mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 05:28:00 +00:00
Code Issues Releases Wiki Activity
29,493 Commits 656 Branches 820 Tags
Commit Graph

90 Commits

Author SHA1 Message Date
Ondřej Surý
78d0cb0a7d Use coccinelle to remove explicit '#include <config.h>' from the source files 2019-03-08 15:15:05 +01:00
Ondřej Surý
e69dc0dbc7 Remove RSAMD5 support 2018-12-11 11:32:24 +01:00
Ondřej Surý
23fff6c569 Hint the compiler with ISC_UNREACHABLE(); that code after INSIST(0); cannot be reached 2018-11-08 12:22:17 +07:00
Ondřej Surý
7fd3dc63de Add generic message digest API (isc_md) to replace specific MD functions md5/sha1/sha256 2018-10-25 08:15:42 +02:00
Ondřej Surý
994e656977 Replace custom isc_boolean_t with C standard bool type 2018-08-08 09:37:30 +02:00
Ondřej Surý
cb6a185c69 Replace custom isc_u?intNN_t types with C99 u?intNN_t types 2018-08-08 09:37:28 +02:00
Ondřej Surý
c3b8130fe8 Make OpenSSL mandatory 2018-07-19 12:47:03 -04:00
Ondřej Surý
7ee8a7e69f address win32 build issues 
- Replace external -DOPENSSL/-DPKCS11CRYPTO with properly AC_DEFINEd
  HAVE_OPENSSL/HAVE_PKCS11
- Don't enforce the crypto provider from platform.h, just from dst_api.c
  and configure scripts
 2018-05-22 16:32:21 -07:00
Ondřej Surý
3a4f820d62 Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API. 
The three functions has been modeled after the arc4random family of
functions, and they will always return random bytes.

The isc_random family of functions internally use these CSPRNG (if available):

