rpms
/
bind9-next
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adjust patches

This commit is contained in:
Petr Menšík 2022-09-23 11:45:28 +02:00
parent f2a78175be
commit d31af5c89a
2 changed files with 66 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
bind-9.18-pkcs11-engine-compat-api.patch
View File

@ -1,4 +1,4 @@
From 074f65dcd9acb766d45462515847988fd239e7db Mon Sep 17 00:00:00 2001
From 512fd1734e4204288edfe9fb28eda74aa70b8aa9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Thu, 8 Sep 2022 17:19:20 +0200
Subject: [PATCH] Do not use OSSL_PARAM when engine API is compiled
@ -10,13 +10,13 @@ Allow switching to OpenSSL 1.1 like calls even on OpenSSL 3.0 when
OPENSSL_API_COMPAT=10100 is defined. It would still compile and allow
working keys loading from the engine passed on command line.
---
lib/dns/openssldh_link.c | 136 +++++++++++++++++++-----------------
lib/dns/opensslecdsa_link.c | 119 +++++++++++++++----------------
lib/dns/openssldh_link.c | 134 ++++++++++++++++++------------------
lib/dns/opensslecdsa_link.c | 119 ++++++++++++++++----------------
lib/dns/opensslrsa_link.c | 118 +++++++++++++++----------------
3 files changed, 189 insertions(+), 184 deletions(-)
3 files changed, 187 insertions(+), 184 deletions(-)
diff --git a/lib/dns/openssldh_link.c b/lib/dns/openssldh_link.c
index e76cfbe..cc7c1cc 100644
index f063160..f775c48 100644
--- a/lib/dns/openssldh_link.c
+++ b/lib/dns/openssldh_link.c
@@ -91,7 +91,7 @@ static BIGNUM *bn2 = NULL, *bn768 = NULL, *bn1024 = NULL, *bn1536 = NULL;
@ -68,16 +68,16 @@ index e76cfbe..cc7c1cc 100644
isc_buffer_add(secret, (unsigned int)secret_len);
@@ -165,7 +165,7 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
@@ -166,7 +166,7 @@ openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
static bool
openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
bool ret = true;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
DH *dh1, *dh2;
const BIGNUM *pub_key1 = NULL, *pub_key2 = NULL;
const BIGNUM *priv_key1 = NULL, *priv_key2 = NULL;
@@ -175,9 +175,9 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
@@ -176,9 +176,9 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
BIGNUM *pub_key1 = NULL, *pub_key2 = NULL;
BIGNUM *priv_key1 = NULL, *priv_key2 = NULL;
BIGNUM *p1 = NULL, *g1 = NULL, *p2 = NULL, *g2 = NULL;
@ -89,7 +89,7 @@ index e76cfbe..cc7c1cc 100644
dh1 = key1->keydata.dh;
dh2 = key2->keydata.dh;
@@ -209,7 +209,7 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
@@ -210,7 +210,7 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_PUB_KEY, &pub_key2);
EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key1);
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key2);
@ -99,27 +99,27 @@ index e76cfbe..cc7c1cc 100644
if (BN_cmp(p1, p2) != 0 || BN_cmp(g1, g2) != 0 ||
BN_cmp(pub_key1, pub_key2) != 0)
@@ -226,7 +226,7 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
}
}
err:
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
if (p1 != NULL) {
BN_free(p1);
}
@@ -251,22 +251,23 @@ openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
@@ -251,7 +251,7 @@ err:
if (priv_key2 != NULL) {
BN_clear_free(priv_key2);
}
-#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 \
+ */
+#endif // OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
return (true);
return (ret);
}
@@ -259,15 +259,15 @@ err:
static bool
openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
bool ret = true;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
DH *dh1, *dh2;
@ -128,38 +128,38 @@ index e76cfbe..cc7c1cc 100644
EVP_PKEY *pkey1, *pkey2;
BIGNUM *p1 = NULL, *g1 = NULL, *p2 = NULL, *g2 = NULL;
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
+#endif // OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
dh1 = key1->keydata.dh;
dh2 = key2->keydata.dh;
@@ -292,13 +293,13 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
@@ -293,14 +293,14 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_FFC_P, &p2);
EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_FFC_G, &g1);
EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_FFC_G, &g2);
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
+#endif // OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
if (BN_cmp(p1, p2) != 0 || BN_cmp(g1, g2) != 0) {
return (false);
DST_RET(false);
}
err:
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
if (p1 != NULL) {
BN_free(p1);
}
@@ -311,12 +312,13 @@ openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
@@ -313,12 +313,12 @@ err:
if (g2 != NULL) {
BN_free(g2);
}
-#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 \
+ */
+#endif // OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
return (true);
return (ret);
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
@ -167,7 +167,7 @@ index e76cfbe..cc7c1cc 100644
static int
progress_cb(int p, int n, BN_GENCB *cb) {
union {
@@ -347,7 +349,7 @@ progress_cb(EVP_PKEY_CTX *ctx) {
@@ -349,7 +349,7 @@ progress_cb(EVP_PKEY_CTX *ctx) {
}
return (1);
}
@ -176,7 +176,7 @@ index e76cfbe..cc7c1cc 100644
static isc_result_t
openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -357,7 +359,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -359,7 +359,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
void (*fptr)(int);
} u;
BIGNUM *p = NULL, *g = NULL;
@ -185,7 +185,7 @@ index e76cfbe..cc7c1cc 100644
DH *dh = NULL;
BN_GENCB *cb = NULL;
#if !HAVE_BN_GENCB_NEW
@@ -370,9 +372,9 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -372,9 +372,9 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *param_pkey = NULL;
EVP_PKEY *pkey = NULL;
@ -197,7 +197,7 @@ index e76cfbe..cc7c1cc 100644
dh = DH_new();
if (dh == NULL) {
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
@@ -386,7 +388,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -388,7 +388,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
if (param_ctx == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
@ -206,7 +206,7 @@ index e76cfbe..cc7c1cc 100644
if (generator == 0) {
/*
@@ -406,7 +408,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -408,7 +408,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
if (p == NULL || g == NULL) {
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
}
@ -215,7 +215,7 @@ index e76cfbe..cc7c1cc 100644
if (DH_set0_pqg(dh, p, NULL, g) != 1) {
DST_RET(dst__openssl_toresult2(
"DH_set0_pqg", DST_R_OPENSSLFAILURE));
@@ -430,7 +432,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -432,7 +432,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
DST_R_OPENSSLFAILURE));
}
params = OSSL_PARAM_BLD_to_param(bld);
@ -224,7 +224,7 @@ index e76cfbe..cc7c1cc 100644
} else {
/*
@@ -443,7 +445,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -445,7 +445,7 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
}
if (generator != 0) {
@ -233,7 +233,7 @@ index e76cfbe..cc7c1cc 100644
if (callback != NULL) {
cb = BN_GENCB_new();
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
@@ -484,10 +486,10 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -486,10 +486,10 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
DST_R_OPENSSLFAILURE));
}
params = OSSL_PARAM_BLD_to_param(bld);
@ -246,7 +246,7 @@ index e76cfbe..cc7c1cc 100644
if (DH_generate_key(dh) == 0) {
DST_RET(dst__openssl_toresult2("DH_generate_key",
DST_R_OPENSSLFAILURE));
@@ -554,12 +556,12 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
@@ -556,12 +556,12 @@ openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
key->keydata.pkey = pkey;
pkey = NULL;
@ -261,7 +261,7 @@ index e76cfbe..cc7c1cc 100644
if (dh != NULL) {
DH_free(dh);
}
@@ -591,14 +593,14 @@ err:
@@ -593,14 +593,14 @@ err:
if (g != NULL) {
BN_free(g);
}
@ -278,7 +278,7 @@ index e76cfbe..cc7c1cc 100644
DH *dh = key->keydata.dh;
const BIGNUM *priv_key = NULL;
@@ -623,12 +625,12 @@ openssldh_isprivate(const dst_key_t *key) {
