|
1 This patch was obtained from ISC for 9.6-ESV-R11-P3. |
|
2 |
|
3 --- old/CHANGES Mon Aug 24 00:18:22 2015 |
|
4 +++ new/CHANGES Mon Aug 24 00:18:22 2015 |
|
5 @@ -1,3 +1,10 @@ |
|
6 + --- 9.6-ESV-R11-P3 released --- |
|
7 + |
|
8 +4168. [security] A buffer accounting error could trigger an |
|
9 + assertion failure when parsing certain malformed |
|
10 + DNSSEC keys. (CVE-2015-5722) |
|
11 + [RT #40212] |
|
12 + |
|
13 --- 9.6-ESV-R11-P2 released --- |
|
14 |
|
15 4165. [security] A failure to reset a value to NULL in tkey.c could |
|
16 --- old/lib/dns/api Mon Aug 24 00:18:24 2015 |
|
17 +++ new/lib/dns/api Mon Aug 24 00:18:23 2015 |
|
18 @@ -5,5 +5,5 @@ |
|
19 # 9.9: 90-109 |
|
20 # 9.9-sub: 130-139 |
|
21 LIBINTERFACE = 114 |
|
22 -LIBREVISION = 1 |
|
23 +LIBREVISION = 2 |
|
24 LIBAGE = 1 |
|
25 --- old/lib/dns/hmac_link.c Mon Aug 24 00:18:24 2015 |
|
26 +++ new/lib/dns/hmac_link.c Mon Aug 24 00:18:23 2015 |
|
27 @@ -1,5 +1,5 @@ |
|
28 /* |
|
29 - * Portions Copyright (C) 2004-2008, 2012-2014 Internet Systems Consortium, Inc. ("ISC") |
|
30 + * Portions Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") |
|
31 * Portions Copyright (C) 1999-2002 Internet Software Consortium. |
|
32 * |
|
33 * Permission to use, copy, modify, and/or distribute this software for any |
|
34 @@ -51,14 +51,10 @@ |
|
35 #include "dst_internal.h" |
|
36 #include "dst_parse.h" |
|
37 |
|
38 -#define HMAC_LEN 64 |
|
39 -#define HMAC_IPAD 0x36 |
|
40 -#define HMAC_OPAD 0x5c |
|
41 - |
|
42 static isc_result_t hmacmd5_fromdns(dst_key_t *key, isc_buffer_t *data); |
|
43 |
|
44 struct dst_hmacmd5_key { |
|
45 - unsigned char key[HMAC_LEN]; |
|
46 + unsigned char key[ISC_MD5_BLOCK_LENGTH]; |
|
47 }; |
|
48 |
|
49 static isc_result_t |
|
50 @@ -80,7 +76,7 @@ |
|
51 hmacmd5ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacmd5_t)); |
|
52 if (hmacmd5ctx == NULL) |
|
53 return (ISC_R_NOMEMORY); |
|
54 - isc_hmacmd5_init(hmacmd5ctx, hkey->key, HMAC_LEN); |
|
55 + isc_hmacmd5_init(hmacmd5ctx, hkey->key, ISC_MD5_BLOCK_LENGTH); |
|
56 dctx->ctxdata.hmacmd5ctx = hmacmd5ctx; |
|
57 return (ISC_R_SUCCESS); |
|
58 } |
|
59 @@ -143,7 +139,7 @@ |
|
60 else if (hkey1 == NULL || hkey2 == NULL) |
|
61 return (ISC_FALSE); |
|
62 |
|
63 - if (isc_safe_memcmp(hkey1->key, hkey2->key, HMAC_LEN)) |
|
64 + if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_MD5_BLOCK_LENGTH)) |
|
65 return (ISC_TRUE); |
|
66 else |
|
67 return (ISC_FALSE); |
|
68 @@ -153,16 +149,16 @@ |
|
69 hmacmd5_generate(dst_key_t *key, int pseudorandom_ok) { |
|
70 isc_buffer_t b; |
|
71 isc_result_t ret; |
|
72 - int bytes; |
|
73 - unsigned char data[HMAC_LEN]; |
|
74 + unsigned int bytes; |
|
75 + unsigned char data[ISC_MD5_BLOCK_LENGTH]; |
|
76 |
|
77 bytes = (key->key_size + 7) / 8; |
|
78 - if (bytes > HMAC_LEN) { |
|
79 - bytes = HMAC_LEN; |
|
80 - key->key_size = HMAC_LEN * 8; |
|
81 + if (bytes > ISC_MD5_BLOCK_LENGTH) { |
|
82 + bytes = ISC_MD5_BLOCK_LENGTH; |
|
83 + key->key_size = ISC_MD5_BLOCK_LENGTH * 8; |
|
84 } |
|
85 |
|
86 - memset(data, 0, HMAC_LEN); |
|
87 + memset(data, 0, ISC_MD5_BLOCK_LENGTH); |
|
88 ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); |
|
89 |
|
90 if (ret != ISC_R_SUCCESS) |
|
91 @@ -171,7 +167,7 @@ |
|
92 isc_buffer_init(&b, data, bytes); |
|
93 isc_buffer_add(&b, bytes); |
|
94 ret = hmacmd5_fromdns(key, &b); |
|
95 - memset(data, 0, HMAC_LEN); |
|
96 + memset(data, 0, ISC_MD5_BLOCK_LENGTH); |
|
97 |
|
98 return (ret); |
|
99 } |
|
100 @@ -185,6 +181,7 @@ |
|
101 static void |
|
102 hmacmd5_destroy(dst_key_t *key) { |
|
103 dst_hmacmd5_key_t *hkey = key->keydata.hmacmd5; |
|
104 + |
|
105 memset(hkey, 0, sizeof(dst_hmacmd5_key_t)); |
|
106 isc_mem_put(key->mctx, hkey, sizeof(dst_hmacmd5_key_t)); |
|
107 key->keydata.hmacmd5 = NULL; |
|
108 @@ -224,7 +221,7 @@ |
|
109 |
|
110 memset(hkey->key, 0, sizeof(hkey->key)); |
|
111 |
|
112 - if (r.length > HMAC_LEN) { |
|
113 + if (r.length > ISC_MD5_BLOCK_LENGTH) { |
|
114 isc_md5_init(&md5ctx); |
|
115 isc_md5_update(&md5ctx, r.base, r.length); |
|
116 isc_md5_final(&md5ctx, hkey->key); |
|
117 @@ -237,6 +234,8 @@ |
