,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
@@ -797,7 +797,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
unsigned char *bufs[8] = { NULL };
unsigned short i = 0;
EVP_PKEY *pkey;
@ -1395,7 +1395,7 @@ index fc905b7d60..867b486a2f 100644
RSA *rsa = NULL;
const BIGNUM *n = NULL, *e = NULL, *d = NULL;
const BIGNUM *p = NULL, *q = NULL;
@@ -801,7 +801,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
@@ -806,7 +806,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
BIGNUM *n = NULL, *e = NULL, *d = NULL;
BIGNUM *p = NULL, *q = NULL;
BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
@ -1404,7 +1404,7 @@ index fc905b7d60..867b486a2f 100644
if (key->keydata.pkey == NULL) {
DST_RET(DST_R_NULLKEY);
@@ -812,7 +812,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
@@ -817,7 +817,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
}
pkey = key->keydata.pkey;
@ -1413,7 +1413,7 @@ index fc905b7d60..867b486a2f 100644
rsa = EVP_PKEY_get1_RSA(pkey);
if (rsa == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
@@ -829,7 +829,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
@@ -834,7 +834,7 @@ opensslrsa_tofile(const dst_key_t *key, const char *directory) {
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &dmp1);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &dmq1);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &iqmp);
@ -1422,7 +1422,7 @@ index fc905b7d60..867b486a2f 100644
if (n == NULL || e == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
@@ -935,7 +935,7 @@ err:
@@ -940,7 +940,7 @@ err:
priv.elements[i].length);
}
}
@ -1431,7 +1431,7 @@ index fc905b7d60..867b486a2f 100644
RSA_free(rsa);
#else
if (n != NULL) {
@@ -962,12 +962,12 @@ err:
@@ -967,12 +967,12 @@ err:
if (iqmp != NULL) {
BN_clear_free(iqmp);
}
@ -1446,7 +1446,7 @@ index fc905b7d60..867b486a2f 100644
static isc_result_t
rsa_check(RSA *rsa, RSA *pub) {
const BIGNUM *n1 = NULL, *n2 = NULL;
@@ -1079,14 +1079,14 @@ err:
@@ -1084,14 +1084,14 @@ err:
return (ret);
}
@ -1463,7 +1463,7 @@ index fc905b7d60..867b486a2f 100644
RSA *rsa = NULL, *pubrsa = NULL;
const BIGNUM *ex = NULL;
#else
@@ -1094,7 +1094,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1099,7 +1099,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
OSSL_PARAM *params = NULL;
EVP_PKEY_CTX *ctx = NULL;
BIGNUM *ex = NULL;
@ -1472,7 +1472,7 @@ index fc905b7d60..867b486a2f 100644
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000
ENGINE *ep = NULL;
#endif /* if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 */
@@ -1126,11 +1126,11 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1131,11 +1131,11 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
DST_RET(ISC_R_SUCCESS);
}
@ -1486,7 +1486,7 @@ index fc905b7d60..867b486a2f 100644
for (i = 0; i < priv.nelements; i++) {
switch (priv.elements[i].tag) {
@@ -1249,7 +1249,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1254,7 +1254,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
}
@ -1495,7 +1495,7 @@ index fc905b7d60..867b486a2f 100644
rsa = RSA_new();
if (rsa == NULL) {
DST_RET(ISC_R_NOMEMORY);
@@ -1361,7 +1361,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1366,7 +1366,7 @@ opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
ISC_R_SUCCESS) {
DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY));
}
@ -1504,7 +1504,7 @@ index fc905b7d60..867b486a2f 100644
if (BN_num_bits(e) > RSA_MAX_PUBEXP_BITS) {
DST_RET(ISC_R_RANGE);
@@ -1375,7 +1375,7 @@ err:
@@ -1380,7 +1380,7 @@ err:
if (pkey != NULL) {
EVP_PKEY_free(pkey);
}
@ -1513,7 +1513,7 @@ index fc905b7d60..867b486a2f 100644
if (rsa != NULL) {
RSA_free(rsa);
}
@@ -1419,7 +1419,7 @@ err:
@@ -1424,7 +1424,7 @@ err:
if (iqmp != NULL) {
BN_clear_free(iqmp);
}
@ -1522,7 +1522,7 @@ index fc905b7d60..867b486a2f 100644
if (ret != ISC_R_SUCCESS) {
key->keydata.generic = NULL;
}
@@ -1643,7 +1643,7 @@ check_algorithm(unsigned char algorithm) {
@@ -1648,7 +1648,7 @@ check_algorithm(unsigned char algorithm) {
int status;
isc_result_t ret = ISC_R_SUCCESS;
size_t len;
@ -1531,7 +1531,7 @@ index fc905b7d60..867b486a2f 100644
RSA *rsa = NULL;
#else
OSSL_PARAM *params = NULL;
@@ -1689,7 +1689,7 @@ check_algorithm(unsigned char algorithm) {
@@ -1694,7 +1694,7 @@ check_algorithm(unsigned char algorithm) {
DST_RET(ISC_R_NOMEMORY);
}
@ -1540,7 +1540,7 @@ index fc905b7d60..867b486a2f 100644
rsa = RSA_new();
if (rsa == NULL) {
DST_RET(dst__openssl_toresult2("RSA_new",
@@ -1762,7 +1762,7 @@ check_algorithm(unsigned char algorithm) {
@@ -1767,7 +1767,7 @@ check_algorithm(unsigned char algorithm) {
err:
BN_free(e);
BN_free(n);

