mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-28 13:08:06 +00:00
Code Issues Releases Wiki Activity
23,469 Commits 660 Branches 820 Tags
Commit Graph

58 Commits

Author SHA1 Message Date
Mark Andrews
03089dd420 add INSIST to silence coverity 2015-05-30 17:37:14 +10:00
Mark Andrews
8bb630c751 4129. [port] Address API changes in OpenSSL 1.1.0. [RT #39532] 2015-05-28 14:41:21 +10:00
Mark Andrews
e53e202ef3 4128. [bug] Address issues raised by Coverity 7.6. [RT #39537] 2015-05-28 13:17:07 +10:00
Francis Dupont
bcb68be0a8 misc fixes for VS 2015 CTP #39267 2015-04-17 02:57:02 +02:00
Evan Hunt
3249da26fc [master] rationalize external key handling 
3723.	[cleanup]	Imported keys are now handled the same way
			regardless of DNSSEC algorithm. [RT #35215]
 2014-01-30 17:49:32 -08:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Tinderbox User
431a83fb29 update copyright notice 2014-01-09 23:46:35 +00:00
Evan Hunt
e851ea8260 [master] replace memcpy() with memmove(). 
3698.	[cleanup]	Replaced all uses of memcpy() with memmove().
			[RT #35120]
 2014-01-08 16:39:05 -08:00
Tinderbox User
63737247d1 update copyright notice 2013-09-05 23:46:16 +00:00
Mark Andrews
0c91911b4d 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-09-04 13:53:02 +10:00
Evan Hunt
0e37e9e3d7 [master] silence noisy OpenSSL logging 
3402.	[bug]		Correct interface numbers for IPv4 and IPv6 interfaces.
 2012-10-24 12:58:16 -07:00
Mark Andrews
1d2f282840 cleanup unused variables 2012-07-24 12:18:10 +10:00
Mark Andrews
6eb6af6732 3354. [func] Improve OpenSSL error logging. [RT #29932] 2012-07-23 15:08:21 +10:00
Mark Andrews
ec048f4600 make maxbits signed as BN_num_bits is signed 2012-06-15 11:54:58 +10:00
Mark Andrews
7865ea9545 3339. [func] Allow the maximum supported rsa exponent size to be specified: "max-rsa-exponent-size <value>;" [RT #29228] 2012-06-14 15:44:20 +10:00
Tinderbox User
5fa46bc916 update copyright notice 2012-03-10 23:45:53 +00:00
Mark Andrews
28a8f5b0de set $Id$ 2012-03-08 00:21:15 +11:00
Mark Andrews
8473cd921e pkey is only used if USE_ENGINE is defined or USE_EVP is 1 2011-03-11 02:59:37 +00:00
Mark Andrews
19f4b069dc 3068. [bug] Named failed to build with a OpenSSL without engine 
support. [RT #23473]
 2011-03-11 01:11:54 +00:00
Automatic Updater
135bcc2e42 update copyright notice 2011-01-11 23:47:14 +00:00
Mark Andrews
433e06a25c 3006. [func] Allow dynamically generated TSIG keys to be preserved 
across restarts of named.  Initially this is for
                        TSIG keys generated using GSSAPI. [RT #22639]
 2011-01-10 05:32:04 +00:00
Mark Andrews
8a0943e125 silence compiler warnings. [RT #20472] 2009-10-30 05:08:23 +00:00
Mark Andrews
4c53f98dbd RFC5702 2009-10-28 21:08:18 +00:00
Automatic Updater
990dca4605 update copyright notice 2009-10-27 23:47:45 +00:00
Mark Andrews
e09cdbac08 2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system 
test. [RT #20453]
 2009-10-27 22:25:37 +00:00
Francis Dupont
775a8d86d9 keygen progress indication [RT #20284] 2009-10-24 09:46:19 +00:00
Automatic Updater
510032fdf4 update copyright notice 2009-10-22 23:48:07 +00:00
Evan Hunt
cc6cddfd94 2726. [func] Added support for SHA-2 DNSSEC algorithms, 
RSASHA256 and RSASHA512. [RT #20023]
 2009-10-22 02:21:31 +00:00
Mark Andrews
3c5e54941f 2718. [bug] The space calculations in opensslrsa_todns() were 
incorrect. [RT #20394]
 2009-10-20 02:59:19 +00:00
Francis Dupont
8b78c993cb explicit engine rt20230a 2009-10-05 17:30:49 +00:00
Francis Dupont
6839f8b6df cleanup USE_EVP_RSA (RT #20044) 2009-09-23 11:16:50 +00:00
Francis Dupont
1f821c1058 merge rt19294 2009-09-07 12:58:33 +00:00
Mark Andrews
bbc204a237 2669. [func] Update PKCS#11 support to support Keyper HSM. 