|
118 key->key_size = keylen * 8; |
|
119 key->keydata.hmacmd5 = hkey; |
|
120 |
|
121 + isc_buffer_forward(data, r.length); |
|
122 + |
|
123 return (ISC_R_SUCCESS); |
|
124 } |
|
125 |
|
126 @@ -276,7 +275,8 @@ |
|
127 unsigned int i; |
|
128 |
|
129 /* read private key file */ |
|
130 - result = dst__privstruct_parse(key, DST_ALG_HMACMD5, lexer, mctx, &priv); |
|
131 + result = dst__privstruct_parse(key, DST_ALG_HMACMD5, lexer, mctx, |
|
132 + &priv); |
|
133 if (result != ISC_R_SUCCESS) |
|
134 return (result); |
|
135 |
|
136 @@ -337,7 +337,7 @@ |
|
137 static isc_result_t hmacsha1_fromdns(dst_key_t *key, isc_buffer_t *data); |
|
138 |
|
139 struct dst_hmacsha1_key { |
|
140 - unsigned char key[ISC_SHA1_DIGESTLENGTH]; |
|
141 + unsigned char key[ISC_SHA1_BLOCK_LENGTH]; |
|
142 }; |
|
143 |
|
144 static isc_result_t |
|
145 @@ -348,7 +348,7 @@ |
|
146 hmacsha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha1_t)); |
|
147 if (hmacsha1ctx == NULL) |
|
148 return (ISC_R_NOMEMORY); |
|
149 - isc_hmacsha1_init(hmacsha1ctx, hkey->key, ISC_SHA1_DIGESTLENGTH); |
|
150 + isc_hmacsha1_init(hmacsha1ctx, hkey->key, ISC_SHA1_BLOCK_LENGTH); |
|
151 dctx->ctxdata.hmacsha1ctx = hmacsha1ctx; |
|
152 return (ISC_R_SUCCESS); |
|
153 } |
|
154 @@ -411,7 +411,7 @@ |
|
155 else if (hkey1 == NULL || hkey2 == NULL) |
|
156 return (ISC_FALSE); |
|
157 |
|
158 - if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_DIGESTLENGTH)) |
|
159 + if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH)) |
|
160 return (ISC_TRUE); |
|
161 else |
|
162 return (ISC_FALSE); |
|
163 @@ -421,16 +421,16 @@ |
|
164 hmacsha1_generate(dst_key_t *key, int pseudorandom_ok) { |
|
165 isc_buffer_t b; |
|
166 isc_result_t ret; |
|
167 - int bytes; |
|
168 - unsigned char data[HMAC_LEN]; |
|
169 + unsigned int bytes; |
|
170 + unsigned char data[ISC_SHA1_BLOCK_LENGTH]; |
|
171 |
|
172 bytes = (key->key_size + 7) / 8; |
|
173 - if (bytes > HMAC_LEN) { |
|
174 - bytes = HMAC_LEN; |
|
175 - key->key_size = HMAC_LEN * 8; |
|
176 + if (bytes > ISC_SHA1_BLOCK_LENGTH) { |
|
177 + bytes = ISC_SHA1_BLOCK_LENGTH; |
|
178 + key->key_size = ISC_SHA1_BLOCK_LENGTH * 8; |
|
179 } |
|
180 |
|
181 - memset(data, 0, HMAC_LEN); |
|
182 + memset(data, 0, ISC_SHA1_BLOCK_LENGTH); |
|
183 ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); |
|
184 |
|
185 if (ret != ISC_R_SUCCESS) |
|
186 @@ -439,7 +439,7 @@ |
|
187 isc_buffer_init(&b, data, bytes); |
|
188 isc_buffer_add(&b, bytes); |
|
189 ret = hmacsha1_fromdns(key, &b); |
|
190 - memset(data, 0, ISC_SHA1_DIGESTLENGTH); |
|
191 + memset(data, 0, ISC_SHA1_BLOCK_LENGTH); |
|
192 |
|
193 return (ret); |
|
194 } |
|
195 @@ -453,6 +453,7 @@ |
|
196 static void |
|
197 hmacsha1_destroy(dst_key_t *key) { |
|
198 dst_hmacsha1_key_t *hkey = key->keydata.hmacsha1; |
|
199 + |
|
200 memset(hkey, 0, sizeof(dst_hmacsha1_key_t)); |
|
201 isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha1_key_t)); |
|
202 key->keydata.hmacsha1 = NULL; |
|
203 @@ -492,7 +493,7 @@ |
|
204 |
|
205 memset(hkey->key, 0, sizeof(hkey->key)); |
|
206 |
|
207 - if (r.length > ISC_SHA1_DIGESTLENGTH) { |
|
208 + if (r.length > ISC_SHA1_BLOCK_LENGTH) { |
|
209 isc_sha1_init(&sha1ctx); |
|
210 isc_sha1_update(&sha1ctx, r.base, r.length); |
|
211 isc_sha1_final(&sha1ctx, hkey->key); |
|
212 @@ -505,6 +506,8 @@ |
|
213 key->key_size = keylen * 8; |
|
214 key->keydata.hmacsha1 = hkey; |
|
215 |
|
216 + isc_buffer_forward(data, r.length); |
|
217 + |
|
218 return (ISC_R_SUCCESS); |
|
219 } |
|
220 |
|
221 @@ -606,7 +609,7 @@ |
|
222 static isc_result_t hmacsha224_fromdns(dst_key_t *key, isc_buffer_t *data); |
|
223 |
|
224 struct dst_hmacsha224_key { |
|
225 - unsigned char key[ISC_SHA224_DIGESTLENGTH]; |
|
226 + unsigned char key[ISC_SHA224_BLOCK_LENGTH]; |
|
227 }; |
|
228 |
|
229 static isc_result_t |
|
230 @@ -617,7 +620,7 @@ |
|
231 hmacsha224ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha224_t)); |
|
232 if (hmacsha224ctx == NULL) |
|
233 return (ISC_R_NOMEMORY); |
|
234 - isc_hmacsha224_init(hmacsha224ctx, hkey->key, ISC_SHA224_DIGESTLENGTH); |
|
