upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 11:32:01 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
34700 commits 18 branches 854 tags 440 MiB
Commit graph

34700 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mark Andrews
4daa3d6dae
keymgr2kasp: use FIPS compliant algorithms and key sizes 
migrate-nomatch-alglen: switched to RSASHA256 instead of RSASHA1
and the key size now changes from 2048 bits to 3072 bits instead
of 1024 bits to 2048 bits.

migrate-nomatch-algnum: switched to RSASHA256 instead of RSASHA1
as initial algorithm and adjusted mininum key size to 2048 bits.

rsasha256: adjusted minimum key size to 2048 bits.

(cherry picked from commit 048b0151665d6111bb61a98b349c510c36ed99f2)
 2022-10-03 13:28:25 +02:00
Mark Andrews
3d642f46f2
dnssec/signer/general: Replace RSASHA1 keys with RSASHA512 keys 
RSASHA1 is verify only in FIPS mode. Use RSASHA256 instead.

(cherry picked from commit 9c6de6d12dc93e273d5d3545169c3d1f95906ee5)
 2022-10-03 13:28:25 +02:00
Mark Andrews
c6abcefee1
Check if RSASHA1 is supported by the OS 
(cherry picked from commit 1690cb7bb4444f985dfed4edb25b92afa0e5651a)
 2022-10-03 13:28:25 +02:00
Mark Andrews
77e0878444
autosign: use FIPS compatible algorithms and key sizes 
The nsec-only.example zone was not converted as we use it to
test nsec-only DNSSEC algorithms to nsec3 conversion failure.
The subtest is skipped in fips mode.

Update "checking revoked key with duplicate key ID" test
to use FIPS compatible algorithm.

(cherry picked from commit 99ad09975e07cce3cadf7b6b75cda745e72d87a0)
 2022-10-03 13:28:25 +02:00
Mark Andrews
e6d1117891
rsabigexponent: convert the test from RSASHA1 to RSASHA256 
RSASHA1 is not supported on some platforms.

(cherry picked from commit 8c3c0118607f0b2c7b69ce072037634c881794a8)
 2022-10-03 13:28:25 +02:00
Mark Andrews
fe4d8ca7c7
mkeys: use $() instead of back quotes 
(cherry picked from commit 0e45a2b02cf634119afaf30ba7a4dedad5701949)
 2022-10-03 13:19:35 +02:00
Mark Andrews
4950ab72e8
Upgrade uses of hmac-sha1 to DEFAULT_HMAC 
where the test is not hmac-sha1 specific

