upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-02 21:40:43 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
31417 commits 18 branches 854 tags 440 MiB
Commit graph

31417 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ondřej Surý
c56cd29bbb Use SO_REUSEPORT only on Linux, use SO_REUSEPORT_LB on FreeBSD 
The SO_REUSEPORT socket option on Linux means something else on BSD
based systems.  On FreeBSD there's 1:1 option SO_REUSEPORT_LB, so we can
use that.

(cherry picked from commit 09ba47b067)
 2020-05-01 16:50:06 +02:00
Ondřej Surý
a0134ad57e Merge branch '1795-make-dnstap-work-reliably-with-netmgr-v9_16' into 'v9_16' 
Resolve "Some dnstap data may not be logged in BIND 9.15.6+"

See merge request isc-projects/bind9!3485
 2020-05-01 14:32:12 +00:00
Michał Kępień
ea5f122ffc Add CHANGES entry 
(cherry picked from commit 47c769e475)
 2020-05-01 16:29:36 +02:00
Michał Kępień
3a40a3f9a8 Add a release note 
(cherry picked from commit 4a5c1c7bfe)
 2020-05-01 16:29:18 +02:00
Michał Kępień
299954d006 Make dnstap work reliably with netmgr 
The introduction of netmgr doubled the number of threads from which
dnstap data may be logged: previously, it could only happen from within
taskmgr worker threads; with netmgr, it can happen both from taskmgr
worker threads and from network threads.  Since the argument passed to
fstrm_iothr_options_set_num_input_queues() was not updated to reflect
this change, some calls to fstrm_iothr_get_input_queue() can now return
NULL, effectively preventing some dnstap data from being logged.
Whether this bug is triggered or not depends on thread scheduling order
and packet distribution between network threads, but will almost
certainly be triggered on any recursive resolver sooner or later.  Fix
by requesting the correct number of dnstap input queues to be allocated.

(cherry picked from commit 77dc091855)
 2020-05-01 16:29:18 +02:00
Ondřej Surý
f6fcd0d208 Merge branch '1763-ossl-eddsa-engine-v9_16' into 'v9_16' 
Add engine support to OpenSSL EdDSA implementation (v9.16)

See merge request isc-projects/bind9!3483
 2020-05-01 14:27:12 +00:00
Ondřej Surý
a3ed49c515 Add release notes for #1763 
(cherry picked from commit 3c5cdc3f24)
 2020-05-01 16:25:56 +02:00
Ondřej Surý
928a4ff3f3 Add CHANGES note for #1763 
(cherry picked from commit 3422c496ae)
 2020-05-01 16:25:56 +02:00
Aaron Thompson
dddcc4a7eb Add engine support to OpenSSL EdDSA implementation. 
(cherry picked from commit 6a9f20d031)
 2020-05-01 16:25:56 +02:00
Aaron Thompson
112ffbaaa2 Use OpenSSL raw key functions for EdDSA keys. 
(cherry picked from commit f9685b29f9)
 2020-05-01 16:25:56 +02:00
Ondřej Surý
3112e08ba0 Merge branch '1534-add-ecdsa-openssl-pkcs11-engine-support-v9_16' into 'v9_16' 
Add engine support to OpenSSL ECDSA implementation (v9.16)

See merge request isc-projects/bind9!3484
 2020-05-01 14:25:17 +00:00
Ondřej Surý
b657411076 Add release note for GL #1534 
(cherry picked from commit 80d51223c3)
 2020-05-01 14:31:19 +02:00
Ondřej Surý
a600ff4917 Add CHANGES note for GL #1534 
(cherry picked from commit dde438dac7)
 2020-05-01 14:31:12 +02:00
Ondřej Surý
ce0f31a93b Simplify error handling 
(cherry picked from commit 064d8b7a6d)
 2020-05-01 14:30:04 +02:00
Ondřej Surý
0fa7c9099c Add initial support for ECDSA keys via OpenSSL PKCS#11 engine 
(cherry picked from commit aff61535c2)
 2020-05-01 14:30:04 +02:00
Ondřej Surý
46ddf100cc Merge branch 'ondrej/fix-system-tests-on-openbsd-v9.16' into 'v9_16' 
Fix system tests on openbsd v9.16