235 + isc_hmacsha224_init(hmacsha224ctx, hkey->key, ISC_SHA224_BLOCK_LENGTH); |
|
236 dctx->ctxdata.hmacsha224ctx = hmacsha224ctx; |
|
237 return (ISC_R_SUCCESS); |
|
238 } |
|
239 @@ -680,7 +683,7 @@ |
|
240 else if (hkey1 == NULL || hkey2 == NULL) |
|
241 return (ISC_FALSE); |
|
242 |
|
243 - if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA224_DIGESTLENGTH)) |
|
244 + if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA224_BLOCK_LENGTH)) |
|
245 return (ISC_TRUE); |
|
246 else |
|
247 return (ISC_FALSE); |
|
248 @@ -690,16 +693,16 @@ |
|
249 hmacsha224_generate(dst_key_t *key, int pseudorandom_ok) { |
|
250 isc_buffer_t b; |
|
251 isc_result_t ret; |
|
252 - int bytes; |
|
253 - unsigned char data[HMAC_LEN]; |
|
254 + unsigned int bytes; |
|
255 + unsigned char data[ISC_SHA224_BLOCK_LENGTH]; |
|
256 |
|
257 bytes = (key->key_size + 7) / 8; |
|
258 - if (bytes > HMAC_LEN) { |
|
259 - bytes = HMAC_LEN; |
|
260 - key->key_size = HMAC_LEN * 8; |
|
261 + if (bytes > ISC_SHA224_BLOCK_LENGTH) { |
|
262 + bytes = ISC_SHA224_BLOCK_LENGTH; |
|
263 + key->key_size = ISC_SHA224_BLOCK_LENGTH * 8; |
|
264 } |
|
265 |
|
266 - memset(data, 0, HMAC_LEN); |
|
267 + memset(data, 0, ISC_SHA224_BLOCK_LENGTH); |
|
268 ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); |
|
269 |
|
270 if (ret != ISC_R_SUCCESS) |
|
271 @@ -708,7 +711,7 @@ |
|
272 isc_buffer_init(&b, data, bytes); |
|
273 isc_buffer_add(&b, bytes); |
|
274 ret = hmacsha224_fromdns(key, &b); |
|
275 - memset(data, 0, ISC_SHA224_DIGESTLENGTH); |
|
276 + memset(data, 0, ISC_SHA224_BLOCK_LENGTH); |
|
277 |
|
278 return (ret); |
|
279 } |
|
280 @@ -722,6 +725,7 @@ |
|
281 static void |
|
282 hmacsha224_destroy(dst_key_t *key) { |
|
283 dst_hmacsha224_key_t *hkey = key->keydata.hmacsha224; |
|
284 + |
|
285 memset(hkey, 0, sizeof(dst_hmacsha224_key_t)); |
|
286 isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha224_key_t)); |
|
287 key->keydata.hmacsha224 = NULL; |
|
288 @@ -761,7 +765,7 @@ |
|
289 |
|
290 memset(hkey->key, 0, sizeof(hkey->key)); |
|
291 |
|
292 - if (r.length > ISC_SHA224_DIGESTLENGTH) { |
|
293 + if (r.length > ISC_SHA224_BLOCK_LENGTH) { |
|
294 isc_sha224_init(&sha224ctx); |
|
295 isc_sha224_update(&sha224ctx, r.base, r.length); |
|
296 isc_sha224_final(hkey->key, &sha224ctx); |
|
297 @@ -774,6 +778,8 @@ |
|
298 key->key_size = keylen * 8; |
|
299 key->keydata.hmacsha224 = hkey; |
|
300 |
|
301 + isc_buffer_forward(data, r.length); |
|
302 + |
|
303 return (ISC_R_SUCCESS); |
|
304 } |
|
305 |
|
306 @@ -875,7 +881,7 @@ |
|
307 static isc_result_t hmacsha256_fromdns(dst_key_t *key, isc_buffer_t *data); |
|
308 |
|
309 struct dst_hmacsha256_key { |
|
310 - unsigned char key[ISC_SHA256_DIGESTLENGTH]; |
|
311 + unsigned char key[ISC_SHA256_BLOCK_LENGTH]; |
|
312 }; |
|
313 |
|
314 static isc_result_t |
|
315 @@ -886,7 +892,7 @@ |
|
316 hmacsha256ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha256_t)); |
|
317 if (hmacsha256ctx == NULL) |
|
318 return (ISC_R_NOMEMORY); |
|
319 - isc_hmacsha256_init(hmacsha256ctx, hkey->key, ISC_SHA256_DIGESTLENGTH); |
|
320 + isc_hmacsha256_init(hmacsha256ctx, hkey->key, ISC_SHA256_BLOCK_LENGTH); |
|
321 dctx->ctxdata.hmacsha256ctx = hmacsha256ctx; |
|
322 return (ISC_R_SUCCESS); |
|
323 } |
|
324 @@ -949,7 +955,7 @@ |
|
325 else if (hkey1 == NULL || hkey2 == NULL) |
|
326 return (ISC_FALSE); |
|
327 |
|
328 - if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA256_DIGESTLENGTH)) |
|
329 + if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA256_BLOCK_LENGTH)) |
|
330 return (ISC_TRUE); |
|
331 else |
|
332 return (ISC_FALSE); |
|
333 @@ -959,16 +965,16 @@ |
|
334 hmacsha256_generate(dst_key_t *key, int pseudorandom_ok) { |
|
335 isc_buffer_t b; |
|
336 isc_result_t ret; |
|
337 - int bytes; |
|
338 - unsigned char data[HMAC_LEN]; |
|
339 + unsigned int bytes; |
|
340 + unsigned char data[ISC_SHA256_BLOCK_LENGTH]; |
|
341 |
|
342 bytes = (key->key_size + 7) / 8; |
|
343 - if (bytes > HMAC_LEN) { |
|
344 - bytes = HMAC_LEN; |
|
345 - key->key_size = HMAC_LEN * 8; |
|
346 + if (bytes > ISC_SHA256_BLOCK_LENGTH) { |
|