@@ -625,12 +625,12 @@ openssldh_isprivate(const dst_key_t *key) {
}
return (ret);
@ -293,7 +293,7 @@ index e76cfbe..cc7c1cc 100644
DH *dh = key->keydata.dh;
if (dh == NULL) {
@@ -646,7 +648,7 @@ openssldh_destroy(dst_key_t *key) {
@@ -648,7 +648,7 @@ openssldh_destroy(dst_key_t *key) {
EVP_PKEY_free(pkey);
key->keydata.pkey = NULL;
@ -302,10 +302,10 @@ index e76cfbe..cc7c1cc 100644
}
static void
@@ -672,17 +674,17 @@ uint16_fromregion(isc_region_t *region) {
@@ -675,17 +675,17 @@ uint16_fromregion(isc_region_t *region) {
static isc_result_t
openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret = ISC_R_SUCCESS;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
DH *dh;
@ -314,7 +314,7 @@ index e76cfbe..cc7c1cc 100644
EVP_PKEY *pkey;
BIGNUM *pub_key = NULL, *p = NULL, *g = NULL;
-#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */
+#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */
+#endif // OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000
isc_region_t r;
uint16_t dnslen, plen, glen, publen;
@ -323,7 +323,7 @@ index e76cfbe..cc7c1cc 100644
REQUIRE(key->keydata.dh != NULL);
dh = key->keydata.dh;
@@ -695,7 +697,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -698,7 +698,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_P, &p);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_G, &g);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);
@ -332,16 +332,16 @@ index e76cfbe..cc7c1cc 100644
isc_buffer_availableregion(data, &r);
@@ -742,7 +744,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -746,7 +746,7 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_buffer_add(data, dnslen);
err:
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000
if (p != NULL) {
BN_free(p);
}
@@ -752,7 +754,8 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -756,7 +756,8 @@ err:
if (pub_key != NULL) {
BN_free(pub_key);
}
@ -349,9 +349,9 @@ index e76cfbe..cc7c1cc 100644
+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 \
+ */
return (ISC_R_SUCCESS);
return (ret);
}
@@ -760,14 +763,14 @@ openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
@@ -764,14 +765,14 @@ err:
static isc_result_t
openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
@ -368,7 +368,7 @@ index e76cfbe..cc7c1cc 100644
BIGNUM *pub_key = NULL, *p = NULL, *g = NULL;
int key_size;
isc_region_t r;
@@ -779,7 +782,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -783,7 +784,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
return (ISC_R_SUCCESS);
}
@ -377,7 +377,7 @@ index e76cfbe..cc7c1cc 100644
dh = DH_new();
if (dh == NULL) {
DST_RET(dst__openssl_toresult(ISC_R_NOMEMORY));
@@ -793,7 +796,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -797,7 +798,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
if (ctx == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
@ -386,7 +386,7 @@ index e76cfbe..cc7c1cc 100644
/*
* Read the prime length. 1 & 2 are table entries, > 16 means a
@@ -869,7 +872,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -873,7 +874,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
key_size = BN_num_bits(p);
@ -395,7 +395,7 @@ index e76cfbe..cc7c1cc 100644
if (DH_set0_pqg(dh, p, NULL, g) != 1) {
DST_RET(dst__openssl_toresult2("DH_set0_pqg",
DST_R_OPENSSLFAILURE));
@@ -885,7 +888,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -889,7 +890,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN",
DST_R_OPENSSLFAILURE));
}
@ -404,7 +404,7 @@ index e76cfbe..cc7c1cc 100644
if (r.length < 2) {
DST_RET(DST_R_INVALIDPUBLICKEY);
@@ -903,7 +906,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -907,7 +908,7 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_buffer_forward(data, plen + glen + publen + 6);
@ -413,7 +413,7 @@ index e76cfbe..cc7c1cc 100644
#if (LIBRESSL_VERSION_NUMBER >= 0x2070000fL) && \
(LIBRESSL_VERSION_NUMBER <= 0x2070200fL)
/*
@@ -947,14 +950,14 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
