upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-27 17:17:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
27156 commits 18 branches 854 tags 440 MiB
Commit graph

42 commits

Author SHA1 Message Date
Ondřej Surý
52784fc3cc Disable runtime detection of md5 and sha1 support for Utimaco HSM. 
Utimaco HSM requires user to be logged in before executing DigestUpdate, thus
breaking dst_lib_init2 that ran isc_md5_check and isc_sha1_check before sending
PIN to the HSM.  Therefore isc_*_check needs to be disabled when Utimaco HSM is
being used as PKCS#11 library.
 2018-11-09 00:07:55 +07:00
Ondřej Surý
1084b40b44 Replace custom isc_boolean_t with C standard bool type 
(cherry picked from commit 994e656977)
(cherry picked from commit 884929400c)
 2018-08-10 15:20:57 +02:00
Ondřej Surý
188526f41c Remove $Id markers, Principal Author and Reviewed tags from the full source tree 
(cherry picked from commit 55a10b7acd)
 2018-05-11 14:25:15 +02:00
Evan Hunt
09cf48603a update file headers 2018-03-15 18:38:48 -07:00
Evan Hunt
8b205089b7 update file headers to remove copyright years 2018-03-14 16:40:20 -07:00
Mark Andrews
d8351dfc9b 4881. [bug] Only include dst_openssl.h when OpenSSL is required. 
[RT #47068]

(cherry picked from commit a64503c736)
 2018-01-30 15:28:51 +11:00
Tinderbox User
9eb24f1f84 update copyright notice / whitespace 2018-01-17 23:47:10 +00:00
Francis Dupont
f9c410d937 Merged rt46864 (check MD5 amd SHA1 support) 2018-01-17 14:40:13 +01:00
Tinderbox User
8688e7005a update copyright notice / whitespace 2017-09-19 23:47:50 +00:00
Mukund Sivaraman
b5252fcde5 Don't use memset() to wipe memory (#45947) 
(cherry picked from commit d5707676e4)
 2017-09-19 17:00:37 +05:30
Mark Andrews
c40906dfad 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]

(cherry picked from commit 8ee6f289d8)
 2016-08-19 08:05:47 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Evan Hunt
420a43c8d8 [master] timing safe memory comparisons 
4183.	[cleanup]	Use timing-safe memory comparisons in cryptographic
			code. Also, the timing-safe comparison functions have
			been renamed to avoid possible confusion with
			memcmp(). [RT #40148]
 2015-08-17 18:26:44 -07:00
Tinderbox User
c4567d0675 update copyright notice / whitespace 2015-08-07 23:45:26 +00:00
Evan Hunt
ce9f893e21 [master] address buffer accounting error 
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]
 2015-08-07 13:16:10 -07:00
Evan Hunt
3249da26fc [master] rationalize external key handling 
3723.	[cleanup]	Imported keys are now handled the same way
			regardless of DNSSEC algorithm. [RT #35215]
 2014-01-30 17:49:32 -08:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Tinderbox User
431a83fb29 update copyright notice 2014-01-09 23:46:35 +00:00
Evan Hunt
e851ea8260 [master] replace memcpy() with memmove(). 
3698.	[cleanup]	Replaced all uses of memcpy() with memmove().
			[RT #35120]
 2014-01-08 16:39:05 -08:00
Tinderbox User
ca48f47d88 update copyright notice 2013-07-09 23:46:11 +00:00
Evan Hunt
5b7abbef51 [master] added isc_safe_memcmp() 
3611.	[bug]		Improved resistance to a theoretical authentication
			attack based on differential timing.  [RT #33939]
 2013-07-09 11:47:16 -07:00
Tinderbox User
ef1963d83d update copyright notice 2012-06-15 23:45:49 +00:00
Mark Andrews
7865ea9545 3339. [func] Allow the maximum supported rsa exponent size to be specified: "max-rsa-exponent-size <value>;" [RT #29228] 2012-06-14 15:44:20 +10:00
Automatic Updater
135bcc2e42 update copyright notice 2011-01-11 23:47:14 +00:00
Mark Andrews
433e06a25c 3006. [func] Allow dynamically generated TSIG keys to be preserved 
across restarts of named.  Initially this is for
                        TSIG keys generated using GSSAPI. [RT #22639]
 2011-01-10 05:32:04 +00:00
Automatic Updater
a30c7003af update copyright notice 2010-01-07 23:48:54 +00:00
Evan Hunt
0f66aced26 2834. [bug] HMAC-SHA* keys that were longer than the algorithm 
digest length were used incorrectly, leading to
			interoperability problems with other DNS
			implementations.  This has been corrected.
			(Note: If an oversize key is in use, and
			compatibility is needed with an older release of
			BIND, the new tool "isc-hmac-fixup" can convert
			the key secret to a form that will work with all
			versions.) [RT #20751]
 2010-01-07 21:52:12 +00:00
Francis Dupont
775a8d86d9 keygen progress indication [RT #20284] 2009-10-24 09:46:19 +00:00
Evan Hunt
315a1514a5 2709. [func] Added some data fields, currently unused, to the 
private key file format, to allow implementation
			of explicit key rollover in a future release
			without impairing backward or forward compatibility.
			[RT #20310]
 2009-10-09 06:09:21 +00:00
Automatic Updater
7b1894bec1 update copyright notice 2009-09-03 23:48:13 +00:00
Mark Andrews
bbc204a237 2669. [func] Update PKCS#11 support to support Keyper HSM. 
Update PKCS#11 patch to be against openssl-0.9.8i.
 2009-09-03 04:09:58 +00:00
Automatic Updater
e672951ed2 update copyright notice 2008-04-01 23:47:10 +00:00
Francis Dupont
2a31bd5310 add EVP and PKCS11 2008-03-31 14:42:51 +00:00
Automatic Updater
271c4c7ffa update copyright notice 2007-08-28 07:20:43 +00:00
Automatic Updater
70e5a7403f update copyright notice 2007-06-19 23:47:24 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
289ae548d5 2105. [func] GSS-TSIG support (RFC 3645). 2006-12-04 01:54:53 +00:00
Mark Andrews
26e2a07a0b update copyright notice 2006-01-27 23:57:46 +00:00
Mark Andrews
c6d4f78152 1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and 
HMACSHA512 support. [RT #13606]
 2006-01-27 02:35:15 +00:00
Mark Andrews
69fe9aaafd update copyright notice 2005-04-29 00:24:12 +00:00
Rob Austein
ab023a6556 1851. [doc] Doxygen comment markup. [RT #11398] 2005-04-27 04:57:32 +00:00
Mark Andrews
494576ce20 1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should 
allow parallel make to succeed.
 2004-12-09 01:41:25 +00:00
Renamed from lib/dns/sec/dst/hmac_link.c (Browse further)