mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-27 20:49:04 +00:00
Code Issues Releases Wiki Activity
36,567 Commits 655 Branches 820 Tags
Commit Graph

117 Commits

Author SHA1 Message Date
Mark Andrews
1fce0951ed 4497. [port] Add support for OpenSSL 1.1.0. [RT #41284] 2016-10-31 10:04:37 +11:00
Mark Andrews
8ee6f289d8 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]
 2016-08-19 08:02:51 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Mark Andrews
a12a21a843 bracket mismatch; window openssl version check 2015-12-06 23:05:47 +11:00
Mark Andrews
5b1c7ef35b 4264. [bug] Check const of strchr/strrchr assignments match 
argument's const status. [RT #41150]
 2015-11-20 18:38:24 +11:00
Mark Andrews
f824c65d1f 4340. [port] Fix LibreSSL compatibility. [RT #40977] 2015-10-19 10:43:58 +11:00
Mark Andrews
b46fc43469 #include <isc/safe.h> 2015-08-18 21:22:48 +10:00
Evan Hunt
420a43c8d8 [master] timing safe memory comparisons 
4183.	[cleanup]	Use timing-safe memory comparisons in cryptographic
			code. Also, the timing-safe comparison functions have
			been renamed to avoid possible confusion with
			memcmp(). [RT #40148]
 2015-08-17 18:26:44 -07:00
Evan Hunt
ce9f893e21 [master] address buffer accounting error 
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]
 2015-08-07 13:16:10 -07:00
Mark Andrews
03089dd420 add INSIST to silence coverity 2015-05-30 17:37:14 +10:00
Mark Andrews
8bb630c751 4129. [port] Address API changes in OpenSSL 1.1.0. [RT #39532] 2015-05-28 14:41:21 +10:00
Mark Andrews
e53e202ef3 4128. [bug] Address issues raised by Coverity 7.6. [RT #39537] 2015-05-28 13:17:07 +10:00
Francis Dupont
bcb68be0a8 misc fixes for VS 2015 CTP #39267 2015-04-17 02:57:02 +02:00
Evan Hunt
3249da26fc [master] rationalize external key handling 
3723.	[cleanup]	Imported keys are now handled the same way
			regardless of DNSSEC algorithm. [RT #35215]
 2014-01-30 17:49:32 -08:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Tinderbox User
431a83fb29 update copyright notice 2014-01-09 23:46:35 +00:00
Evan Hunt
e851ea8260 [master] replace memcpy() with memmove(). 
3698.	[cleanup]	Replaced all uses of memcpy() with memmove().
			[RT #35120]
 2014-01-08 16:39:05 -08:00
Tinderbox User
63737247d1 update copyright notice 2013-09-05 23:46:16 +00:00
Mark Andrews
0c91911b4d 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-09-04 13:53:02 +10:00
Evan Hunt
0e37e9e3d7 [master] silence noisy OpenSSL logging 
3402.	[bug]		Correct interface numbers for IPv4 and IPv6 interfaces.
 2012-10-24 12:58:16 -07:00
Mark Andrews
1d2f282840 cleanup unused variables 2012-07-24 12:18:10 +10:00
Mark Andrews
6eb6af6732 3354. [func] Improve OpenSSL error logging. [RT #29932] 2012-07-23 15:08:21 +10:00
Mark Andrews
ec048f4600 make maxbits signed as BN_num_bits is signed 2012-06-15 11:54:58 +10:00
Mark Andrews
7865ea9545 3339. [func] Allow the maximum supported rsa exponent size to be specified: "max-rsa-exponent-size <value>;" [RT #29228] 2012-06-14 15:44:20 +10:00
Tinderbox User
5fa46bc916 update copyright notice 2012-03-10 23:45:53 +00:00
Mark Andrews
28a8f5b0de set $Id$ 2012-03-08 00:21:15 +11:00
Mark Andrews
8473cd921e pkey is only used if USE_ENGINE is defined or USE_EVP is 1 2011-03-11 02:59:37 +00:00
Mark Andrews
19f4b069dc 3068. [bug] Named failed to build with a OpenSSL without engine 
support. [RT #23473]
 2011-03-11 01:11:54 +00:00
Automatic Updater
135bcc2e42 update copyright notice 2011-01-11 23:47:14 +00:00
Mark Andrews
433e06a25c 3006. [func] Allow dynamically generated TSIG keys to be preserved 
across restarts of named.  Initially this is for
                        TSIG keys generated using GSSAPI. [RT #22639]
 2011-01-10 05:32:04 +00:00
Mark Andrews
8a0943e125 silence compiler warnings. [RT #20472] 2009-10-30 05:08:23 +00:00
Mark Andrews
4c53f98dbd RFC5702 2009-10-28 21:08:18 +00:00
Automatic Updater
990dca4605 update copyright notice 2009-10-27 23:47:45 +00:00
Mark Andrews
e09cdbac08 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system 
test. [RT #20453]
 2009-10-27 22:25:37 +00:00
Francis Dupont
775a8d86d9 keygen progress indication [RT #20284] 2009-10-24 09:46:19 +00:00
Automatic Updater
510032fdf4 update copyright notice 2009-10-22 23:48:07 +00:00
Evan Hunt
cc6cddfd94 2726. [func] Added support for SHA-2 DNSSEC algorithms, 
RSASHA256 and RSASHA512. [RT #20023]
 2009-10-22 02:21:31 +00:00
Mark Andrews
3c5e54941f 2718. [bug] The space calculations in opensslrsa_todns() were 
incorrect. [RT #20394]
 2009-10-20 02:59:19 +00:00
Francis Dupont
8b78c993cb explicit engine rt20230a 2009-10-05 17:30:49 +00:00
Francis Dupont
6839f8b6df cleanup USE_EVP_RSA (RT #20044) 2009-09-23 11:16:50 +00:00
Francis Dupont
1f821c1058 merge rt19294 2009-09-07 12:58:33 +00:00
Mark Andrews
bbc204a237 2669. [func] Update PKCS#11 support to support Keyper HSM. 
Update PKCS#11 patch to be against openssl-0.9.8i.
 2009-09-03 04:09:58 +00:00
Mark Andrews
97a2451eea 2653. [bug] Treat ENGINE_load_private_key() failures as key 
not found rather than out of memory.  [RT #18033]
 2009-08-18 07:45:14 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the 
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
 2009-07-19 04:18:05 +00:00
Francis Dupont
47b7dfffe5 spelling 2009-01-17 14:45:17 +00:00
Automatic Updater
03faa7804e update copyright notice 2009-01-14 23:48:00 +00:00
Francis Dupont
fa7ef31685 integrate -P1 patch 2009-01-14 17:28:47 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Automatic Updater
e672951ed2 update copyright notice 2008-04-01 23:47:10 +00:00
Mark Andrews
dec509888a don't use C99 declarations 2008-04-01 00:03:31 +00:00