mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity
30,186 Commits 660 Branches 820 Tags
7f4d1dbddfbc2571a7b407078b8526cf809e1afb
Commit Graph

135 Commits

Author SHA1 Message Date
Mark Andrews
b59fe46e76 address or suppress cppcheck warnings 2019-09-12 17:59:28 +10:00
Ondřej Surý
ae83801e2b Remove blocks checking whether isc_mem_get() failed using the coccinelle 2019-07-23 15:32:35 -04:00
Ondřej Surý
78d0cb0a7d Use coccinelle to remove explicit '#include <config.h>' from the source files 2019-03-08 15:15:05 +01:00
Ondřej Surý
e69dc0dbc7 Remove RSAMD5 support 2018-12-11 11:32:24 +01:00
Ondřej Surý
b2b43fd235 Turn (int & flag) into (int & flag) != 0 when implicitly typed to bool 2018-11-08 12:21:53 +07:00
Ondřej Surý
7fc78e7cad Remove internal dst memory context that was used just for OpenSSL and was passthrough for malloc and free 2018-10-25 08:16:24 +02:00
Ondřej Surý
b98ac2593c Add generic hashed message authentication code API (isc_hmac) to replace specific HMAC functions hmacmd5/hmacsha1/hmacsha2... 2018-10-25 08:15:42 +02:00
Ondřej Surý
7fd3dc63de Add generic message digest API (isc_md) to replace specific MD functions md5/sha1/sha256 2018-10-25 08:15:42 +02:00
Mark Andrews
607c2d7441 free key on error 2018-10-23 20:19:07 -04:00
Evan Hunt
09f58ab63f retain a minimal "methods" struct in the mctx 
- this enables memory to be allocated and freed in dyndb modules
  when named is linked statically. when we standardize on libtool,
  this should become unnecessary.
- also, simplified the isc_mem_create/createx API by removing
  extra compatibility functions
 2018-10-18 09:19:12 +00:00
Ondřej Surý
3994b1f9c2 Remove support for obsoleted and insecure DSA and DSA-NSEC3-SHA1 algorithms 2018-10-05 09:21:43 +02:00
Ondřej Surý
0f24c55d38 Refactor *_destroy and *_detach functions to unified order of actions. 
This properly orders clearing the freed pointer and calling isc_refcount_destroy
as early as possible to have ability to put proper memory barrier when cleaning
up reference counting.
 2018-08-28 13:15:59 +02:00
Ondřej Surý
bef8ac5bae Rewrite isc_refcount API to fetch_and_<op>, instead of former <op>_and_<fetch> 2018-08-28 12:15:39 +02:00
Ondřej Surý
0a7535ac81 isc_refcount_init() now doesn't return isc_result_t and asserts on failed initialization 2018-08-28 12:15:39 +02:00
Ondřej Surý
f0f71420c8 Remove legacy support for AIX 2018-08-28 10:31:47 +02:00
Witold Kręcicki
5cdb38c2c7 Remove unthreaded support 2018-08-16 17:18:52 +02:00
Ondřej Surý
994e656977 Replace custom isc_boolean_t with C standard bool type 2018-08-08 09:37:30 +02:00
Ondřej Surý
cb6a185c69 Replace custom isc_u?intNN_t types with C99 u?intNN_t types 2018-08-08 09:37:28 +02:00
Ondřej Surý
fc496b2b5d Fix DH and ECDSA algorithms in PKCS#11 build 2018-07-19 14:00:40 -04:00
Ondřej Surý
0a73c9f137 Remove PKCS#11 DH implementation as there's no private keys stored in HSM for DH algorithm 2018-07-19 12:47:03 -04:00
Ondřej Surý
c3b8130fe8 Make OpenSSL mandatory 2018-07-19 12:47:03 -04:00
Ondřej Surý
27593e65dc Remove support for obsoleted ECC-GOST (GOST R 34.11-94) algorithm 2018-06-05 09:14:14 +02:00
Evan Hunt
9147a31b94 copyrights 2018-05-23 12:39:40 -04:00
Ondřej Surý
7ee8a7e69f address win32 build issues 
- Replace external -DOPENSSL/-DPKCS11CRYPTO with properly AC_DEFINEd
  HAVE_OPENSSL/HAVE_PKCS11
- Don't enforce the crypto provider from platform.h, just from dst_api.c
  and configure scripts
 2018-05-22 16:32:21 -07:00
Ondřej Surý
3a4f820d62 Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API. 
The three functions has been modeled after the arc4random family of
functions, and they will always return random bytes.

