Re: DNSSEC vs netbsd-8/sparc?

To: gdt%lexort.com@localhost
Subject: Re: DNSSEC vs netbsd-8/sparc?
From: Havard Eidnes <he%NetBSD.org@localhost>
Date: Tue, 21 Apr 2020 16:55:40 +0200 (CEST)

> Does anybody think that the bind bits in netbsd-8 are ok, even before we
> talk about compilation?

I'm about halfway through the diff between what's in-tree in
netbsd-8 and what's in ISC BIND 9.10.5-P1, and all I find so far
are

 - tweak of RCSID tags
 - /*CONSTCOND*/ annotation additions
 - addition of "pfilter" hooksk
 - a couple of "cast via void*" additions

Oh, wait...

diff -ru /usr/pkgsrc/tmp/bind-9.10.5-P1/lib/isc/hmacsha.c /usr/src/external/bsd/bind/dist/lib/isc/hmacsha.c
...
  * This code implements the HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384
@@ -1084,6 +1086,7 @@
 void
 isc_hmacsha1_invalidate(isc_hmacsha1_t *ctx) {
        isc_sha1_invalidate(&ctx->sha1ctx);
+       memset(ctx->key, 0, sizeof(ctx->key));
        memset(ctx, 0, sizeof(*ctx));
 }
 
...

That can't be it, can it?

...

Nope; I tried reversing this diff, and rebuilt & reinstalled the
BIND libs, and no change.

At least this problem is also evident on NetBSD/powerpc 8.0:

golden-delicious: {2} uname -a
NetBSD golden-delicious.urc.uninett.no 8.0 NetBSD 8.0 (GOLDEN-DELICIOUS) #5: Tue Feb 26 11:52:02 CET 2019  he%golden-delicious.urc.uninett.no@localhost:/usr/obj/sys/arch/macppc/compile/GOLDEN-DELICIOUS macppc
golden-delicious: {3} dig . dnskey | dnssec-dsfromkey -f - .
. IN DS 20326 8 1 42CAD163F25D96B28A8413628A2EBEBC8341B1CD
. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
golden-delicious: {4} 

Hmm, wait a bit... One commonality between sparc, sparc64 and
macppc is that they're all big-endian.  ... and in
external/bsd/bind/include/config.h (which is "pre-cooked" in
NetBSD, but the corresponding file is generated by configure by
the ISC build setup) we find this part:

/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
   significant byte first (like Motorola and SPARC, unlike Intel). */
#ifndef __NetBSD__
/* Defined by the build process */
#if defined AC_APPLE_UNIVERSAL_BUILD
# if defined __BIG_ENDIAN__
#  define WORDS_BIGENDIAN 1
# endif
#else
# ifndef WORDS_BIGENDIAN
/* #  undef WORDS_BIGENDIAN */
# endif
#endif
#endif

which on NetBSD ends up not defining WORDS_BIGENDIAN ever, which
is OK for little-endian platforms, but not quite for the others.
Let's see...

Index: include/config.h
===================================================================
RCS file: /cvsroot/src/external/bsd/bind/include/Attic/config.h,v
retrieving revision 1.20.8.1
diff -u -r1.20.8.1 config.h
--- include/config.h    21 Jun 2017 18:03:51 -0000      1.20.8.1
+++ include/config.h    21 Apr 2020 14:26:04 -0000
@@ -594,6 +594,11 @@
 /* #  undef WORDS_BIGENDIAN */
 # endif
 #endif
+#else /* __NetBSD__ */
+# include <endian.h>
+# if _BYTE_ORDER == _BIG_ENDIAN
+#  define WORDS_BIGENDIAN 1
+# endif
 #endif
 
 /* Define to empty if `const' does not conform to ANSI C. */

fixes it!  After re-building libs and reinstalling them:

golden-delicious# dig . dnskey | dnssec-dsfromkey -f - .
. IN DS 20326 8 1 AE1EA5B974D4C858B740BD03E3CED7EBFCBD1724
. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
golden-delicious# 

Regards,

- Håvard

Follow-Ups:
- Re: DNSSEC vs netbsd-8/sparc?
  - From: John D. Baker
- Re: DNSSEC vs netbsd-8/sparc?
  - From: Greg Troxel
- Re: DNSSEC vs netbsd-8/sparc?
  - From: Jeffrey Walton

References:
- Re: DNSSEC vs netbsd-8/sparc?
  - From: Havard Eidnes
- Re: DNSSEC vs netbsd-8/sparc?
  - From: Sad Clouds
- Re: DNSSEC vs netbsd-8/sparc?
  - From: Greg Troxel

Prev by Date: Re: logout delay
Next by Date: Re: logout delay
Previous by Thread: Re: DNSSEC vs netbsd-8/sparc?
Next by Thread: Re: DNSSEC vs netbsd-8/sparc?
Indexes:

Home | Main Index | Thread Index | Old Index