Re: DNSSEC vs netbsd-8/sparc?

To: reed%reedmedia.net@localhost
Subject: Re: DNSSEC vs netbsd-8/sparc?
From: Havard Eidnes <he%NetBSD.org@localhost>
Date: Tue, 05 May 2020 20:25:47 +0200 (CEST)

> I must admit I'm scratching my head about this one.

No more!  And I stil have hair!

Looking at the diff between ISC's lib/isc/sha2.c and ours reveals
that our source has code to overcome alignment issues, but in the
conversion one statement has been omitted.  Here's the relevant
diff between ISCs and ours:

@@ -1500,8 +1503,8 @@
                *context->buffer = 0x80;
        }
        /* Store the length of input data (in bits): */
-       *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
-       *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0];
+       memcpy(&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8],
+           &context->bitcount[0], sizeof(isc_uint64_t));
 
        /* Final transform: */
        isc_sha512_transform(context, (isc_uint64_t*)context->buffer);


So... Applying this patch to our code restores sanity:

Index: dist/lib/isc/sha2.c
===================================================================
RCS file: /cvsroot/src/external/bsd/bind/dist/lib/isc/Attic/sha2.c,v
retrieving revision 1.10.8.1
diff -u -r1.10.8.1 sha2.c
--- dist/lib/isc/sha2.c 21 Jun 2017 18:03:45 -0000      1.10.8.1
+++ dist/lib/isc/sha2.c 5 May 2020 18:19:26 -0000
@@ -1503,6 +1503,8 @@
                *context->buffer = 0x80;
        }
        /* Store the length of input data (in bits): */
+       memcpy(&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH],
+           &context->bitcount[1], sizeof(isc_uint64_t));
        memcpy(&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8],
            &context->bitcount[0], sizeof(isc_uint64_t));
 
and I now get:

: {1} ; dig protonmail.ch. dnskey | dnssec-dsfromkey -f - -a sha384 protonmail.ch
protonmail.ch. IN DS 27196 8 4 E422EE237DE2FE29190F1BDDC0C0E2469679411F329AAB2A7BD8DE43575C1C6FAB6B9FFC521996E526F4B5D513798D9E
: {2} ; dig protonmail.ch. dnskey | /usr/local/sbin/dnssec-dsfromkey -f - -a sha384 protonmail.ch
protonmail.ch. IN DS 27196 8 4 E422EE237DE2FE29190F1BDDC0C0E2469679411F329AAB2A7BD8DE43575C1C6FAB6B9FFC521996E526F4B5D513798D9E
: {3} ; 

after having re-built and re-installed libisc.so.8.5.
Pull-up to netbsd-8 coming right up.

Regards,

- Havard

Follow-Ups:
- Re: DNSSEC vs netbsd-8/sparc?
  - From: Jeffrey Walton

References:
- Re: DNSSEC vs netbsd-8/sparc?
  - From: Greg Troxel
- Re: DNSSEC vs netbsd-8/sparc?
  - From: reed
- Re: DNSSEC vs netbsd-8/sparc?
  - From: Havard Eidnes

Prev by Date: Re: DNSSEC vs netbsd-8/sparc?
Next by Date: Re: DNSSEC vs netbsd-8/sparc?
Previous by Thread: Re: DNSSEC vs netbsd-8/sparc?
Next by Thread: Re: DNSSEC vs netbsd-8/sparc?
Indexes:

Home | Main Index | Thread Index | Old Index