Report information
The Basics
Id:
45982
Status:
open
Priority:
Low/Low
Queue:
bind9-public
People
Owner:
Nobody in particular
Requestors:
Mark Andrews <marka@isc.org>
Cc:
AdminCc:
BugTracker
Version Fixed:
9.9.12, 9.9.12(sub), 9.10.7, 9.10.7(sub), 9.11.3, 9.12.0
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
P2 Normal
Severity:
S2 Normal
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
(no value)
Area:
feature
Dates
Created:Mon, 11 Sep 2017 22:22:10 -0400
Updated:Fri, 10 Nov 2017 21:00:59 -0500
Closed:Fri, 10 Nov 2017 12:55:58 -0500

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Mon, 11 Sep 2017 22:22:12 -0400 Mark Andrews <marka@isc.org> - Ticket created
Subject: openbsd build failing with --enable-openssl-hash
From: marka@isc.org
To: bind9-public@isc.org
Date: Mon, 11 Sep 2017 16:22:09 -1000
  Mon, 11 Sep 2017 22:25:28 -0400 Mark Andrews <marka@isc.org> - Correspondence added

ready for review
Mon, 11 Sep 2017 22:25:31 -0400 The RT System itself - Status changed from 'new' to 'open'
Mon, 11 Sep 2017 22:25:32 -0400 Mark Andrews <marka@isc.org> - Status changed from 'open' to 'review'
Tue, 12 Sep 2017 00:26:00 -0400 Mark Andrews <marka@isc.org> - Severity S2 Normal added
Tue, 12 Sep 2017 00:26:00 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.9.12, 9.9.12(sub), 9.10.7, 9.10.7(sub), 9.11.3, 9.12.0 added
Tue, 12 Sep 2017 00:26:00 -0400 Mark Andrews <marka@isc.org> - Priority P2 Normal added
Tue, 12 Sep 2017 00:26:02 -0400 Mark Andrews <marka@isc.org> - Status changed from 'review' to 'qa'
Fri, 10 Nov 2017 12:55:58 -0500 Stephen Morris <stephen@isc.org> - Status changed from 'qa' to 'resolved'
  Fri, 10 Nov 2017 21:00:56 -0500 Francis Dupont <Francis_Dupont@isc.org> - Correspondence added

On Fri Nov 10 17:55:57 2017, stephen wrote: > Although this switch may go away (if the proposal to make the presence > of OpenSSL a mandatory requirement goes ahead), => IMHO you mean a crypto library a mandatory requirement (BTE with native PKCS#11 there is no choice: PKCS#11 is always used for hash and hmac). > --enable-openssl-hash and --disable-openssl-hash have no effect on the > outward functionality of BIND: hash values are calculated whatever the > setting of the switch, the only difference being the functions that > calculate them. In both cases, the tests pass. So how can we be > certain that the correct function is being picked up? => the only way is indirect: OpenSSL is faster. I recommend the iterated hash (NSEC3) as it makes the most visible difference. > One way (without modifying the code to output a log message) is to > look > at the undefined symbols in an object file where the hash is > calculated > (e.g. lib/isc/hmacsha.o). If HMAC_CTX_init is undefined, BIND is using > an external provider (i.e. OpsnSSL) to calculate the hash function; if > it > does not contain the undefined symbol, it is using its internal hash > functions. => this works too. > This is probably not something that fits easily into the BIND test > suite and may be best done by an external test. => as the effect is not so visible perhaps we should simply give up?
Fri, 10 Nov 2017 21:00:58 -0500 The RT System itself - Status changed from 'resolved' to 'open'