Update PKCS#11 patch to be against openssl-0.9.8i.
 2009-09-03 04:09:58 +00:00
Mark Andrews
97a2451eea 2653. [bug] Treat ENGINE_load_private_key() failures as key 
not found rather than out of memory.  [RT #18033]
 2009-08-18 07:45:14 +00:00
Evan Hunt
553ead32ff 2636. [func] Simplify zone signing and key maintenance with the 
dnssec-* tools.  Major changes:
			- all dnssec-* tools now take a -K option to
			  specify a directory in which key files will be
			  stored
			- DNSSEC can now store metadata indicating when
			  they are scheduled to be published, acttivated,
			  revoked or removed; these values can be set by
			  dnssec-keygen or overwritten by the new
			  dnssec-settime command
			- dnssec-signzone -S (for "smart") option reads key
			  metadata and uses it to determine automatically
			  which keys to publish to the zone, use for
			  signing, revoke, or remove from the zone
			[RT #19816]
 2009-07-19 04:18:05 +00:00
Francis Dupont
47b7dfffe5 spelling 2009-01-17 14:45:17 +00:00
Automatic Updater
03faa7804e update copyright notice 2009-01-14 23:48:00 +00:00
Francis Dupont
fa7ef31685 integrate -P1 patch 2009-01-14 17:28:47 +00:00
Mark Andrews
6098d364b6 2448. [func] Add NSEC3 support. [RT #15452] 2008-09-24 02:46:23 +00:00
Automatic Updater
e672951ed2 update copyright notice 2008-04-01 23:47:10 +00:00
Mark Andrews
dec509888a don't use C99 declarations 2008-04-01 00:03:31 +00:00
Francis Dupont
2a31bd5310 add EVP and PKCS11 2008-03-31 14:42:51 +00:00
Automatic Updater
70e5a7403f update copyright notice 2007-06-19 23:47:24 +00:00
Automatic Updater
ec5347e2c7 update copyright notice 2007-06-18 23:47:57 +00:00
Mark Andrews
46f681f001 2105. [func] GSS-TSIG support (RFC 3645). 2006-12-04 02:26:05 +00:00
Mark Andrews
289ae548d5 2105. [func] GSS-TSIG support (RFC 3645). 2006-12-04 01:54:53 +00:00
Mark Andrews
6805e4e2c4 2101. [bug] OpenSSL version checks were not quite right. 
[RT #16476]
 2006-11-07 21:23:06 +00:00
Mark Andrews
b5d4d4d77f WIN32 not WIN 2006-10-11 03:54:56 +00:00
Mark Andrews
0695629678 Windows specific compile time test for: 
2089.   [security]      Raise the minimum safe OpenSSL versions to
                        OpenSSL 0.9.7l and OpenSSL 0.9.8d.  Versions
                        prior to these have known security flaws which
                        are (potentially) exploitable in named. [RT #16391]
 2006-10-11 02:15:59 +00:00
Mark Andrews
14a2b06605 Use F5 as large RSA exponent w/ OpenSSL 0.9.8 2006-10-10 02:30:10 +00:00