347 + bytes = ISC_SHA256_BLOCK_LENGTH; |
|
348 + key->key_size = ISC_SHA256_BLOCK_LENGTH * 8; |
|
349 } |
|
350 |
|
351 - memset(data, 0, HMAC_LEN); |
|
352 + memset(data, 0, ISC_SHA256_BLOCK_LENGTH); |
|
353 ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); |
|
354 |
|
355 if (ret != ISC_R_SUCCESS) |
|
356 @@ -977,7 +983,7 @@ |
|
357 isc_buffer_init(&b, data, bytes); |
|
358 isc_buffer_add(&b, bytes); |
|
359 ret = hmacsha256_fromdns(key, &b); |
|
360 - memset(data, 0, ISC_SHA256_DIGESTLENGTH); |
|
361 + memset(data, 0, ISC_SHA256_BLOCK_LENGTH); |
|
362 |
|
363 return (ret); |
|
364 } |
|
365 @@ -991,6 +997,7 @@ |
|
366 static void |
|
367 hmacsha256_destroy(dst_key_t *key) { |
|
368 dst_hmacsha256_key_t *hkey = key->keydata.hmacsha256; |
|
369 + |
|
370 memset(hkey, 0, sizeof(dst_hmacsha256_key_t)); |
|
371 isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha256_key_t)); |
|
372 key->keydata.hmacsha256 = NULL; |
|
373 @@ -1030,7 +1037,7 @@ |
|
374 |
|
375 memset(hkey->key, 0, sizeof(hkey->key)); |
|
376 |
|
377 - if (r.length > ISC_SHA256_DIGESTLENGTH) { |
|
378 + if (r.length > ISC_SHA256_BLOCK_LENGTH) { |
|
379 isc_sha256_init(&sha256ctx); |
|
380 isc_sha256_update(&sha256ctx, r.base, r.length); |
|
381 isc_sha256_final(hkey->key, &sha256ctx); |
|
382 @@ -1043,6 +1050,8 @@ |
|
383 key->key_size = keylen * 8; |
|
384 key->keydata.hmacsha256 = hkey; |
|
385 |
|
386 + isc_buffer_forward(data, r.length); |
|
387 + |
|
388 return (ISC_R_SUCCESS); |
|
389 } |
|
390 |
|
391 @@ -1144,7 +1153,7 @@ |
|
392 static isc_result_t hmacsha384_fromdns(dst_key_t *key, isc_buffer_t *data); |
|
393 |
|
394 struct dst_hmacsha384_key { |
|
395 - unsigned char key[ISC_SHA384_DIGESTLENGTH]; |
|
396 + unsigned char key[ISC_SHA384_BLOCK_LENGTH]; |
|
397 }; |
|
398 |
|
399 static isc_result_t |
|
400 @@ -1155,7 +1164,7 @@ |
|
401 hmacsha384ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha384_t)); |
|
402 if (hmacsha384ctx == NULL) |
|
403 return (ISC_R_NOMEMORY); |
|
404 - isc_hmacsha384_init(hmacsha384ctx, hkey->key, ISC_SHA384_DIGESTLENGTH); |
|
405 + isc_hmacsha384_init(hmacsha384ctx, hkey->key, ISC_SHA384_BLOCK_LENGTH); |
|
406 dctx->ctxdata.hmacsha384ctx = hmacsha384ctx; |
|
407 return (ISC_R_SUCCESS); |
|
408 } |
|
409 @@ -1218,7 +1227,7 @@ |
|
410 else if (hkey1 == NULL || hkey2 == NULL) |
|
411 return (ISC_FALSE); |
|
412 |
|
413 - if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA384_DIGESTLENGTH)) |
|
414 + if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA384_BLOCK_LENGTH)) |
|
415 return (ISC_TRUE); |
|
416 else |
|
417 return (ISC_FALSE); |
|
418 @@ -1228,16 +1237,16 @@ |
|
419 hmacsha384_generate(dst_key_t *key, int pseudorandom_ok) { |
|
420 isc_buffer_t b; |
|
421 isc_result_t ret; |
|
422 - int bytes; |
|
423 - unsigned char data[HMAC_LEN]; |
|
424 + unsigned int bytes; |
|
425 + unsigned char data[ISC_SHA384_BLOCK_LENGTH]; |
|
426 |
|
427 bytes = (key->key_size + 7) / 8; |
|
428 - if (bytes > HMAC_LEN) { |
|
429 - bytes = HMAC_LEN; |
|
430 - key->key_size = HMAC_LEN * 8; |
|
431 + if (bytes > ISC_SHA384_BLOCK_LENGTH) { |
|
432 + bytes = ISC_SHA384_BLOCK_LENGTH; |
|
433 + key->key_size = ISC_SHA384_BLOCK_LENGTH * 8; |
|
434 } |
|
435 |
|
436 - memset(data, 0, HMAC_LEN); |
|
437 + memset(data, 0, ISC_SHA384_BLOCK_LENGTH); |
|
438 ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); |
|
439 |
|
440 if (ret != ISC_R_SUCCESS) |
|
441 @@ -1246,7 +1255,7 @@ |
|
442 isc_buffer_init(&b, data, bytes); |
|
443 isc_buffer_add(&b, bytes); |
|
444 ret = hmacsha384_fromdns(key, &b); |
|
445 - memset(data, 0, ISC_SHA384_DIGESTLENGTH); |
|
446 + memset(data, 0, ISC_SHA384_BLOCK_LENGTH); |
|
447 |
|
448 return (ret); |
|
449 } |
|
450 @@ -1260,6 +1269,7 @@ |
|
451 static void |
|
452 hmacsha384_destroy(dst_key_t *key) { |
|
453 dst_hmacsha384_key_t *hkey = key->keydata.hmacsha384; |
|
454 + |
|
455 memset(hkey, 0, sizeof(dst_hmacsha384_key_t)); |
|
456 isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha384_key_t)); |
|
457 key->keydata.hmacsha384 = NULL; |
|
458 @@ -1299,7 +1309,7 @@ |
|
459 |
|
460 memset(hkey->key, 0, sizeof(hkey->key)); |