(cherry picked from commit c533e8bc5b)
 2022-10-03 13:19:35 +02:00
Mark Andrews
aafc3f8cf3
Add CHANGES not for [GL #3440] 
(cherry picked from commit be88c583bd)
 2022-10-03 13:19:35 +02:00
Mark Andrews
e8545ad255
zonechecks: use $DEFAULT_ALGORITHM 
(cherry picked from commit 459e6980e5)
 2022-10-03 13:19:35 +02:00
Mark Andrews
864a2b127a
wildcard: use $DEFAULT_ALGORITHM 
(cherry picked from commit 3f65c9cf85)
 2022-10-03 13:19:34 +02:00
Mark Andrews
76a154d8b1
views: use $DEFAULT_ALGORITHM 
(cherry picked from commit 86b29606c3)
 2022-10-03 13:19:34 +02:00
Mark Andrews
16c6557aa2
verify: use $DEFAULT_ALGORITHM 
(cherry picked from commit 93f7c7cdcd)
 2022-10-03 13:19:34 +02:00
Mark Andrews
150ace9801
upforwd: use $DEFAULT_ALGORITHM 
(cherry picked from commit 5585909904)
 2022-10-03 13:19:34 +02:00
Mark Andrews
516694cd8c
unknown: use $DEFAULT_ALGORITHM 
(cherry picked from commit 9970d4317d)
 2022-10-03 13:19:34 +02:00
Mark Andrews
b8645af516
synthfromdnssec: use $DEFAULT_ALGORITHM 
(cherry picked from commit 73fd49f8bb)
 2022-10-03 13:19:34 +02:00
Mark Andrews
a2d8660485
staticstub: use $DEFAULT_ALGORITHM 
(cherry picked from commit 32337b9dbf)
 2022-10-03 13:19:34 +02:00
Mark Andrews
204811ae41
smartsign: use $DEFAULT_ALGORITHM 
(cherry picked from commit 941b95edb0)
 2022-10-03 13:19:34 +02:00
Mark Andrews
49d8978cb4
rpz: use $DEFAULT_ALGORITHM 
(cherry picked from commit 1861c3e503)
 2022-10-03 13:19:34 +02:00
Mark Andrews
b26a89df34
rootkeysentinel: use $DEFAULT_ALGORITHM 
(cherry picked from commit b0e1d9b1b3)
 2022-10-03 13:19:34 +02:00
Mark Andrews
e78c158ba6
resolver: use $DEFAULT_ALGORITHM 
(cherry picked from commit 05ef8c81dd)
 2022-10-03 13:19:34 +02:00
Mark Andrews
52ce408f0d
redirect: use $DEFAULT_ALGORITHM 
(cherry picked from commit e0e03602ba)
 2022-10-03 13:19:33 +02:00
Mark Andrews
ce8cef8a4b
pending: use $DEFAULT_ALGORITHM 
(cherry picked from commit 6fd50b9fda)
 2022-10-03 13:19:33 +02:00
Mark Andrews
1b94de8d1f
nsupdate: use $DEFAULT_ALGORITHM 
(cherry picked from commit c2d18567fc)
 2022-10-03 13:19:33 +02:00
Mark Andrews
fd8bd94212
mkeys: use $DEFAULT_ALGORITHM 
(cherry picked from commit 78fa082999)
 2022-10-03 13:19:33 +02:00
Mark Andrews
61cfb9a68e
mirror: use $DEFAULT_ALGORITHM 
(cherry picked from commit ff95bafa39)
 2022-10-03 13:19:33 +02:00
Mark Andrews
17a26bced4
metadata: use $DEFAULT_ALGORITHM 
(cherry picked from commit 3f1dc83bfb)
 2022-10-03 13:19:33 +02:00
Mark Andrews
6843c764c6
inline: use $DEFAULT_ALGORITHM 
(cherry picked from commit e3acddefd1)
 2022-10-03 13:19:33 +02:00
Mark Andrews
45c21fd5af
dsdigest: use $DEFAULT_ALGORITHM 
(cherry picked from commit 49de14cb9e)
 2022-10-03 13:19:33 +02:00
Mark Andrews
4ba58611c7
dnssec: use $DEFAULT_ALGORITHM 
(cherry picked from commit d0b0139c90)
 2022-10-03 13:19:33 +02:00
Mark Andrews
53625cc639
dns64: use $DEFAULT_ALGORITHM 
(cherry picked from commit 5cbf1e1598)
 2022-10-03 13:19:33 +02:00
Mark Andrews
7cf9e28924
chain: use $DEFAULT_ALGORITHM 
(cherry picked from commit 3419178bd2)
 2022-10-03 13:19:33 +02:00
Mark Andrews
5f146c76bd
cds: use $DEFAULT_ALGORITHM 
(cherry picked from commit 6cf0b73ede)
 2022-10-03 13:19:33 +02:00
Mark Andrews
1bd3c49454
autosign: use $DEFAULT_ALGORITHM 
(cherry picked from commit bb810b0ac9)
 2022-10-03 13:19:32 +02:00
Mark Andrews
212814cb7e Merge branch '3541-have-named-v-report-supported-algorithms-v9_16' into 'v9_16' 
Report supported crypto algorithms [v9_16]