The isc_random family of functions internally use these CSPRNG (if available):

1. getrandom() libc call (might be available on Linux and Solaris)
2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
4. crypto library function:
4a. RAND_bytes in case OpenSSL
4b. pkcs_C_GenerateRandom() in case PKCS#11 library
 2018-05-16 09:54:35 +02:00
Ondřej Surý
55a10b7acd Remove $Id markers, Principal Author and Reviewed tags from the full source tree 2018-05-11 13:17:46 +02:00
Ondřej Surý
9a3a257374 Always use random data from the crypto provider 2018-05-03 15:03:46 +02:00
Witold Kręcicki
702c022016 libdns refactoring: get rid of multiple versions of dns_xfrin_create, dst_key_generate, dst_lib_init and dst_context_create 2018-04-06 08:04:41 +02:00
Evan Hunt
0fabe0da83 update file headers 2018-03-15 18:33:13 -07:00
Ondřej Surý
843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Mark Andrews
a8fa4a9e42 use %u instead of %d 2018-02-16 10:20:38 +11:00
Michał Kępień
6cdff94830 [master] Remove unused variable "len" from buildfilename() 2017-10-09 13:53:02 +02:00
Michał Kępień
077f9626c2 [master] Add isc_buffer_printf() 
4767.	[func]		Add a new function, isc_buffer_printf(), which can be
			used to append a formatted string to the used region of
			a buffer. [RT #46201]
 2017-10-09 11:43:07 +02:00
Mark Andrews
a009d03a1a 4748. [cleanup] Sprintf to snprintf coversions. [RT #46132] 2017-10-03 14:54:19 +11:00
Evan Hunt
24172bd2ee [master] completed and corrected the crypto-random change 
4724.	[func]		By default, BIND now uses the random number
			functions provided by the crypto library (i.e.,
			OpenSSL or a PKCS#11 provider) as a source of
			randomness rather than /dev/random.  This is
			suitable for virtual machine environments
			which have limited entropy pools and lack
			hardware random number generators.

			This can be overridden by specifying another
			entropy source via the "random-device" option
			in named.conf, or via the -r command line option;
			however, for functions requiring full cryptographic
			strength, such as DNSSEC key generation, this
			cannot be overridden. In particular, the -r
			command line option no longer has any effect on
			dnssec-keygen.

			This can be disabled by building with
			"configure --disable-crypto-rand".
			[RT #31459] [RT #46047]
 2017-09-28 10:09:22 -07:00
Mukund Sivaraman
d5707676e4 Don't use memset() to wipe memory (#45947) 2017-09-19 16:16:45 +05:30
Evan Hunt
586e65ea5c [rt31459d] rebased rt31459c 2017-09-12 19:05:46 -07:00
Tinderbox User
b74e1c3b50 update copyright notice / whitespace 2017-08-01 23:46:29 +00:00
Francis Dupont
9b9182fe00 Added Ed25519 support (#44696) 2017-07-31 15:26:00 +02:00
Mark Andrews
52e2aab392 4546. [func] Extend the use of const declarations. [RT #43379] 2016-12-30 15:45:08 +11:00
Mark Andrews
8eceb0bffe 4461. [bug] win32: not all external data was properly marked 
as external data for windows dll. [RT #43161]
 2016-09-07 14:12:11 +10:00
Mark Andrews
8ee6f289d8 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]
 2016-08-19 08:02:51 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Francis Dupont
2a8aa10492 Merged rt42505 (misc DNSSEC bugs) 2016-06-01 09:18:49 +02:00
Evan Hunt
7f7eb969f5 [master] print syncpublish and syncdelete in key file comments 2016-01-25 08:03:07 -08:00
Tinderbox User
feb1ccdaf1 update copyright notice / whitespace 2016-01-05 23:45:26 +00:00
Evan Hunt
c8b968f414 [master] fix use after free on xfr timeout 
4289.	[bug]		The server could crash due to memory being used
			after it was freed if a zone transfer timed out.
			[RT #41297]
 2016-01-04 22:05:23 -08:00
Tinderbox User
431e5c81db update copyright notice / whitespace 2015-05-28 23:45:24 +00:00
Mark Andrews
e53e202ef3 4128. [bug] Address issues raised by Coverity 7.6. [RT #39537] 2015-05-28 13:17:07 +10:00
Mukund Sivaraman
aa232396ee [24702] Include key filename in logged message 
Squashed commit of the following:

commit 593e6bc7e29938ff5c2f7508bde303fb069a97a9
Author: Mukund Sivaraman <muks@isc.org>
Date:   Tue Jun 10 19:17:40 2014 +0530

    Increase size of filename buffers

commit b8685678e026ba98b8833e26664193b6345eb00e
Author: Evan Hunt <each@isc.org>
Date:   Wed Jun 4 18:57:44 2014 -0700

    [rt24702] some tweaks during review

commit adfbc8f808716c63e9e097d92beef104527e5c6f
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed Jun 4 18:18:35 2014 +0530

    [24702] Include key filename in logged message

commit f1eff77e7e3704b145c3d65101a735467dd81dc3
Author: Mukund Sivaraman <muks@isc.org>
Date:   Wed Jun 4 18:12:43 2014 +0530

    Add dst_key_getfilename()
 2014-06-10 19:18:34 +05:30