@@ -951,14 +952,14 @@ openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
key->keydata.pkey = pkey;
pkey = NULL;
@ -430,7 +430,7 @@ index e76cfbe..cc7c1cc 100644
if (dh != NULL) {
DH_free(dh);
}
@@ -971,7 +974,7 @@ err:
@@ -975,7 +976,7 @@ err:
if (bld != NULL) {
OSSL_PARAM_BLD_free(bld);
}
@ -439,7 +439,7 @@ index e76cfbe..cc7c1cc 100644
if (p != NULL) {
BN_free(p);
}
@@ -987,13 +990,13 @@ err:
@@ -991,13 +992,13 @@ err:
static isc_result_t
openssldh_tofile(const dst_key_t *key, const char *directory) {
@ -455,7 +455,7 @@ index e76cfbe..cc7c1cc 100644
dst_private_t priv;
unsigned char *bufs[4] = { NULL };
unsigned short i = 0;
@@ -1003,7 +1006,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
@@ -1007,7 +1008,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
return (DST_R_EXTERNALKEY);
}
@ -464,7 +464,7 @@ index e76cfbe..cc7c1cc 100644
if (key->keydata.dh == NULL) {
return (DST_R_NULLKEY);
}
@@ -1021,7 +1024,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
@@ -1025,7 +1026,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_G, &g);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &pub_key);
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv_key);
@ -473,7 +473,7 @@ index e76cfbe..cc7c1cc 100644
priv.elements[i].tag = TAG_DH_PRIME;
priv.elements[i].length = BN_num_bytes(p);
@@ -1061,7 +1064,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
@@ -1065,7 +1066,7 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
}
}
@ -482,7 +482,7 @@ index e76cfbe..cc7c1cc 100644
if (p != NULL) {
BN_free(p);
}
@@ -1074,7 +1077,8 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
@@ -1078,7 +1079,8 @@ openssldh_tofile(const dst_key_t *key, const char *directory) {
if (priv_key != NULL) {
BN_clear_free(priv_key);
}
@ -492,7 +492,7 @@ index e76cfbe..cc7c1cc 100644
return (result);
}
@@ -1084,14 +1088,14 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1088,14 +1090,14 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t ret;
int i;
@ -509,7 +509,7 @@ index e76cfbe..cc7c1cc 100644
BIGNUM *pub_key = NULL, *priv_key = NULL, *p = NULL, *g = NULL;
int key_size = 0;
isc_mem_t *mctx;
@@ -1109,7 +1113,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1113,7 +1115,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
DST_RET(DST_R_EXTERNALKEY);
}
@ -518,7 +518,7 @@ index e76cfbe..cc7c1cc 100644
dh = DH_new();
if (dh == NULL) {
DST_RET(ISC_R_NOMEMORY);
@@ -1123,7 +1127,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1127,7 +1129,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
if (ctx == NULL) {
DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
@ -527,7 +527,7 @@ index e76cfbe..cc7c1cc 100644
for (i = 0; i < priv.nelements; i++) {
BIGNUM *bn;
@@ -1150,7 +1154,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1154,7 +1156,7 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
}
}
@ -536,7 +536,7 @@ index e76cfbe..cc7c1cc 100644
if (DH_set0_key(dh, pub_key, priv_key) != 1) {
DST_RET(dst__openssl_toresult2("DH_set0_key",
DST_R_OPENSSLFAILURE));
@@ -1197,13 +1201,13 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
@@ -1201,13 +1203,13 @@ openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
key->keydata.pkey = pkey;
pkey = NULL;
@ -552,7 +552,7 @@ index e76cfbe..cc7c1cc 100644
if (dh != NULL) {
DH_free(dh);
}
@@ -1220,7 +1224,7 @@ err:
@@ -1224,7 +1226,7 @@ err:
if (bld != NULL) {
OSSL_PARAM_BLD_free(bld);
}
@ -1550,5 +1550,5 @@ index 2e03a2f..50d0d63 100644
RSA_free(rsa);
}
--
2.37.2
2.37.3

4
bind9-next.spec
View File

@ -111,7 +111,9 @@ Patch23: bind-9.18-pkcs11-engine-init.patch
Patch24: bind-9.18-pkcs11-engine-compat-api.patch
Patch25: bind-9.18-pkcs11-engine-remove-deadcode.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2122010
Patch26: bind-9.18-unittest-netmgr-unstable.patch
# Since 9.19.5 it does not apply and has not simple backport
# option
#Patch26: bind-9.18-unittest-netmgr-unstable.patch
%{?systemd_ordering}
Requires: coreutils