d8351dfc9b725b0d727be7acab6247d7d501d9a0 |
|
30-Jan-2018 |
Mark Andrews <marka@isc.org> |
4881. [bug] Only include dst_openssl.h when OpenSSL is required.
[RT #47068]
(cherry picked from commit a64503c7361e6629822428b0455ee98bbda75bf0) |
9eb24f1f84885d5c2e51a7f675264db398c31af7 |
|
18-Jan-2018 |
Tinderbox User <tbox@isc.org> |
update copyright notice / whitespace |
f9c410d93711fbf312a0162f1e2d3f2a5ede69af |
|
17-Jan-2018 |
Francis Dupont <fdupont@isc.org> |
Merged rt46864 (check MD5 amd SHA1 support) |
8688e7005afed694ca129d00d3cd73b32828804b |
|
20-Sep-2017 |
Tinderbox User <tbox@isc.org> |
update copyright notice / whitespace |
b5252fcde512405a68dd4becfe683d9763bd0fea |
|
19-Sep-2017 |
Mukund Sivaraman <muks@isc.org> |
Don't use memset() to wipe memory (#45947)
(cherry picked from commit d5707676e45551d1ceb600a674f3f13351fd3105) |
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5 |
|
19-Aug-2016 |
Mark Andrews <marka@isc.org> |
4450. [port] Provide more nuanced HSM support which better matches
the specific PKCS11 providers capabilities. [RT #42458]
(cherry picked from commit 8ee6f289d87851a5b898b24a64587f0e6bc225bc) |
0c27b3fe77ac1d5094ba3521e8142d9e7973133f |
|
27-Jun-2016 |
Mark Andrews <marka@isc.org> |
4401. [misc] Change LICENSE to MPL 2.0. |
420a43c8d8028992a4e9c170022f97bfac689025 |
|
18-Aug-2015 |
Evan Hunt <each@isc.org> |
[master] timing safe memory comparisons
4183. [cleanup] Use timing-safe memory comparisons in cryptographic
code. Also, the timing-safe comparison functions have
been renamed to avoid possible confusion with
memcmp(). [RT #40148] |
c4567d06753c4420af492d07b720125a918fcf23 |
|
08-Aug-2015 |
Tinderbox User <tbox@isc.org> |
update copyright notice / whitespace |
ce9f893e21d2ffc6f6a78bf226c038c396740aeb |
|
07-Aug-2015 |
Evan Hunt <each@isc.org> |
[master] address buffer accounting error
4168. [security] A buffer accounting error could trigger an
assertion failure when parsing certain malformed
DNSSEC keys. (CVE-2015-5722) [RT #40212] |
3249da26fc28297265d444a1f3647f1e6700a2a0 |
|
31-Jan-2014 |
Evan Hunt <each@isc.org> |
[master] rationalize external key handling
3723. [cleanup] Imported keys are now handled the same way
regardless of DNSSEC algorithm. [RT #35215] |
ba751492fcc4f161a18b983d4f018a1a52938cb9 |
|
15-Jan-2014 |
Evan Hunt <each@isc.org> |
[master] native PKCS#11 support
3705. [func] "configure --enable-native-pkcs11" enables BIND
to use the PKCS#11 API for all cryptographic
functions, so that it can drive a hardware service
module directly without the need to use a modified
OpenSSL as intermediary (so long as the HSM's vendor
provides a complete-enough implementation of the
PKCS#11 interface). This has been tested successfully
with the Thales nShield HSM and with SoftHSMv2 from
the OpenDNSSEC project. [RT #29031] |
431a83fb29482c5170b3e4026e59bb14849a6707 |
|
10-Jan-2014 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
e851ea826066ac5a5b01c2c23218faa0273a12e8 |
|
09-Jan-2014 |
Evan Hunt <each@isc.org> |
[master] replace memcpy() with memmove().
3698. [cleanup] Replaced all uses of memcpy() with memmove().