|
461 |
|
462 - if (r.length > ISC_SHA384_DIGESTLENGTH) { |
|
463 + if (r.length > ISC_SHA384_BLOCK_LENGTH) { |
|
464 isc_sha384_init(&sha384ctx); |
|
465 isc_sha384_update(&sha384ctx, r.base, r.length); |
|
466 isc_sha384_final(hkey->key, &sha384ctx); |
|
467 @@ -1312,6 +1322,8 @@ |
|
468 key->key_size = keylen * 8; |
|
469 key->keydata.hmacsha384 = hkey; |
|
470 |
|
471 + isc_buffer_forward(data, r.length); |
|
472 + |
|
473 return (ISC_R_SUCCESS); |
|
474 } |
|
475 |
|
476 @@ -1413,7 +1425,7 @@ |
|
477 static isc_result_t hmacsha512_fromdns(dst_key_t *key, isc_buffer_t *data); |
|
478 |
|
479 struct dst_hmacsha512_key { |
|
480 - unsigned char key[ISC_SHA512_DIGESTLENGTH]; |
|
481 + unsigned char key[ISC_SHA512_BLOCK_LENGTH]; |
|
482 }; |
|
483 |
|
484 static isc_result_t |
|
485 @@ -1424,7 +1436,7 @@ |
|
486 hmacsha512ctx = isc_mem_get(dctx->mctx, sizeof(isc_hmacsha512_t)); |
|
487 if (hmacsha512ctx == NULL) |
|
488 return (ISC_R_NOMEMORY); |
|
489 - isc_hmacsha512_init(hmacsha512ctx, hkey->key, ISC_SHA512_DIGESTLENGTH); |
|
490 + isc_hmacsha512_init(hmacsha512ctx, hkey->key, ISC_SHA512_BLOCK_LENGTH); |
|
491 dctx->ctxdata.hmacsha512ctx = hmacsha512ctx; |
|
492 return (ISC_R_SUCCESS); |
|
493 } |
|
494 @@ -1487,7 +1499,7 @@ |
|
495 else if (hkey1 == NULL || hkey2 == NULL) |
|
496 return (ISC_FALSE); |
|
497 |
|
498 - if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA512_DIGESTLENGTH)) |
|
499 + if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA512_BLOCK_LENGTH)) |
|
500 return (ISC_TRUE); |
|
501 else |
|
502 return (ISC_FALSE); |
|
503 @@ -1497,16 +1509,16 @@ |
|
504 hmacsha512_generate(dst_key_t *key, int pseudorandom_ok) { |
|
505 isc_buffer_t b; |
|
506 isc_result_t ret; |
|
507 - int bytes; |
|
508 - unsigned char data[HMAC_LEN]; |
|
509 + unsigned int bytes; |
|
510 + unsigned char data[ISC_SHA512_BLOCK_LENGTH]; |
|
511 |
|
512 bytes = (key->key_size + 7) / 8; |
|
513 - if (bytes > HMAC_LEN) { |
|
514 - bytes = HMAC_LEN; |
|
515 - key->key_size = HMAC_LEN * 8; |
|
516 + if (bytes > ISC_SHA512_BLOCK_LENGTH) { |
|
517 + bytes = ISC_SHA512_BLOCK_LENGTH; |
|
518 + key->key_size = ISC_SHA512_BLOCK_LENGTH * 8; |
|
519 } |
|
520 |
|
521 - memset(data, 0, HMAC_LEN); |
|
522 + memset(data, 0, ISC_SHA512_BLOCK_LENGTH); |
|
523 ret = dst__entropy_getdata(data, bytes, ISC_TF(pseudorandom_ok != 0)); |
|
524 |
|
525 if (ret != ISC_R_SUCCESS) |
|
526 @@ -1515,7 +1527,7 @@ |
|
527 isc_buffer_init(&b, data, bytes); |
|
528 isc_buffer_add(&b, bytes); |
|
529 ret = hmacsha512_fromdns(key, &b); |
|
530 - memset(data, 0, ISC_SHA512_DIGESTLENGTH); |
|
531 + memset(data, 0, ISC_SHA512_BLOCK_LENGTH); |
|
532 |
|
533 return (ret); |
|
534 } |
|
535 @@ -1529,6 +1541,7 @@ |
|
536 static void |
|
537 hmacsha512_destroy(dst_key_t *key) { |
|
538 dst_hmacsha512_key_t *hkey = key->keydata.hmacsha512; |
|
539 + |
|
540 memset(hkey, 0, sizeof(dst_hmacsha512_key_t)); |
|
541 isc_mem_put(key->mctx, hkey, sizeof(dst_hmacsha512_key_t)); |
|
542 key->keydata.hmacsha512 = NULL; |
|
543 @@ -1568,7 +1581,7 @@ |
|
544 |
|
545 memset(hkey->key, 0, sizeof(hkey->key)); |
|
546 |
|
547 - if (r.length > ISC_SHA512_DIGESTLENGTH) { |
|
548 + if (r.length > ISC_SHA512_BLOCK_LENGTH) { |
|
549 isc_sha512_init(&sha512ctx); |
|
550 isc_sha512_update(&sha512ctx, r.base, r.length); |
|
551 isc_sha512_final(hkey->key, &sha512ctx); |
|
552 @@ -1581,6 +1594,8 @@ |
|
553 key->key_size = keylen * 8; |
|
554 key->keydata.hmacsha512 = hkey; |
|
555 |
|
556 + isc_buffer_forward(data, r.length); |
|
557 + |
|
558 return (ISC_R_SUCCESS); |
|
559 } |
|
560 |
|
561 --- old/lib/dns/include/dst/dst.h Mon Aug 24 00:18:24 2015 |
|
562 +++ new/lib/dns/include/dst/dst.h Mon Aug 24 00:18:23 2015 |
|
563 @@ -65,6 +65,7 @@ |
|
564 #define DST_ALG_HMACSHA256 163 /* XXXMPA */ |
|
565 #define DST_ALG_HMACSHA384 164 /* XXXMPA */ |
|
566 #define DST_ALG_HMACSHA512 165 /* XXXMPA */ |
|
567 +#define DST_ALG_INDIRECT 252 |
|
568 #define DST_ALG_PRIVATE 254 |
|
569 #define DST_ALG_EXPAND 255 |
|
570 #define DST_MAX_ALGS 255 |
|
571 --- old/lib/dns/ncache.c Mon Aug 24 00:18:24 2015 |
|