See merge request isc-projects/bind9!3478
 2020-05-01 11:40:21 +00:00
Ondřej Surý
3300e73570 Rename start() and stop() to start_server() and stop_server() 
On OpenBSD, there's non-POSIX alias from stop to kill that breaks
the conf.sh.common script.
 2020-05-01 13:37:44 +02:00
Ondřej Surý
7f37699725 Change the 'date -R' to sort-of iso-8601 emulated time 2020-05-01 13:37:44 +02:00
Ondřej Surý
da90f69a29 Merge branch '1797-libuv-1-37-requires-uv_init_ex-to-be-used-for-mmsg-v9_16' into 'v9_16' 
Resolve "libuv >= 1.37 requires uv_udp_init_ex() to be used for mmsg"

See merge request isc-projects/bind9!3474
 2020-05-01 10:45:46 +00:00
Witold Kręcicki
21d0bf6cd8 CHANGES note 2020-05-01 11:29:18 +02:00
Witold Kręcicki
786a289dfb Don't free udp recv buffer if UV_UDP_MMSG_CHUNK is set 
(cherry picked from commit 83049ceabf)
 2020-05-01 11:27:46 +02:00
Ondřej Surý
cf7975400e Use UV_UDP_RECVMMSG to enable mmsg support in libuv if available 
(cherry picked from commit d5356a40ff)
 2020-05-01 11:27:46 +02:00
Ondřej Surý
c015ae2341 Merge branch '1648-native-pkcs11-eddsa-v9_16' into 'v9_16' 
Resolve "Fix PKCS#11-based EdDSA support"

See merge request isc-projects/bind9!3472
 2020-05-01 08:32:45 +00:00
Ondřej Surý
e4a7cf0624 Make the cleanpkcs11.sh more universal across branches 2020-05-01 09:02:54 +02:00
Ondřej Surý
7b5cc16bad Fix another the start_fail -> start_servers_failed typo 2020-05-01 08:06:07 +02:00
Ondřej Surý
795cfad2d3 Fixup the start_fail -> start_servers_failed typo 
(cherry picked from commit 0313d2950a)
 2020-05-01 08:03:08 +02:00
Ondřej Surý
73868ba80b Add release notes 
(cherry picked from commit e69d34a454)
 2020-05-01 08:03:08 +02:00
Ondřej Surý
492703d1a8 Add CHANGES 
(cherry picked from commit 84fffbdb4c)
 2020-05-01 08:03:03 +02:00
Ondřej Surý
09535ac6d6 Fix the check for non-operational algs 15 and 16 in PKCS#11 
(cherry picked from commit 57c39ddbe3)
 2020-05-01 08:02:09 +02:00
Ondřej Surý
f35b8cee47 Fail running run.sh when clean.sh or setup.sh fails 
(cherry picked from commit 101672f664)
 2020-05-01 08:02:05 +02:00
Ondřej Surý
4cc5b572bd Refactor the pkcs11 to test for individual algorithms 
(cherry picked from commit a6bdb9639a)
 2020-05-01 08:00:52 +02:00
Aaron Thompson
c0e1dc33d5 Update EdDSA implementation to PKCS#11 v3.0. 
Per Current Mechanisms 2.3.5, the curve name is DER-encoded in the
EC_PARAMS attribute, and the public key value is DER-encoded in the
EC_POINT attribute.

(cherry picked from commit 2e6b7a56cc)
 2020-05-01 08:00:52 +02:00
Aaron Thompson
2401952bbb Fix EdDSA key sizes (key_size is in bits). 
(cherry picked from commit 9b87fe1051)
 2020-05-01 08:00:52 +02:00
Aaron Thompson
4ba7a0ec2d Add EdDSA algorithms back to dnssec-keyfromlabel help text. 
Regressed in 45afdb2672.

