From 01dd585828bc899b867fbfcc59d91a5cb9c9475d Mon Sep 17 00:00:00 2001
From: Petr Menšík <pemensik@redhat.com>
Date: Aug 27 2019 19:39:46 +0000
Subject: Fix broken pkcs11 initialization


Broken by commit 2a466330c5379150b781709140e8c837d0a95328

---

diff --git a/bind-9.11-fips-code.patch b/bind-9.11-fips-code.patch
index 74dbb05..cf00104 100644
--- a/bind-9.11-fips-code.patch
+++ b/bind-9.11-fips-code.patch
@@ -1,4 +1,4 @@
-From b8485528f5098e3360560d5b85c9ffc592619c55 Mon Sep 17 00:00:00 2001
+From eff6dcb62f3cea6df0a848c2220a49bc02cb4a0e Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
 Date: Thu, 2 Aug 2018 23:34:45 +0200
 Subject: [PATCH] FIPS code changes
@@ -241,7 +241,7 @@ index 5ca3d76..6b7790a 100644
  	port = DEFAULT_PORT;
  
 diff --git a/bin/dig/dig.c b/bin/dig/dig.c
-index 2063a3b..8e856c5 100644
+index 706299e..aaf22e7 100644
 --- a/bin/dig/dig.c
 +++ b/bin/dig/dig.c
 @@ -20,6 +20,7 @@
@@ -252,7 +252,7 @@ index 2063a3b..8e856c5 100644
  #include <isc/netaddr.h>
  #include <isc/parseint.h>
  #include <isc/platform.h>
-@@ -1767,10 +1768,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
+@@ -1774,10 +1775,10 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
  			ptr = ptr2;
  			ptr2 = ptr3;
  		} else  {
@@ -267,7 +267,7 @@ index 2063a3b..8e856c5 100644
  			digestbits = 0;
  		}
 diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
-index e75b8b7..9234d35 100644
+index 93e5b40..afd2700 100644
 --- a/bin/dig/dighost.c
 +++ b/bin/dig/dighost.c
 @@ -80,6 +80,7 @@
@@ -339,7 +339,7 @@ index 1476d0d..f5c9316 100644
  			alg = DST_ALG_HMACMD5;
  #else
 diff --git a/bin/named/config.c b/bin/named/config.c
-index 7584efb..a153172 100644
+index 32c454a..dff826b 100644
 --- a/bin/named/config.c
 +++ b/bin/named/config.c
 @@ -18,6 +18,7 @@
@@ -350,7 +350,7 @@ index 7584efb..a153172 100644
  #include <isc/mem.h>
  #include <isc/parseint.h>
  #include <isc/region.h>
-@@ -969,6 +970,21 @@ ns_config_getkeyalgorithm(const char *str, dns_name_t **name,
+@@ -974,6 +975,21 @@ ns_config_getkeyalgorithm(const char *str, dns_name_t **name,
  	return (ns_config_getkeyalgorithm2(str, name, NULL, digestbits));
  }
  
@@ -372,7 +372,7 @@ index 7584efb..a153172 100644
  isc_result_t
  ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
  			   unsigned int *typep, uint16_t *digestbits)
-@@ -978,7 +994,7 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
+@@ -983,7 +999,7 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
  	uint16_t bits;
  	isc_result_t result;
  
@@ -381,7 +381,7 @@ index 7584efb..a153172 100644
  		len = strlen(algorithms[i].str);
  		if (strncasecmp(algorithms[i].str, str, len) == 0 &&
  		    (str[len] == '\0' ||
-@@ -1001,7 +1017,12 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
+@@ -1006,7 +1022,12 @@ ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
  	if (name != NULL) {
  		switch (algorithms[i].hmac) {
  #ifndef PK11_MD5_DISABLE
@@ -622,7 +622,7 @@ index bde66a4..70a40c3 100644
  	dst_key_free(&dstkey);
  	CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED);
 diff --git a/lib/bind9/check.c b/lib/bind9/check.c
-index 2a0e735..dc80018 100644
+index ec0ab6d..e0803d4 100644
 --- a/lib/bind9/check.c
 +++ b/lib/bind9/check.c
 @@ -23,6 +23,7 @@
@@ -633,7 +633,7 @@ index 2a0e735..dc80018 100644
  #include <isc/mem.h>
  #include <isc/netaddr.h>
  #include <isc/parseint.h>
-@@ -2590,6 +2591,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) {
+@@ -2618,6 +2619,15 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) {
  	}
  
  	algorithm = cfg_obj_asstring(algobj);
@@ -937,10 +937,10 @@ index 9c42c50..f51d548 100644
  
  void
 diff --git a/lib/dns/tests/rsa_test.c b/lib/dns/tests/rsa_test.c
-index 16214c6..9b235ba 100644
+index f9ac6d0..241e17e 100644
 --- a/lib/dns/tests/rsa_test.c
 +++ b/lib/dns/tests/rsa_test.c
-@@ -26,6 +26,7 @@
+@@ -27,6 +27,7 @@
  #define UNIT_TESTING
  #include <cmocka.h>
  