572 +++ new/lib/dns/ncache.c Mon Aug 24 00:18:23 2015 |
|
573 @@ -35,7 +35,7 @@ |
|
574 #define DNS_NCACHE_RDATA 20U |
|
575 |
|
576 /* |
|
577 - * The format of an ncache rdata is a sequence of one or more records of |
|
578 + * The format of an ncache rdata is a sequence of zero or more records of |
|
579 * the following format: |
|
580 * |
|
581 * owner name |
|
582 @@ -665,13 +665,11 @@ |
|
583 dns_name_fromregion(&tname, &remaining); |
|
584 INSIST(remaining.length >= tname.length); |
|
585 isc_buffer_forward(&source, tname.length); |
|
586 - remaining.length -= tname.length; |
|
587 - remaining.base += tname.length; |
|
588 + isc_region_consume(&remaining, tname.length); |
|
589 |
|
590 INSIST(remaining.length >= 2); |
|
591 type = isc_buffer_getuint16(&source); |
|
592 - remaining.length -= 2; |
|
593 - remaining.base += 2; |
|
594 + isc_region_consume(&remaining, 2); |
|
595 |
|
596 if (type != dns_rdatatype_rrsig || |
|
597 !dns_name_equal(&tname, name)) { |
|
598 @@ -683,8 +681,7 @@ |
|
599 INSIST(remaining.length >= 1); |
|
600 trust = isc_buffer_getuint8(&source); |
|
601 INSIST(trust <= dns_trust_ultimate); |
|
602 - remaining.length -= 1; |
|
603 - remaining.base += 1; |
|
604 + isc_region_consume(&remaining, 1); |
|
605 |
|
606 raw = remaining.base; |
|
607 count = raw[0] * 256 + raw[1]; |
|
608 --- old/lib/dns/openssldh_link.c Mon Aug 24 00:18:24 2015 |
|
609 +++ new/lib/dns/openssldh_link.c Mon Aug 24 00:18:23 2015 |
|
610 @@ -1,5 +1,5 @@ |
|
611 /* |
|
612 - * Portions Copyright (C) 2004-2008, 2012 Internet Systems Consortium, Inc. ("ISC") |
|
613 + * Portions Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") |
|
614 * Portions Copyright (C) 1999-2002 Internet Software Consortium. |
|
615 * |
|
616 * Permission to use, copy, modify, and/or distribute this software for any |
|
617 @@ -93,7 +93,7 @@ |
|
618 if (r.length < len) |
|
619 return (ISC_R_NOSPACE); |
|
620 ret = DH_compute_key(r.base, dhpub->pub_key, dhpriv); |
|
621 - if (ret == 0) |
|
622 + if (ret <= 0) |
|
623 return (dst__openssl_toresult2("DH_compute_key", |
|
624 DST_R_COMPUTESECRETFAILURE)); |
|
625 isc_buffer_add(secret, len); |
|
626 @@ -236,8 +236,10 @@ |
|
627 |
|
628 static void |
|
629 uint16_toregion(isc_uint16_t val, isc_region_t *region) { |
|
630 - *region->base++ = (val & 0xff00) >> 8; |
|
631 - *region->base++ = (val & 0x00ff); |
|
632 + *region->base = (val & 0xff00) >> 8; |
|
633 + isc_region_consume(region, 1); |
|
634 + *region->base = (val & 0x00ff); |
|
635 + isc_region_consume(region, 1); |
|
636 } |
|
637 |
|
638 static isc_uint16_t |
|
639 @@ -248,7 +250,8 @@ |
|
640 val = ((unsigned int)(cp[0])) << 8; |
|
641 val |= ((unsigned int)(cp[1])); |
|
642 |
|
643 - region->base += 2; |
|
644 + isc_region_consume(region, 2); |
|
645 + |
|
646 return (val); |
|
647 } |
|
648 |
|
649 @@ -289,16 +292,16 @@ |
|
650 } |
|
651 else |
|
652 BN_bn2bin(dh->p, r.base); |
|
653 - r.base += plen; |
|
654 + isc_region_consume(&r, plen); |
|
655 |
|
656 uint16_toregion(glen, &r); |
|
657 if (glen > 0) |
|
658 BN_bn2bin(dh->g, r.base); |
|
659 - r.base += glen; |
|
660 + isc_region_consume(&r, glen); |
|
661 |
|
662 uint16_toregion(publen, &r); |
|
663 BN_bn2bin(dh->pub_key, r.base); |
|
664 - r.base += publen; |
|
665 + isc_region_consume(&r, publen); |
|
666 |
|
667 isc_buffer_add(data, dnslen); |
|
668 |
|
669 @@ -339,10 +342,12 @@ |
|
670 return (DST_R_INVALIDPUBLICKEY); |
|
671 } |
|
672 if (plen == 1 || plen == 2) { |
|
673 - if (plen == 1) |
|
674 - special = *r.base++; |
|
675 - else |
|
676 + if (plen == 1) { |
|
677 + special = *r.base; |
|
678 + isc_region_consume(&r, 1); |
|
679 + } else { |
|
680 special = uint16_fromregion(&r); |
|
681 + } |
|
682 switch (special) { |
|
683 case 1: |
|
684 dh->p = &bn768; |
|
685 @@ -357,10 +362,9 @@ |
|
686 DH_free(dh); |
|
687 return (DST_R_INVALIDPUBLICKEY); |
|
688 } |
|
689 - } |
|
690 - else { |
|
691 + } else { |
|
692 dh->p = BN_bin2bn(r.base, plen, NULL); |
|
693 - r.base += plen; |
|
694 + isc_region_consume(&r, plen); |
|
695 } |
|
696 |
|
697 /* |
|
698 @@ -391,8 +395,7 @@ |
|