(cherry picked from commit 4969577189)
 2020-05-01 08:00:52 +02:00
Ondřej Surý
a39348336e Merge branch '1763-pkcs11-code-cleanups-v9_16' into 'v9_16' 
Resolve "Implement and improve the PKCS#11 code"

See merge request isc-projects/bind9!3471
 2020-05-01 05:57:17 +00:00
Ondřej Surý
fb8f428f07 Add CHANGES 
(cherry picked from commit 48473d464f)
 2020-05-01 06:54:27 +02:00
Ondřej Surý
358affe585 Use switch instead of if when evaluating curves 
Previously, the code would do:

    REQUIRE(alg == CURVE1 || alg == CURVE2);

    [...]

    if (alg == CURVE1) { /* code for CURVE1 */ }
    else { /* code for CURVE2 */ }

This approach is less extensible and also more prone to errors in case
the initial REQUIRE() is forgotten.  The code has been refactored to
use:

    REQUIRE(alg == CURVE1 || alg == CURVE2);

    [...]

    switch (alg) {
    case CURVE1: /* code for CURVE1 */; break;
    case CURVE2: /* code for CURVE2 */; break;
    default: INSIST(0);
    }

(cherry picked from commit cf30e7d0d1)
 2020-05-01 06:54:27 +02:00
Ondřej Surý
4e1c7e1c01 Refactor the code using the pk11 ECC constants. 
The pk11/constants.h header contained static CK_BYTE arrays and
we had to use #defines to pull only those we need.  This commit
changes the constants to only define byte arrays with the content
and either use them directly or define the CK_BYTE arrays locally
where used.

(cherry picked from commit da38bd0e1d)
 2020-05-01 06:54:27 +02:00
Ondřej Surý
dc51f720b9 Only print warning when PKCS#11 dnssec-keygen fails from Edwards curves 
(cherry picked from commit 9d979d7cd6)
 2020-05-01 06:54:26 +02:00
Aaron Thompson
fb21f7d0e6 Fix a segfault when a PKCS#11 token is not found. 
(cherry picked from commit 541d7bafe6)
 2020-05-01 06:54:26 +02:00
Aaron Thompson
0777eb04bf Fix bad syntax in pkcs11eddsa_link.c. 
Introduced in 994e656977.

(cherry picked from commit 46cae09023)
 2020-05-01 06:54:26 +02:00
Aaron Thompson
8607580599 Update to PKCS#11 v3.0 EdDSA macros. 
(cherry picked from commit 3e685fe01a)
 2020-05-01 06:54:26 +02:00
Aaron Thompson
b5f2e93339 Fix compiler warnings about unused pk11 constants. 
(cherry picked from commit 2ef379d911)
 2020-05-01 06:54:26 +02:00
Aaron Thompson
61853130c9 Remove remaining PKCS#11 DH references. 
Missed in 0a73c9f137 and 8efd394c80.

(cherry picked from commit d28c7dadbb)
 2020-05-01 06:54:26 +02:00
Aaron Thompson
f89a566b26 Remove unnecessary forward declarations. 
(cherry picked from commit 6a6485a531)
 2020-05-01 06:54:26 +02:00
Aaron Thompson
690eb14078 Finish refactoring pkcs11eddsa_link.c after isc_buffer_allocate change. 
Left over after c73e5866c4.

(cherry picked from commit 7744aece03)
 2020-05-01 06:54:26 +02:00
Aaron Thompson
c8b85a191e Remove unreachable label in pkcs11eddsa_link.c. 
Missed in ae83801e2b.

(cherry picked from commit b4a7bfd55e)
 2020-05-01 06:54:26 +02:00
Aaron Thompson
f534519af5 Finish refactoring after the removal of --with-ecdsa and --with-eddsa. 
Missed in c3b8130fe8.

(cherry picked from commit 7fc4f926fb)
 2020-05-01 06:54:26 +02:00
Aaron Thompson
78e4cc96d7 Remove old comment. 
Missed in 6aae193ded.

(cherry picked from commit 48e0c0bc4a)
 2020-05-01 06:54:26 +02:00
Aaron Thompson
e1d846124c Finish replacing OP_EC with OP_ECDSA/OP_EDDSA. 
Missed in c3b8130fe8.

(cherry picked from commit bb158e8a4c)
 2020-05-01 06:54:26 +02:00