20
bind-9.18-unittest-netmgr-unstable.patch
View File

@ -1,4 +1,4 @@
From 0f3a398fe813189c5dd56b0367a72c7b3f19504b Mon Sep 17 00:00:00 2001
From 921fa0565e46a8e93ed9725972d40ffd76e4a0d2 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Wed, 14 Sep 2022 13:06:24 +0200
Subject: [PATCH] Disable some often failing tests
@ -11,10 +11,10 @@ often.
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/tests/isc/netmgr_test.c b/tests/isc/netmgr_test.c
index 94e4bf7..7f9629c 100644
index d4f002f..566cec8 100644
--- a/tests/isc/netmgr_test.c
+++ b/tests/isc/netmgr_test.c
@@ -1567,13 +1567,13 @@ stream_half_recv_half_send(void **state __attribute__((unused))) {
@@ -1568,13 +1568,13 @@ stream_half_recv_half_send(void **state __attribute__((unused))) {
/* TCP */
ISC_RUN_TEST_IMPL(tcp_noop) { stream_noop(state); }
@ -30,7 +30,7 @@ index 94e4bf7..7f9629c 100644
ISC_RUN_TEST_IMPL(tcp_recv_send) {
SKIP_IN_CI;
@@ -1623,6 +1623,7 @@ ISC_RUN_TEST_IMPL(tcp_recv_one_quota) {
@@ -1624,6 +1624,7 @@ ISC_RUN_TEST_IMPL(tcp_recv_one_quota) {
}
ISC_RUN_TEST_IMPL(tcp_recv_two_quota) {
@ -38,15 +38,15 @@ index 94e4bf7..7f9629c 100644
atomic_store(&check_listener_quota, true);
stream_recv_two(state);
}
@@ -1836,6 +1837,7 @@ ISC_RUN_TEST_IMPL(tcpdns_recv_two) {
@@ -1837,6 +1838,7 @@ ISC_RUN_TEST_IMPL(tcpdns_recv_two) {
isc_result_t result = ISC_R_SUCCESS;
isc_nmsocket_t *listen_sock = NULL;
+ SKIP_IN_CI;
atomic_store(&nsends, 2);
result = isc_nm_listentcpdns(listen_nm, &tcp_listen_addr,
@@ -2095,6 +2097,7 @@ ISC_RUN_TEST_IMPL(tls_recv_one) {
result = isc_nm_listentcpdns(
@@ -2096,6 +2098,7 @@ ISC_RUN_TEST_IMPL(tls_recv_one) {
}
ISC_RUN_TEST_IMPL(tls_recv_two) {
@ -54,7 +54,7 @@ index 94e4bf7..7f9629c 100644
stream_use_TLS = true;
stream_recv_two(state);
}
@@ -2160,6 +2163,7 @@ ISC_RUN_TEST_IMPL(tls_recv_one_quota) {
@@ -2161,6 +2164,7 @@ ISC_RUN_TEST_IMPL(tls_recv_one_quota) {
}
ISC_RUN_TEST_IMPL(tls_recv_two_quota) {
@ -62,14 +62,14 @@ index 94e4bf7..7f9629c 100644
stream_use_TLS = true;
atomic_store(&check_listener_quota, true);
stream_recv_two(state);
@@ -2395,6 +2399,7 @@ ISC_RUN_TEST_IMPL(tlsdns_recv_two) {
@@ -2398,6 +2402,7 @@ ISC_RUN_TEST_IMPL(tlsdns_recv_two) {
isc_result_t result = ISC_R_SUCCESS;
isc_nmsocket_t *listen_sock = NULL;
+ SKIP_IN_CI;
atomic_store(&nsends, 2);
result = isc_nm_listentlsdns(listen_nm, &tcp_listen_addr,
result = isc_nm_listentlsdns(listen_nm, ISC_NM_LISTEN_ALL,
--
2.37.2

3
bind9-next.spec
View File

@ -98,7 +98,8 @@ Source49: named-chroot.files
# FIXME: Is this still required?
Patch10: bind-9.5-PIE.patch
Patch16: bind-9.16-redhat_doc.patch
Patch22: bind-9.11-fips-tests.patch
# Later, many conflicts
#Patch22: bind-9.11-fips-tests.patch
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5385
# https://bugzilla.redhat.com/show_bug.cgi?id=2122841
Patch23: bind-9.18-pkcs11-engine-init.patch