NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: DNSSEC vs netbsd-8/sparc?
> Does anybody think that the bind bits in netbsd-8 are ok, even before we
> talk about compilation?
I'm about halfway through the diff between what's in-tree in
netbsd-8 and what's in ISC BIND 9.10.5-P1, and all I find so far
are
- tweak of RCSID tags
- /*CONSTCOND*/ annotation additions
- addition of "pfilter" hooksk
- a couple of "cast via void*" additions
Oh, wait...
diff -ru /usr/pkgsrc/tmp/bind-9.10.5-P1/lib/isc/hmacsha.c /usr/src/external/bsd/bind/dist/lib/isc/hmacsha.c
...
* This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384
@@ -1084,6 +1086,7 @@
void
isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
isc_sha1_invalidate(&ctx->sha1ctx);
+ memset(ctx->key, 0, sizeof(ctx->key));
memset(ctx, 0, sizeof(*ctx));
}
...
That can't be it, can it?
...
Nope; I tried reversing this diff, and rebuilt & reinstalled the
BIND libs, and no change.
At least this problem is also evident on NetBSD/powerpc 8.0:
golden-delicious: {2} uname -a
NetBSD golden-delicious.urc.uninett.no 8.0 NetBSD 8.0 (GOLDEN-DELICIOUS) #5: Tue Feb 26 11:52:02 CET 2019 he%golden-delicious.urc.uninett.no@localhost:/usr/obj/sys/arch/macppc/compile/GOLDEN-DELICIOUS macppc
golden-delicious: {3} dig . dnskey | dnssec-dsfromkey -f - .
. IN DS 20326 8 1 42CAD163F25D96B28A8413628A2EBEBC8341B1CD
. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
golden-delicious: {4}
Hmm, wait a bit... One commonality between sparc, sparc64 and
macppc is that they're all big-endian. ... and in
external/bsd/bind/include/config.h (which is "pre-cooked" in
NetBSD, but the corresponding file is generated by configure by
the ISC build setup) we find this part:
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
significant byte first (like Motorola and SPARC, unlike Intel). */
#ifndef __NetBSD__
/* Defined by the build process */
#if defined AC_APPLE_UNIVERSAL_BUILD
# if defined __BIG_ENDIAN__
# define WORDS_BIGENDIAN 1
# endif
#else
# ifndef WORDS_BIGENDIAN
/* # undef WORDS_BIGENDIAN */
# endif
#endif
#endif
which on NetBSD ends up not defining WORDS_BIGENDIAN ever, which
is OK for little-endian platforms, but not quite for the others.
Let's see...
Index: include/config.h
===================================================================
RCS file: /cvsroot/src/external/bsd/bind/include/Attic/config.h,v
retrieving revision 1.20.8.1
diff -u -r1.20.8.1 config.h
--- include/config.h 21 Jun 2017 18:03:51 -0000 1.20.8.1
+++ include/config.h 21 Apr 2020 14:26:04 -0000
@@ -594,6 +594,11 @@
/* # undef WORDS_BIGENDIAN */
# endif
#endif
+#else /* __NetBSD__ */
+# include <endian.h>
+# if _BYTE_ORDER == _BIG_ENDIAN
+# define WORDS_BIGENDIAN 1
+# endif
#endif
/* Define to empty if `const' does not conform to ANSI C. */
fixes it! After re-building libs and reinstalling them:
golden-delicious# dig . dnskey | dnssec-dsfromkey -f - .
. IN DS 20326 8 1 AE1EA5B974D4C858B740BD03E3CED7EBFCBD1724
. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
golden-delicious#
Regards,
- Håvard
Home |
Main Index |
Thread Index |
Old Index