Evan Hunt
3249da26fc
[master] rationalize external key handling
...
3723. [cleanup] Imported keys are now handled the same way
regardless of DNSSEC algorithm. [RT #35215 ]
2014-01-30 17:49:32 -08:00
Evan Hunt
ba751492fc
[master] native PKCS#11 support
...
3705. [func] "configure --enable-native-pkcs11" enables BIND
to use the PKCS#11 API for all cryptographic
functions, so that it can drive a hardware service
module directly without the need to use a modified
OpenSSL as intermediary (so long as the HSM's vendor
provides a complete-enough implementation of the
PKCS#11 interface). This has been tested successfully
with the Thales nShield HSM and with SoftHSMv2 from
the OpenDNSSEC project. [RT #29031 ]
2014-01-14 15:40:56 -08:00
Tinderbox User
431a83fb29
update copyright notice
2014-01-09 23:46:35 +00:00
Evan Hunt
e851ea8260
[master] replace memcpy() with memmove().
...
3698. [cleanup] Replaced all uses of memcpy() with memmove().
[RT #35120 ]
2014-01-08 16:39:05 -08:00
Tinderbox User
ca48f47d88
update copyright notice
2013-07-09 23:46:11 +00:00
Evan Hunt
5b7abbef51
[master] added isc_safe_memcmp()
...
3611. [bug] Improved resistance to a theoretical authentication
attack based on differential timing. [RT #33939 ]
2013-07-09 11:47:16 -07:00
Tinderbox User
ef1963d83d
update copyright notice
2012-06-15 23:45:49 +00:00
Mark Andrews
7865ea9545
3339. [func] Allow the maximum supported rsa exponent size to be specified: "max-rsa-exponent-size <value>;" [RT #29228 ]
2012-06-14 15:44:20 +10:00
Automatic Updater
135bcc2e42
update copyright notice
2011-01-11 23:47:14 +00:00
Mark Andrews
433e06a25c
3006. [func] Allow dynamically generated TSIG keys to be preserved
...
across restarts of named. Initially this is for
TSIG keys generated using GSSAPI. [RT #22639 ]
2011-01-10 05:32:04 +00:00
Automatic Updater
a30c7003af
update copyright notice
2010-01-07 23:48:54 +00:00
Evan Hunt
0f66aced26
2834. [bug] HMAC-SHA* keys that were longer than the algorithm
...
digest length were used incorrectly, leading to
interoperability problems with other DNS
implementations. This has been corrected.
(Note: If an oversize key is in use, and
compatibility is needed with an older release of
BIND, the new tool "isc-hmac-fixup" can convert
the key secret to a form that will work with all
versions.) [RT #20751 ]
2010-01-07 21:52:12 +00:00
Francis Dupont
775a8d86d9
keygen progress indication [RT #20284 ]
2009-10-24 09:46:19 +00:00
Evan Hunt
315a1514a5
2709. [func] Added some data fields, currently unused, to the
...
private key file format, to allow implementation
of explicit key rollover in a future release
without impairing backward or forward compatibility.
[RT #20310 ]
2009-10-09 06:09:21 +00:00
Automatic Updater
7b1894bec1
update copyright notice
2009-09-03 23:48:13 +00:00
Mark Andrews
bbc204a237
2669. [func] Update PKCS#11 support to support Keyper HSM.
...
Update PKCS#11 patch to be against openssl-0.9.8i.
2009-09-03 04:09:58 +00:00
Automatic Updater
e672951ed2
update copyright notice
2008-04-01 23:47:10 +00:00
Francis Dupont
2a31bd5310
add EVP and PKCS11
2008-03-31 14:42:51 +00:00
Automatic Updater
271c4c7ffa
update copyright notice
2007-08-28 07:20:43 +00:00
Automatic Updater
70e5a7403f
update copyright notice
2007-06-19 23:47:24 +00:00
Automatic Updater
ec5347e2c7
update copyright notice
2007-06-18 23:47:57 +00:00
Mark Andrews
289ae548d5
2105. [func] GSS-TSIG support (RFC 3645).
2006-12-04 01:54:53 +00:00
Mark Andrews
26e2a07a0b
update copyright notice
2006-01-27 23:57:46 +00:00
Mark Andrews
c6d4f78152
1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
...
HMACSHA512 support. [RT #13606 ]
2006-01-27 02:35:15 +00:00
Mark Andrews
69fe9aaafd
update copyright notice
2005-04-29 00:24:12 +00:00
Rob Austein
ab023a6556
1851. [doc] Doxygen comment markup. [RT #11398 ]
2005-04-27 04:57:32 +00:00
Mark Andrews
494576ce20
1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
...
allow parallel make to succeed.
2004-12-09 01:41:25 +00:00