[RT #35120] |
ca48f47d881bc25cc78c1bb0f3c08669246c0cfe |
|
10-Jul-2013 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
5b7abbef511cea0b568be0bc8d5b3120a0b9034d |
|
09-Jul-2013 |
Evan Hunt <each@isc.org> |
[master] added isc_safe_memcmp()
3611. [bug] Improved resistance to a theoretical authentication
attack based on differential timing. [RT #33939] |
ef1963d83d69d03a006a882afcddbff48cd747d0 |
|
16-Jun-2012 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
7865ea9545f28f12f046b32d24c989e8441b9812 |
|
14-Jun-2012 |
Mark Andrews <marka@isc.org> |
3339. [func] Allow the maximum supported rsa exponent size to be specified: "max-rsa-exponent-size <value>;" [RT #29228] |
135bcc2e42a94543f11af2a4196b13552ab46d89 |
|
12-Jan-2011 |
Automatic Updater <source@isc.org> |
update copyright notice |
433e06a25cdd92d665abda3e64c2c65f4a3f9b21 |
|
10-Jan-2011 |
Mark Andrews <marka@isc.org> |
3006. [func] Allow dynamically generated TSIG keys to be preserved
across restarts of named. Initially this is for
TSIG keys generated using GSSAPI. [RT #22639] |
a30c7003afeb416afca9629697d6138b4023cffa |
|
08-Jan-2010 |
Automatic Updater <source@isc.org> |
update copyright notice |
0f66aced2640d964aeb6db41210711ba0640d7f2 |
|
07-Jan-2010 |
Evan Hunt <each@isc.org> |
2834. [bug] HMAC-SHA* keys that were longer than the algorithm
digest length were used incorrectly, leading to
interoperability problems with other DNS
implementations. This has been corrected.
(Note: If an oversize key is in use, and
compatibility is needed with an older release of
BIND, the new tool "isc-hmac-fixup" can convert
the key secret to a form that will work with all
versions.) [RT #20751] |
775a8d86d93269a621a7ad15c49b31b533da0671 |
|
24-Oct-2009 |
Francis Dupont <fdupont@isc.org> |
keygen progress indication [RT #20284] |
315a1514a58dbb1ca563445313d67c1cf664d248 |
|
09-Oct-2009 |
Evan Hunt <each@isc.org> |
2709. [func] Added some data fields, currently unused, to the
private key file format, to allow implementation
of explicit key rollover in a future release
without impairing backward or forward compatibility.
[RT #20310] |
7b1894bec19213c4480cbd750a7dfd5728b31ed4 |
|
04-Sep-2009 |
Automatic Updater <source@isc.org> |
update copyright notice |
bbc204a23719180dce68142ea2440c484e3ccb75 |
|
03-Sep-2009 |
Mark Andrews <marka@isc.org> |
2669. [func] Update PKCS#11 support to support Keyper HSM.
Update PKCS#11 patch to be against openssl-0.9.8i. |
e672951ed28b2e9cc7a19c3d7fa4a258382f981c |
|
02-Apr-2008 |
Automatic Updater <source@isc.org> |
update copyright notice |
2a31bd531072824ef252c18303859d6af7451b00 |
|
31-Mar-2008 |
Francis Dupont <fdupont@isc.org> |
add EVP and PKCS11 |
271c4c7ffafeb0bda21278af6cac4535c0193f18 |
|
28-Aug-2007 |
Automatic Updater <source@isc.org> |
update copyright notice |
70e5a7403f0e0a3bd292b8287c5fed5772c15270 |
|
20-Jun-2007 |
Automatic Updater <source@isc.org> |
update copyright notice |
ec5347e2c775f027573ce5648b910361aa926c01 |
|
19-Jun-2007 |
Automatic Updater <source@isc.org> |
update copyright notice |
289ae548d52bc8f982d9823af64cafda7bd92232 |
|
04-Dec-2006 |
Mark Andrews <marka@isc.org> |
2105. [func] GSS-TSIG support (RFC 3645). |
26e2a07a0b6a3b1eccef82ba31270d0c54ad4f06 |
|
28-Jan-2006 |
Mark Andrews <marka@isc.org> |
update copyright notice |
c6d4f781529d2f28693546b25b2967d44ec89e60 |
|
27-Jan-2006 |
Mark Andrews <marka@isc.org> |
1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
HMACSHA512 support. [RT #13606] |
69fe9aaafdd6a141610e86a777d325db75422070 |
|
29-Apr-2005 |
Mark Andrews <marka@isc.org> |
update copyright notice |
ab023a65562e62b85a824509d829b6fad87e00b1 |
|
27-Apr-2005 |
Rob Austein <sra@isc.org> |
1851. [doc] Doxygen comment markup. [RT #11398] |
494576ce20cfd98d74955698cf8f7b37dce2f740 |
|
09-Dec-2004 |
Mark Andrews <marka@isc.org> |
1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
allow parallel make to succeed. |