@@ -948,7 +948,7 @@ index 16214c6..9b235ba 100644
  #include <isc/util.h>
  #include <isc/print.h>
  
-@@ -247,6 +248,8 @@ isc_rsa_verify_test(void **state) {
+@@ -248,6 +249,8 @@ isc_rsa_verify_test(void **state) {
  	/* RSAMD5 */
  
  #ifndef PK11_MD5_DISABLE
@@ -957,7 +957,7 @@ index 16214c6..9b235ba 100644
  	key->key_alg = DST_ALG_RSAMD5;
  
  	ret = dst_context_create3(key, mctx, DNS_LOGCATEGORY_DNSSEC,
-@@ -264,6 +267,7 @@ isc_rsa_verify_test(void **state) {
+@@ -265,6 +268,7 @@ isc_rsa_verify_test(void **state) {
  	assert_int_equal(ret, ISC_R_SUCCESS);
  
  	dst_context_destroy(&ctx);
@@ -966,10 +966,10 @@ index 16214c6..9b235ba 100644
  
  	/* RSASHA256 */
 diff --git a/lib/dns/tests/tsig_test.c b/lib/dns/tests/tsig_test.c
-index 8e5250e..9accc53 100644
+index 11d011a..feb2068 100644
 --- a/lib/dns/tests/tsig_test.c
 +++ b/lib/dns/tests/tsig_test.c
-@@ -24,6 +24,7 @@
+@@ -25,6 +25,7 @@
  #define UNIT_TESTING
  #include <cmocka.h>
  
@@ -1215,7 +1215,7 @@ index 249f3da..628a414 100644
  
  /*
 diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c
-index 0d5b009..bb9912b 100644
+index 0d5b009..7809e7b 100644
 --- a/lib/isc/pk11.c
 +++ b/lib/isc/pk11.c
 @@ -197,8 +197,6 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) {
@@ -1227,14 +1227,14 @@ index 0d5b009..bb9912b 100644
  	}
  
  	ISC_LIST_INIT(tokens);
-@@ -236,6 +234,7 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) {
- 		result = PK11_R_NOAESSERVICE;
- 		goto unlock;
+@@ -238,6 +236,7 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) {
  	}
-+	initialized = true;
  #endif
  #endif /* PKCS11CRYPTO */
++	initialized = true;
   unlock:
+ 	UNLOCK(&sessionlock);
+ 	return (result);
 @@ -589,6 +588,8 @@ scan_slots(void) {
  	pk11_token_t *token;
  	unsigned int i;
@@ -1334,10 +1334,10 @@ index 0d5b009..bb9912b 100644
  
  		/* ECDSA requires digest */
 diff --git a/lib/isc/tests/hash_test.c b/lib/isc/tests/hash_test.c
-index 8ddfe70..9c4d299 100644
+index 31ced94..421131e 100644
 --- a/lib/isc/tests/hash_test.c
 +++ b/lib/isc/tests/hash_test.c
-@@ -776,6 +776,9 @@ isc_md5_test(void **state) {
+@@ -775,6 +775,9 @@ isc_md5_test(void **state) {
  
  	UNUSED(state);
  
@@ -1347,7 +1347,7 @@ index 8ddfe70..9c4d299 100644
  	/*
  	 * These are the various test vectors.  All of these are passed
  	 * through the hash function and the results are compared to the
-@@ -1631,6 +1634,9 @@ isc_hmacmd5_test(void **state) {
+@@ -1630,6 +1633,9 @@ isc_hmacmd5_test(void **state) {
  
  	UNUSED(state);
  
@@ -1357,7 +1357,7 @@ index 8ddfe70..9c4d299 100644
  	/*
  	 * These are the various test vectors.  All of these are passed
  	 * through the hash function and the results are compared to the
-@@ -1941,6 +1947,9 @@ static void
+@@ -1940,6 +1946,9 @@ static void
  md5_check_test(void **state) {
  	UNUSED(state);