1. getrandom() libc call (might be available on Linux and Solaris)
2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
4. crypto library function:
4a. RAND_bytes in case OpenSSL
4b. pkcs_C_GenerateRandom() in case PKCS#11 library
 2018-05-16 09:54:35 +02:00
Ondřej Surý
55a10b7acd Remove $Id markers, Principal Author and Reviewed tags from the full source tree 2018-05-11 13:17:46 +02:00
Ondřej Surý
61da2bf028 Remove support for OpenSSL < 1.0.0 2018-05-03 15:55:39 +02:00
Ondřej Surý
8d648e7a8a Use standard OPENSSL_NO_ENGINE instead of custom USE_ENGINE define 2018-05-03 15:32:43 +02:00
Ondřej Surý
29ff62a149 Add support for LibreSSL 2.7 2018-05-03 14:13:20 +02:00
Ondřej Surý
d2b3188c61 A couple of more cleanups after free in opensslrsa_generate() 2018-04-04 17:28:55 +02:00
Petr Mensik
edaafacf36 Do not assign NULL conditionally in OpenSSL < 1.1, make it always explicit. 2018-04-04 17:28:55 +02:00
Petr Mensik
01cc622e7b Fix double free on RSA_generate_key_ex failure 2018-04-04 17:28:55 +02:00
Ondřej Surý
843d389661 Update license headers to not include years in copyright in all applicable files 2018-02-23 10:12:02 +01:00
Mukund Sivaraman
d5707676e4 Don't use memset() to wipe memory (#45947) 2017-09-19 16:16:45 +05:30
Mukund Sivaraman
239e9dc81c Reject incorrect RSA key lengths during key generation and and sign/verify context creation (#45043) 2017-04-21 17:31:59 +05:30
Tinderbox User
7b665158e9 update copyright notice / whitespace 2017-01-13 23:45:35 +00:00
Mark Andrews
b8eee0f48d make e's declaration unconditional. [RT #44324] 2017-01-13 16:10:25 +11:00
Mark Andrews
429b543086 add more LIBRESSL_VERSION_NUMBER checks 2016-11-01 12:36:38 +11:00
Mark Andrews
3d38cfaf8a add more LIBRESSL_VERSION_NUMBER checks 2016-11-01 12:24:22 +11:00
Mark Andrews
1fce0951ed 4497. [port] Add support for OpenSSL 1.1.0. [RT #41284] 2016-10-31 10:04:37 +11:00
Mark Andrews
8ee6f289d8 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]
 2016-08-19 08:02:51 +10:00
Mark Andrews
0c27b3fe77 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
Mark Andrews
a12a21a843 bracket mismatch; window openssl version check 2015-12-06 23:05:47 +11:00
Mark Andrews
5b1c7ef35b 4264. [bug] Check const of strchr/strrchr assignments match 
argument's const status. [RT #41150]
 2015-11-20 18:38:24 +11:00
Mark Andrews
f824c65d1f 4340. [port] Fix LibreSSL compatibility. [RT #40977] 2015-10-19 10:43:58 +11:00
Mark Andrews
b46fc43469 #include <isc/safe.h> 2015-08-18 21:22:48 +10:00
Evan Hunt
420a43c8d8 [master] timing safe memory comparisons 
4183.	[cleanup]	Use timing-safe memory comparisons in cryptographic
			code. Also, the timing-safe comparison functions have
			been renamed to avoid possible confusion with
			memcmp(). [RT #40148]
 2015-08-17 18:26:44 -07:00
Evan Hunt
ce9f893e21 [master] address buffer accounting error 
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]
 2015-08-07 13:16:10 -07:00
Mark Andrews
03089dd420 add INSIST to silence coverity 2015-05-30 17:37:14 +10:00
Mark Andrews
8bb630c751 4129. [port] Address API changes in OpenSSL 1.1.0. [RT #39532] 2015-05-28 14:41:21 +10:00
Mark Andrews
e53e202ef3 4128. [bug] Address issues raised by Coverity 7.6. [RT #39537] 2015-05-28 13:17:07 +10:00
Francis Dupont
bcb68be0a8 misc fixes for VS 2015 CTP #39267 2015-04-17 02:57:02 +02:00
Evan Hunt
3249da26fc [master] rationalize external key handling 
3723.	[cleanup]	Imported keys are now handled the same way
			regardless of DNSSEC algorithm. [RT #35215]
 2014-01-30 17:49:32 -08:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00
Tinderbox User
431a83fb29 update copyright notice 2014-01-09 23:46:35 +00:00
Evan Hunt
e851ea8260 [master] replace memcpy() with memmove(). 
3698.	[cleanup]	Replaced all uses of memcpy() with memmove().
			[RT #35120]
 2014-01-08 16:39:05 -08:00
Tinderbox User
63737247d1 update copyright notice 2013-09-05 23:46:16 +00:00
Mark Andrews
0c91911b4d 3642. [func] Allow externally generated DNSKEY to be imported 
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
 2013-09-04 13:53:02 +10:00
Evan Hunt
0e37e9e3d7 [master] silence noisy OpenSSL logging 
3402.	[bug]		Correct interface numbers for IPv4 and IPv6 interfaces.
 2012-10-24 12:58:16 -07:00
Mark Andrews
1d2f282840 cleanup unused variables 2012-07-24 12:18:10 +10:00
Mark Andrews
6eb6af6732 3354. [func] Improve OpenSSL error logging. [RT #29932] 2012-07-23 15:08:21 +10:00
Mark Andrews
ec048f4600 make maxbits signed as BN_num_bits is signed 2012-06-15 11:54:58 +10:00
Mark Andrews
7865ea9545 3339. [func] Allow the maximum supported rsa exponent size to be specified: "max-rsa-exponent-size <value>;" [RT #29228] 2012-06-14 15:44:20 +10:00
Tinderbox User
5fa46bc916 update copyright notice 2012-03-10 23:45:53 +00:00
Mark Andrews
28a8f5b0de set $Id$ 2012-03-08 00:21:15 +11:00
Mark Andrews
8473cd921e pkey is only used if USE_ENGINE is defined or USE_EVP is 1 2011-03-11 02:59:37 +00:00