Mark Andrews
76af83c9ad
4497. [port] Add support for OpenSSL 1.1.0. [RT #41284 ]
...
(cherry picked from commit 1fce0951ed
2016-10-31 10:05:55 +11:00
Mark Andrews
c40906dfad
4450. [port] Provide more nuanced HSM support which better matches
...
the specific PKCS11 providers capabilities. [RT #42458 ]
(cherry picked from commit 8ee6f289d8
2016-08-19 08:05:47 +10:00
Mark Andrews
0c27b3fe77
4401. [misc] Change LICENSE to MPL 2.0.
2016-06-27 14:56:38 +10:00
Tinderbox User
161b5249b9
update copyright notice / whitespace
2015-08-19 23:45:23 +00:00
Evan Hunt
420a43c8d8
[master] timing safe memory comparisons
...
4183. [cleanup] Use timing-safe memory comparisons in cryptographic
code. Also, the timing-safe comparison functions have
been renamed to avoid possible confusion with
memcmp(). [RT #40148 ]
2015-08-17 18:26:44 -07:00
Francis Dupont
fc63119c8b
Hardened OpenSSL digest/HMAC calls [RT #37944 ]
2014-12-02 12:41:01 +01:00
Evan Hunt
acbb301e64
[master] better error output when initializing pkcs11
...
3786. [func] Provide more detailed error codes when using
native PKCS#11. "pkcs11-tokens" now fails robustly
rather than asserting when run against an HSM with
an incomplete PCKS#11 API implementation. [RT #35479 ]
2014-03-12 20:52:01 -07:00
Evan Hunt
dbb012765c
[master] merge libiscpk11 to libisc
...
3735. [cleanup] Merged the libiscpk11 library into libisc
to simplify dependencies. [RT #35205 ]
2014-02-11 21:20:28 -08:00
Evan Hunt
1b255a0c4e
[master] overlooked some memcpy->memmove changes with pkcs11 merge
2014-01-21 10:08:01 -08:00
Evan Hunt
ba751492fc
[master] native PKCS#11 support
...
3705. [func] "configure --enable-native-pkcs11" enables BIND
to use the PKCS#11 API for all cryptographic
functions, so that it can drive a hardware service
module directly without the need to use a modified
OpenSSL as intermediary (so long as the HSM's vendor
provides a complete-enough implementation of the
PKCS#11 interface). This has been tested successfully
with the Thales nShield HSM and with SoftHSMv2 from
the OpenDNSSEC project. [RT #29031 ]
2014-01-14 15:40:56 -08:00
Tinderbox User
431a83fb29
update copyright notice
2014-01-09 23:46:35 +00:00
Evan Hunt
e851ea8260
[master] replace memcpy() with memmove().
...
3698. [cleanup] Replaced all uses of memcpy() with memmove().
[RT #35120 ]
2014-01-08 16:39:05 -08:00
Tinderbox User
ca48f47d88
update copyright notice
2013-07-09 23:46:11 +00:00
Evan Hunt
5b7abbef51
[master] added isc_safe_memcmp()
...
3611. [bug] Improved resistance to a theoretical authentication
attack based on differential timing. [RT #33939 ]
2013-07-09 11:47:16 -07:00
Tinderbox User
5fa46bc916
update copyright notice
2012-03-10 23:45:53 +00:00
Mark Andrews
28a8f5b0de
set $Id$
2012-03-08 00:21:15 +11:00
Automatic Updater
64691d525b
update copyright notice
2011-10-24 23:46:14 +00:00
Michael Graff
522222cf93
Correctly invalidate the sha2/hmac2 contexts. This was already done in practice, but this makes it zero out the whole structure rather than just the first 4 bytes + the key. sha2.c did not always zero out the full sha2 state in invalidate, but will now.
2011-10-24 22:51:29 +00:00
Automatic Updater
53f0234c3e
update copyright notice
2009-02-06 23:47:42 +00:00
Francis Dupont
c1d7e0562f
OpenSSL hashes
2009-02-06 12:26:23 +00:00
Mark Andrews
c60eaaf9b3
2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094 ]
2007-08-27 03:27:53 +00:00
Automatic Updater
70e5a7403f
update copyright notice
2007-06-19 23:47:24 +00:00
Automatic Updater
ec5347e2c7
update copyright notice
2007-06-18 23:47:57 +00:00
Mark Andrews
02ced31b6a
2072. [bug] We were not generating valid HMAC SHA digests.
...
[RT #16320 ]
2006-08-16 03:15:09 +00:00
Mark Andrews
fc7685a7f1
silence compiler warnings
2006-01-31 00:35:21 +00:00
Mark Andrews
26e2a07a0b
update copyright notice
2006-01-27 23:57:46 +00:00
Mark Andrews
c6d4f78152
1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
...
HMACSHA512 support. [RT #13606 ]
2006-01-27 02:35:15 +00:00
