ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
23,654 Commits 589 Branches 805 Tags
33c548251110c6991d017a1e071959972b6664d1
Commit Graph

11 Commits

Author SHA1 Message Date
Evan Hunt
cd6122b164 [v9_10] timing safe memory comparisons 
4183.	[cleanup]	Use timing-safe memory comparisons in cryptographic
			code. Also, the timing-safe comparison functions have
			been renamed to avoid possible confusion with
			memcmp(). [RT #40148]

(cherry picked from commit 420a43c8d8)
 2015-08-17 18:28:27 -07:00
Tinderbox User
979d849b60 update copyright notice / whitespace 2015-08-07 23:45:57 +00:00
Evan Hunt
7163ce122d [v9_10] address buffer accounting error 
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]

(cherry picked from commit ce9f893e21)
 2015-08-07 13:23:03 -07:00
Evan Hunt
acbb301e64 [master] better error output when initializing pkcs11 
3786.	[func]		Provide more detailed error codes when using
			native PKCS#11. "pkcs11-tokens" now fails robustly
			rather than asserting when run against an HSM with
			an incomplete PCKS#11 API implementation. [RT #35479]
 2014-03-12 20:52:01 -07:00
Evan Hunt
dbb012765c [master] merge libiscpk11 to libisc 
3735.	[cleanup]	Merged the libiscpk11 library into libisc
			to simplify dependencies. [RT #35205]
 2014-02-11 21:20:28 -08:00
Evan Hunt
3249da26fc [master] rationalize external key handling 
3723.	[cleanup]	Imported keys are now handled the same way
			regardless of DNSSEC algorithm. [RT #35215]
 2014-01-30 17:49:32 -08:00
Evan Hunt
1b255a0c4e [master] overlooked some memcpy->memmove changes with pkcs11 merge 2014-01-21 10:08:01 -08:00
Evan Hunt
12bf5d4796 [master] address several issues with native pkcs11 2014-01-18 11:51:07 -08:00
Francis Dupont
6972eaffdb fix external key handling 2014-01-17 17:12:20 +01:00
Mark Andrews
e20788e121 update copyrights 2014-01-16 15:19:24 +11:00
Evan Hunt
ba751492fc [master] native PKCS#11 support 
3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]
 2014-01-14 15:40:56 -08:00