bind/bind-fix-fips.patch

Index: bind-9.11.2/lib/dns/opensslgost_link.c
===================================================================
--- bind-9.11.2.orig/lib/dns/opensslgost_link.c
+++ bind-9.11.2/lib/dns/opensslgost_link.c
@@ -578,9 +578,16 @@ dst__opensslgost_init(dst_func_t **funcp
 
 	/* check if the gost engine works properly */
 	e = ENGINE_by_id("gost");
-	if (e == NULL)
+	if (e == NULL) {
+		/* In FIPS mode we cannot get the gost engine, even if
+		 * openssl and bind was originally built with it. */
+#if 0	
 		return (dst__openssl_toresult2("ENGINE_by_id",
 					       DST_R_OPENSSLFAILURE));
+#endif
+		return (ISC_R_SUCCESS);
+	}
+
 	if (ENGINE_init(e) <= 0) {
 		ENGINE_free(e);
 		e = NULL;
Accepting request 694778 from home:nkukreja:branches:network - Add FIPS patch back into bind (bsc#1128220) - File: bind-fix-fips.patch OBS-URL: https://build.opensuse.org/request/show/694778 OBS-URL: https://build.opensuse.org/package/show/network/bind?expand=0&rev=255 2019-04-16 12:45:29 +02:00			`Index: bind-9.11.2/lib/dns/opensslgost_link.c`
			`===================================================================`
			`--- bind-9.11.2.orig/lib/dns/opensslgost_link.c`
			`+++ bind-9.11.2/lib/dns/opensslgost_link.c`
			`@@ -578,9 +578,16 @@ dst__opensslgost_init(dst_func_t **funcp`

			`/* check if the gost engine works properly */`
			`e = ENGINE_by_id("gost");`
			`- if (e == NULL)`
			`+ if (e == NULL) {`
			`+ /* In FIPS mode we cannot get the gost engine, even if`
			`+ * openssl and bind was originally built with it. */`
			`+#if 0`
			`return (dst__openssl_toresult2("ENGINE_by_id",`
			`DST_R_OPENSSLFAILURE));`
			`+#endif`
			`+ return (ISC_R_SUCCESS);`
			`+ }`
			`+`
			`if (ENGINE_init(e) <= 0) {`
			`ENGINE_free(e);`
			`e = NULL;`