699 return (DST_R_INVALIDPUBLICKEY); |
|
700 } |
|
701 } |
|
702 - } |
|
703 - else { |
|
704 + } else { |
|
705 if (glen == 0) { |
|
706 DH_free(dh); |
|
707 return (DST_R_INVALIDPUBLICKEY); |
|
708 @@ -399,7 +402,7 @@ |
|
709 } |
|
710 dh->g = BN_bin2bn(r.base, glen, NULL); |
|
711 } |
|
712 - r.base += glen; |
|
713 + isc_region_consume(&r, glen); |
|
714 |
|
715 if (r.length < 2) { |
|
716 DH_free(dh); |
|
717 @@ -411,7 +414,7 @@ |
|
718 return (DST_R_INVALIDPUBLICKEY); |
|
719 } |
|
720 dh->pub_key = BN_bin2bn(r.base, publen, NULL); |
|
721 - r.base += publen; |
|
722 + isc_region_consume(&r, publen); |
|
723 |
|
724 key->key_size = BN_num_bits(dh->p); |
|
725 |
|
726 @@ -577,11 +580,11 @@ |
|
727 |
|
728 s = strchr(hexdigits, tolower((unsigned char)str[i])); |
|
729 RUNTIME_CHECK(s != NULL); |
|
730 - high = s - hexdigits; |
|
731 + high = (unsigned int)(s - hexdigits); |
|
732 |
|
733 s = strchr(hexdigits, tolower((unsigned char)str[i + 1])); |
|
734 RUNTIME_CHECK(s != NULL); |
|
735 - low = s - hexdigits; |
|
736 + low = (unsigned int)(s - hexdigits); |
|
737 |
|
738 data[i/2] = (unsigned char)((high << 4) + low); |
|
739 } |
|
740 --- old/lib/dns/openssldsa_link.c Mon Aug 24 00:18:24 2015 |
|
741 +++ new/lib/dns/openssldsa_link.c Mon Aug 24 00:18:23 2015 |
|
742 @@ -1,5 +1,5 @@ |
|
743 /* |
|
744 - * Portions Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") |
|
745 + * Portions Copyright (C) 2004-2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC") |
|
746 * Portions Copyright (C) 1999-2002 Internet Software Consortium. |
|
747 * |
|
748 * Permission to use, copy, modify, and/or distribute this software for any |
|
749 @@ -137,6 +137,7 @@ |
|
750 DSA *dsa = key->keydata.dsa; |
|
751 isc_region_t r; |
|
752 DSA_SIG *dsasig; |
|
753 + unsigned int klen; |
|
754 #if USE_EVP |
|
755 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; |
|
756 EVP_PKEY *pkey; |
|
757 @@ -209,11 +210,17 @@ |
|
758 "DSA_do_sign", |
|
759 DST_R_SIGNFAILURE)); |
|
760 #endif |
|
761 - *r.base++ = (key->key_size - 512)/64; |
|
762 + |
|
763 + klen = (key->key_size - 512)/64; |
|
764 + if (klen > 255) |
|
765 + return (ISC_R_FAILURE); |
|
766 + *r.base = klen; |
|
767 + isc_region_consume(&r, 1); |
|
768 + |
|
769 BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH); |
|
770 - r.base += ISC_SHA1_DIGESTLENGTH; |
|
771 + isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); |
|
772 BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH); |
|
773 - r.base += ISC_SHA1_DIGESTLENGTH; |
|
774 + isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); |
|
775 DSA_SIG_free(dsasig); |
|
776 isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1); |
|
777 |
|
778 @@ -416,15 +423,16 @@ |
|
779 if (r.length < (unsigned int) dnslen) |
|
780 return (ISC_R_NOSPACE); |
|
781 |
|
782 - *r.base++ = t; |
|
783 + *r.base = t; |
|
784 + isc_region_consume(&r, 1); |
|
785 BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH); |
|
786 - r.base += ISC_SHA1_DIGESTLENGTH; |
|
787 + isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); |
|
788 BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8); |
|
789 - r.base += p_bytes; |
|
790 + isc_region_consume(&r, p_bytes); |
|
791 BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8); |
|
792 - r.base += p_bytes; |
|
793 + isc_region_consume(&r, p_bytes); |
|
794 BN_bn2bin_fixed(dsa->pub_key, r.base, key->key_size/8); |
|
795 - r.base += p_bytes; |
|
796 + isc_region_consume(&r, p_bytes); |
|
797 |
|
798 isc_buffer_add(data, dnslen); |
|
799 |
|
800 @@ -449,7 +457,8 @@ |
|
801 return (ISC_R_NOMEMORY); |
|
802 dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; |
|
803 |
|
804 - t = (unsigned int) *r.base++; |
|
805 + t = (unsigned int) *r.base; |
|
806 + isc_region_consume(&r, 1); |
|
807 if (t > 8) { |
|
808 DSA_free(dsa); |
|
809 return (DST_R_INVALIDPUBLICKEY); |
|
810 @@ -456,22 +465,22 @@ |
|
811 } |
|
812 p_bytes = 64 + 8 * t; |
|
813 |
|
814 - if (r.length < 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) { |
|
815 + if (r.length < ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) { |
|
