upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-24 02:10:30 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/lib/dns
History
Ondřej Surý bd4576b3ce Remove TKEY Mode 2 (Diffie-Hellman) 
Completely remove the TKEY Mode 2 (Diffie-Hellman Exchanged Keying) from
BIND 9 (from named, named.conf and all the tools).  The TKEY usage is
fringe at best and in all known cases, GSSAPI is being used as it should.

The draft-eastlake-dnsop-rfc2930bis-tkey specifies that:

    4.2 Diffie-Hellman Exchanged Keying (Deprecated)

       The use of this mode (#2) is NOT RECOMMENDED for the following two
       reasons but the specification is still included in Appendix A in case
       an implementation is needed for compatibility with old TKEY
       implementations. See Section 4.6 on ECDH Exchanged Keying.

          The mixing function used does not meet current cryptographic
          standards because it uses MD5 [RFC6151].

          RSA keys must be excessively long to achieve levels of security
          required by current standards.

We might optionally implement Elliptic Curve Diffie-Hellman (ECDH) key
exchange mode 6 if the draft ever reaches the RFC status.  Meanwhile the
insecure DH mode needs to be removed.
2023-03-08 08:36:25 +01:00
..
include Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
rdata Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
.gitignore 4394. [func] Add rndc command "dnstap-reopen" to close and 2016-06-24 09:37:04 +10:00
acl.c Add the reader-writer synchronization with modified C-RW-WP 2023-02-15 09:30:04 +01:00
adb.c Don't remove ADB entry from LRU before trying to expire it 2023-02-17 07:16:50 +01:00
badcache.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
byaddr.c remove isc_task completely 2023-02-16 18:35:32 +01:00
cache.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
callbacks.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
catz.c Check if catz is active in dns__catz_update_cb() 2023-03-02 17:40:10 +00:00
client.c move dispatchmgr from resolver to view 2023-02-24 08:30:33 +00:00
clientinfo.c refactor dns_clientinfo_init(); use separate function to set ECS 2023-02-07 23:48:22 -08:00
compress.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
db.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
dbiterator.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
diff.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
dispatch.c fix a bug in dns_dispatch_getnext() 2023-02-24 08:30:33 +00:00
dlz.c Add the reader-writer synchronization with modified C-RW-WP 2023-02-15 09:30:04 +01:00
dns64.c Add isc_rwlock around dns_aclenv .localhost and .localnets member 2022-04-04 19:27:00 +02:00
dnsrps.c Fix DNSRPS code after struct dns_db refactoring 2023-02-28 09:16:05 +01:00
dnssec.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
dnstap.c remove isc_task completely 2023-02-16 18:35:32 +01:00
dnstap.proto Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
ds.c Simplify way we tag unreachable code with only ISC_UNREACHABLE() 2022-03-25 08:33:43 +01:00
dst_api.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
dst_internal.h Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
dst_openssl.h Make OpenSSL keypair comparation a generic helper function 2023-01-09 19:30:49 +01:00
dst_parse.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
dst_parse.h Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
dyndb.c switch to using isc_loopmgr_pause() instead of task exclusive 2023-02-16 17:51:55 +01:00
ecs.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
fixedname.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
forward.c Add the reader-writer synchronization with modified C-RW-WP 2023-02-15 09:30:04 +01:00
gen.c Remove unused support for fromwire(DNS_NAME_DOWNCASE) 2023-02-06 13:26:36 +00:00
geoip2.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
gssapi_link.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
gssapictx.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
hmac_link.c In hmac_createctx free ctx on isc_hmac_init failure 2023-02-17 21:58:56 +00:00
ipkeylist.c remove nonfunctional DSCP implementation 2023-01-09 12:15:21 -08:00
iptable.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
journal.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
kasp.c Suppress duplicate digest types 2023-02-28 09:38:17 +01:00
key.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
keydata.c Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
keymgr.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
keytable.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
log.c Add a qp-trie data structure 2023-02-27 13:47:25 +00:00
Makefile.am Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
master.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
masterdump.c remove isc_task completely 2023-02-16 18:35:32 +01:00
message.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
name.c Define DNS_NAME_MAXLABELS and DNS_NAME_LABELLEN 2023-02-27 11:27:12 +00:00
ncache.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
nsec.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
nsec3.c Remove unused support for fromwire(DNS_NAME_DOWNCASE) 2023-02-06 13:26:36 +00:00
nta.c remove isc_task completely 2023-02-16 18:35:32 +01:00
openssl_link.c Call OSSL_STORE_INFO_free on error path 2023-02-07 12:29:34 +00:00
openssl_shim.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
openssl_shim.h Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
opensslecdsa_link.c Refactor OpenSSL ECDSA private key export 2023-01-09 19:56:31 +01:00
openssleddsa_link.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
opensslrsa_link.c Improve OpenSSL RSA key extraction 2023-01-25 21:04:27 +02:00
order.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
peer.c remove nonfunctional DSCP implementation 2023-01-09 12:15:21 -08:00
private.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
qp.c Improve qp-trie compaction in write transactions 2023-02-27 13:47:57 +00:00
qp_p.h Improve qp-trie compaction in write transactions 2023-02-27 13:47:57 +00:00
rbt.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
rbtdb.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
rbtdb.h Remove remaining checks for rbt64 2022-05-03 00:41:42 +01:00
rcode.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
rdata.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
rdatalist.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
rdataset.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
rdatasetiter.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
rdataslab.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
remote.c remove nonfunctional DSCP implementation 2023-01-09 12:15:21 -08:00
request.c remove dead code in dns_request 2023-02-24 08:30:33 +00:00
resconf.c Move irs_resconf into libdns and remove libirs 2023-02-24 09:38:59 +00:00
resolver.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
result.c Remove some remnants of bitstring labels 2023-02-06 13:22:30 +00:00
rootns.c Extend dns_db_allrdatasets to control interation results 2022-12-07 22:20:02 +00:00
rpz.c remove isc_task completely 2023-02-16 18:35:32 +01:00
rriterator.c Extend dns_db_allrdatasets to control interation results 2022-12-07 22:20:02 +00:00
rrl.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
sdlz.c Implement dns_db node tracing 2023-02-28 11:44:15 +01:00
soa.c Remove use of the inline keyword used as suggestion to compiler 2022-03-25 08:33:43 +01:00
ssu.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
ssu_external.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
stats.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
tests Move all the unit tests to /tests/<libname>/ 2022-05-28 14:53:02 -07:00
time.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
tkey.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
transport.c Add the reader-writer synchronization with modified C-RW-WP 2023-02-15 09:30:04 +01:00
tsig.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
tsig_p.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
ttl.c Remove do-nothing header <isc/print.h> 2023-02-15 16:44:47 +00:00
update.c remove isc_task completely 2023-02-16 18:35:32 +01:00
validator.c remove validator lock 2023-02-17 07:18:25 +01:00
view.c Decouple view->resolver and friends shutdown and detach 2023-02-28 15:32:33 +00:00
xfrin.c refactor dns_xfrin to use dns_dispatch 2023-02-24 08:30:33 +00:00
zone.c Remove TKEY Mode 2 (Diffie-Hellman) 2023-03-08 08:36:25 +01:00
zone_p.h Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
zonekey.c Update sources to Clang 15 formatting 2022-11-29 08:54:34 +01:00
zoneverify.c Extend dns_db_allrdatasets to control interation results 2022-12-07 22:20:02 +00:00
zt.c remove isc_task completely 2023-02-16 18:35:32 +01:00