See merge request isc-projects/bind9!6838
 2022-09-30 14:25:28 +00:00
Petr Špaček
85d0d86b62 Add release note for new crypto algorithm logging 
(cherry picked from commit c138a8aa59)
 2022-09-30 09:57:32 +10:00
Petr Špaček
2c09403ab4 Document list of crypto algorithms in named -V output 
(cherry picked from commit c648e280e4)
 2022-09-30 09:57:32 +10:00
Mark Andrews
e8439121ad Deduplicate string formating 
(cherry picked from commit d34ecdb366)
 2022-09-30 09:57:32 +10:00
Mark Andrews
ffbd1ab762 Add CHANGES entry for [GL #3541] 
(cherry picked from commit e876de442e)
 2022-09-30 09:57:32 +10:00
Mark Andrews
21d4befe09 silence scan-build false positive 
(cherry picked from commit 3156d36495)
 2022-09-30 09:57:32 +10:00
Mark Andrews
3265fc496e Report algorithms supported by named at startup 
(cherry picked from commit cb1515e71f)
 2022-09-30 09:57:32 +10:00
Mark Andrews
989811b6d9 Have 'named -V' report supported algorithms 
These cover DNSSEC, DS, HMAC and TKEY algorithms.

(cherry picked from commit b308f866c0)
 2022-09-30 09:57:32 +10:00
Matthijs Mekking
07748eb298 Merge branch 'matthijs-dnssec-guide-dnssec-policy-requires-inline-signing-v9_16' into 'v9_16' 
[v9_16] Add dnssec-policy inline-signing requirement to documentation

See merge request isc-projects/bind9!6833
 2022-09-28 09:56:53 +00:00
Matthijs Mekking
df11527a9a Add inline-signing to config examples 
Add 'inline-signing yes;' to configuration examples to have working
copy paste configurations.

(cherry picked from commit b13a0c8836d2d8bc5b4de1cdfcdb2057c0bb9d93)
 2022-09-28 10:54:52 +02:00
Matthijs Mekking
5c0e98410f Update inline-signing requirement to ARM 
This change was made in !6403, but the appropriate documentation
changes were not applied to the ARM.

(cherry picked from commit 7231383e4cc57caac36d03055e8627b12aa4b91a)
 2022-09-28 10:54:52 +02:00
Matthijs Mekking
309bf3578b Add inline-signing requirement to DNSSEC Guide 
This change was made in !6403, but the appropriate documentation
changes were not applied to the DNSSEC Guide.

(cherry picked from commit 09522c8d73)
 2022-09-28 10:54:52 +02:00
Mark Andrews
55faa5ab84 Merge branch '3562-assign-default-value-to-suffix-v9_16' into 'v9_16' 
Suffix may be used before it is assigned a value [v9_16]

See merge request isc-projects/bind9!6837
 2022-09-28 04:22:41 +00:00
Mark Andrews
7f2b46f4e5 Suffix may be used before it is assigned a value 
CID 350722 (#5 of 7): Bad use of null-like value (FORWARD_NULL)
        12. invalid_operation: Invalid operation on null-like value suffix.
    145        r.authority.append(
    146            dns.rrset.from_text(
    147                "icky.ptang.zoop.boing." + suffix,
    148                1,
    149                IN,
    150                NS,
    151                "a.bit.longer.ns.name." + suffix,
    152            )
    153        )

(cherry picked from commit 432064f63c)
 2022-09-28 11:19:50 +10:00
Mark Andrews
c2884d1a4b Merge branch '3551-missing-rsa_free-call-in-opensslrsa_verify2-v9_16' into 'v9_16' 
Free 'rsa' if 'e' is NULL in opensslrsa_verify2 [v9_16]

See merge request isc-projects/bind9!6835
 2022-09-28 00:42:18 +00:00
Mark Andrews
a2a06cf376 Add CHANGES note for [GL #3551] 
(cherry picked from commit 1e3680193a)
 2022-09-28 10:06:40 +10:00
Mark Andrews
12f902796d Check BN_dup results in rsa_check 
(cherry picked from commit a47235f4f5)
 2022-09-28 10:06:39 +10:00