816 DSA_free(dsa); |
|
817 return (DST_R_INVALIDPUBLICKEY); |
|
818 } |
|
819 |
|
820 dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL); |
|
821 - r.base += ISC_SHA1_DIGESTLENGTH; |
|
822 + isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH); |
|
823 |
|
824 dsa->p = BN_bin2bn(r.base, p_bytes, NULL); |
|
825 - r.base += p_bytes; |
|
826 + isc_region_consume(&r, p_bytes); |
|
827 |
|
828 dsa->g = BN_bin2bn(r.base, p_bytes, NULL); |
|
829 - r.base += p_bytes; |
|
830 + isc_region_consume(&r, p_bytes); |
|
831 |
|
832 dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL); |
|
833 - r.base += p_bytes; |
|
834 + isc_region_consume(&r, p_bytes); |
|
835 |
|
836 key->key_size = p_bytes * 8; |
|
837 |
|
838 --- old/lib/dns/opensslrsa_link.c Mon Aug 24 00:18:24 2015 |
|
839 +++ new/lib/dns/opensslrsa_link.c Mon Aug 24 00:18:23 2015 |
|
840 @@ -1,5 +1,5 @@ |
|
841 /* |
|
842 - * Copyright (C) 2004-2012, 2014 Internet Systems Consortium, Inc. ("ISC") |
|
843 + * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") |
|
844 * Copyright (C) 2000-2003 Internet Software Consortium. |
|
845 * |
|
846 * Permission to use, copy, modify, and/or distribute this software for any |
|
847 @@ -908,6 +908,7 @@ |
|
848 RSA *rsa; |
|
849 isc_region_t r; |
|
850 unsigned int e_bytes; |
|
851 + unsigned int length; |
|
852 #if USE_EVP |
|
853 EVP_PKEY *pkey; |
|
854 #endif |
|
855 @@ -915,6 +916,7 @@ |
|
856 isc_buffer_remainingregion(data, &r); |
|
857 if (r.length == 0) |
|
858 return (ISC_R_SUCCESS); |
|
859 + length = r.length; |
|
860 |
|
861 rsa = RSA_new(); |
|
862 if (rsa == NULL) |
|
863 @@ -925,8 +927,8 @@ |
|
864 RSA_free(rsa); |
|
865 return (DST_R_INVALIDPUBLICKEY); |
|
866 } |
|
867 - e_bytes = *r.base++; |
|
868 - r.length--; |
|
869 + e_bytes = *r.base; |
|
870 + isc_region_consume(&r, 1); |
|
871 |
|
872 if (e_bytes == 0) { |
|
873 if (r.length < 2) { |
|
874 @@ -933,9 +935,10 @@ |
|
875 RSA_free(rsa); |
|
876 return (DST_R_INVALIDPUBLICKEY); |
|
877 } |
|
878 - e_bytes = ((*r.base++) << 8); |
|
879 - e_bytes += *r.base++; |
|
880 - r.length -= 2; |
|
881 + e_bytes = (*r.base) << 8; |
|
882 + isc_region_consume(&r, 1); |
|
883 + e_bytes += *r.base; |
|
884 + isc_region_consume(&r, 1); |
|
885 } |
|
886 |
|
887 if (r.length < e_bytes) { |
|
888 @@ -943,14 +946,13 @@ |
|
889 return (DST_R_INVALIDPUBLICKEY); |
|
890 } |
|
891 rsa->e = BN_bin2bn(r.base, e_bytes, NULL); |
|
892 - r.base += e_bytes; |
|
893 - r.length -= e_bytes; |
|
894 + isc_region_consume(&r, e_bytes); |
|
895 |
|
896 rsa->n = BN_bin2bn(r.base, r.length, NULL); |
|
897 |
|
898 key->key_size = BN_num_bits(rsa->n); |
|
899 |
|
900 - isc_buffer_forward(data, r.length); |
|
901 + isc_buffer_forward(data, length); |
|
902 |
|
903 #if USE_EVP |
|
904 pkey = EVP_PKEY_new(); |
|
905 --- old/lib/dns/resolver.c Mon Aug 24 00:18:24 2015 |
|
906 +++ new/lib/dns/resolver.c Mon Aug 24 00:18:23 2015 |
|
907 @@ -8572,6 +8572,12 @@ |
|
908 |
|
909 REQUIRE(VALID_RESOLVER(resolver)); |
|
910 |
|
911 + /* |
|
912 + * DH is unsupported for DNSKEYs, see RFC 4034 sec. A.1. |
|
913 + */ |
|
914 + if ((alg == DST_ALG_DH) || (alg == DST_ALG_INDIRECT)) |
|
915 + return (ISC_FALSE); |
|
916 + |
|
917 #if USE_ALGLOCK |
|
918 RWLOCK(&resolver->alglock, isc_rwlocktype_read); |
|
919 #endif |
|
920 @@ -8591,6 +8597,7 @@ |
|
921 #endif |
|
922 if (found) |
|
923 return (ISC_FALSE); |
|
924 + |
|
925 return (dst_algorithm_supported(alg)); |
|
926 } |
|
927 |
|
928 --- old/lib/isc/include/isc/md5.h Mon Aug 24 00:18:24 2015 |
|
929 +++ new/lib/isc/include/isc/md5.h Mon Aug 24 00:18:23 2015 |
|
930 @@ -46,7 +46,8 @@ |
|
931 #include <isc/lang.h> |
|
932 #include <isc/types.h> |
|
933 |
|
934 -#define ISC_MD5_DIGESTLENGTH 16U |
|
935 +#define ISC_MD5_DIGESTLENGTH 16U |
|
936 +#define ISC_MD5_BLOCK_LENGTH 64U |
|
937 |
|
938 typedef struct { |
|
939 isc_uint32_t buf[4]; |
|
940 --- old/version Mon Aug 24 00:18:24 2015 |
|
941 +++ new/version Mon Aug 24 00:18:23 2015 |
|
942 @@ -10,4 +10,4 @@ |
|
943 PATCHVER= |
|
944 RELEASETYPE=-ESV |
|
945 RELEASEVER=-R11 |
|
946 -EXTENSIONS=-P2 |
|
947 +EXTENSIONS=-P3 |