Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
DISCONTINUED:openSUSE:11.1:Update
bind
dlv.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File dlv.diff of Package bind
diff -uNr bind-9.5.1-P1/lib/dns/openssldsa_link.c bind-9.5.1-P2/lib/dns/openssldsa_link.c --- bind-9.5.1-P1/lib/dns/openssldsa_link.c 2008-12-24 01:20:59.000000000 +0100 +++ bind-9.5.1-P2/lib/dns/openssldsa_link.c 2008-12-25 00:48:29.000000000 +0100 @@ -185,7 +185,7 @@ static isc_result_t openssldsa_generate(dst_key_t *key, int unused) { #if OPENSSL_VERSION_NUMBER > 0x00908000L - BN_GENCB cb; + BN_GENCB cb; #endif DSA *dsa; unsigned char rand_array[ISC_SHA1_DIGESTLENGTH]; @@ -199,12 +199,12 @@ return (result); #if OPENSSL_VERSION_NUMBER > 0x00908000L - dsa = DSA_new(); + dsa = DSA_new(); if (dsa == NULL) return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); BN_GENCB_set_old(&cb, NULL, NULL); - + if (!DSA_generate_parameters_ex(dsa, key->key_size, rand_array, ISC_SHA1_DIGESTLENGTH, NULL, NULL, &cb)) diff -uNr bind-9.5.1-P1/lib/dns/opensslrsa_link.c bind-9.5.1-P2/lib/dns/opensslrsa_link.c --- bind-9.5.1-P1/lib/dns/opensslrsa_link.c 2008-12-24 01:20:59.000000000 +0100 +++ bind-9.5.1-P2/lib/dns/opensslrsa_link.c 2008-12-25 00:48:29.000000000 +0100 @@ -50,7 +50,7 @@ #ifdef WIN32 #if !((OPENSSL_VERSION_NUMBER >= 0x009070cfL && \ OPENSSL_VERSION_NUMBER < 0x00908000L) || \ - OPENSSL_VERSION_NUMBER >= 0x0090804fL) + OPENSSL_VERSION_NUMBER >= 0x0090804fL) #error Please upgrade OpenSSL to 0.9.8d/0.9.7l or greater. #endif #endif diff -uNr bind-9.5.1-P1/lib/dns/validator.c bind-9.5.1-P2/lib/dns/validator.c --- bind-9.5.1-P1/lib/dns/validator.c 2008-11-15 00:46:41.000000000 +0100 +++ bind-9.5.1-P2/lib/dns/validator.c 2009-03-17 03:11:19.000000000 +0100 @@ -209,6 +209,37 @@ return (ISC_TRUE); } +/* + * Check that we have atleast one supported algorithm in the DLV RRset. + */ +static inline isc_boolean_t +dlv_algorithm_supported(dns_validator_t *val) { + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_dlv_t dlv; + isc_result_t result; + + for (result = dns_rdataset_first(&val->dlv); + result == ISC_R_SUCCESS; + result = dns_rdataset_next(&val->dlv)) { + dns_rdata_reset(&rdata); + dns_rdataset_current(&val->dlv, &rdata); + result = dns_rdata_tostruct(&rdata, &dlv, NULL); + RUNTIME_CHECK(result == ISC_R_SUCCESS); + + if (!dns_resolver_algorithm_supported(val->view->resolver, + val->event->name, + dlv.algorithm)) + continue; + + if (dlv.digest_type != DNS_DSDIGEST_SHA256 && + dlv.digest_type != DNS_DSDIGEST_SHA1) + continue; + + return (ISC_TRUE); + } + return (ISC_FALSE); +} + /*% * Look in the NSEC record returned from a DS query to see if there is * a NS RRset at this name. If it is found we are at a delegation point. @@ -2320,19 +2351,36 @@ sizeof(namebuf)); dns_rdataset_clone(&val->frdataset, &val->dlv); val->havedlvsep = ISC_TRUE; - validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found", namebuf); - dlv_validator_start(val); + if (dlv_algorithm_supported(val)) { + validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found", + namebuf); + dlv_validator_start(val); + } else { + validator_log(val, ISC_LOG_DEBUG(3), + "DLV %s found with no supported algorithms", + namebuf); + markanswer(val); + validator_done(val, ISC_R_SUCCESS); + } } else if (eresult == DNS_R_NXRRSET || eresult == DNS_R_NXDOMAIN || eresult == DNS_R_NCACHENXRRSET || eresult == DNS_R_NCACHENXDOMAIN) { - result = finddlvsep(val, ISC_TRUE); + result = finddlvsep(val, ISC_TRUE); if (result == ISC_R_SUCCESS) { - dns_name_format(dns_fixedname_name(&val->dlvsep), - namebuf, sizeof(namebuf)); - validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found", - namebuf); - dlv_validator_start(val); + if (dlv_algorithm_supported(val)) { + dns_name_format(dns_fixedname_name(&val->dlvsep), + namebuf, sizeof(namebuf)); + validator_log(val, ISC_LOG_DEBUG(3), + "DLV %s found", namebuf); + dlv_validator_start(val); + } else { + validator_log(val, ISC_LOG_DEBUG(3), + "DLV %s found with no supported " + "algorithms", namebuf); + markanswer(val); + validator_done(val, ISC_R_SUCCESS); + } } else if (result == ISC_R_NOTFOUND) { validator_log(val, ISC_LOG_DEBUG(3), "DLV not found"); markanswer(val); @@ -2395,9 +2443,16 @@ } dns_name_format(dns_fixedname_name(&val->dlvsep), namebuf, sizeof(namebuf)); - validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found", namebuf); - dlv_validator_start(val); - return (DNS_R_WAIT); + if (dlv_algorithm_supported(val)) { + validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found", namebuf); + dlv_validator_start(val); + return (DNS_R_WAIT); + } + validator_log(val, ISC_LOG_DEBUG(3), "DLV %s found with no supported " + "algorithms", namebuf); + markanswer(val); + validator_done(val, ISC_R_SUCCESS); + return (ISC_R_SUCCESS); } /*%
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor