ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
37,995 Commits 589 Branches 805 Tags
51093a834b7cfceed2043eec528b9483045df18e
Commit Graph

37995 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Evan Hunt
51093a834b Merge branch '3773-remove-dscp' into 'main' 
remove nonfunctional DSCP implementation

Closes #3773

See merge request isc-projects/bind9!7305
 2023-01-09 21:04:55 +00:00
Evan Hunt
34a7166029 CHANGES and release note for [GL #3773] 2023-01-09 12:15:28 -08:00
Evan Hunt
916ea26ead remove nonfunctional DSCP implementation 
DSCP has not been fully working since the network manager was
introduced in 9.16, and has been completely broken since 9.18.
This seems to have caused very few difficulties for anyone,
so we have now marked it as obsolete and removed the
implementation.

To ensure that old config files don't fail, the code to parse
dscp key-value pairs is still present, but a warning is logged
that the feature is obsolete and should not be used. Nothing is
done with configured values, and there is no longer any
range checking.
 2023-01-09 12:15:21 -08:00
Ondřej Surý
f362cc0bf3 Merge branch '3785-openssl-refactoring-17' into 'main' 
Refactor OpenSSL ECDSA public and private key export

Closes #3785

See merge request isc-projects/bind9!7334
 2023-01-09 19:32:28 +00:00
Timo Teräs
8b62e7ed99 Refactor OpenSSL ECDSA private key export 2023-01-09 19:56:31 +01:00
Ondřej Surý
ddce412489 Merge branch '3785-openssl-refactoring-16' into 'main' 
Refactor OpenSSL ECDSA generation to helper functions

Closes #3785

See merge request isc-projects/bind9!7333
 2023-01-09 18:56:29 +00:00
Timo Teräs
83b2e45600 Refactor OpenSSL ECDSA public key export 2023-01-09 19:56:27 +01:00
Timo Teräs
560d21a8b3 Refactor OpenSSL ECDSA generation to helper functions 
Reduce the #ifdef cruft by having specific helper functions.
 2023-01-09 19:52:56 +01:00
Ondřej Surý
a0d15e4e07 Merge branch '3785-openssl-refactoring-15' into 'main' 
Refactor OpenSSL ECDSA to use pkeypair

Closes #3785

See merge request isc-projects/bind9!7332
 2023-01-09 18:52:27 +00:00
Timo Teräs
a3b6729a88 Refactor OpenSSL ECDSA to use pkeypair 
- Use separate EVP_PKEY for public and private keys
- On private key load, generate public key allowing better consistency
- Support OpenSSL3 providers
- Clean up key construction abstraction
- Various other clean ups
 2023-01-09 19:33:48 +01:00
Ondřej Surý
f6f807319c Merge branch '3785-openssl-refactoring-14' into 'main' 
Make OpenSSL keypair comparation a generic helper function

Closes #3785

See merge request isc-projects/bind9!7331
 2023-01-09 18:33:24 +00:00
Ondřej Surý
326e85e08d Merge branch '3785-openssl-refactoring-13' into 'main' 
Refactor OpenSSL ECDSA type check to opensslecdsa_valid_key_alg helper

Closes #3785

See merge request isc-projects/bind9!7330
 2023-01-09 18:31:06 +00:00
Timo Teräs
02efa591ef Make OpenSSL keypair comparation a generic helper function 2023-01-09 19:30:49 +01:00
Ondřej Surý
608ca9b140 Merge branch '3785-openssl-refactoring-12' into 'main' 
Implement support for OpenSSL 3 Provider API stored RSA keys

Closes #3785

See merge request isc-projects/bind9!7329
 2023-01-09 18:29:56 +00:00
Timo Teräs
96b8ad21f6 Refactor OpenSSL ECDSA type check to opensslecdsa_valid_key_alg helper 2023-01-09 19:29:38 +01:00
Timo Teräs
5fd6cfc625 Implement support for OpenSSL 3 Provider API stored RSA keys 
Allows using pkcs11-provider module for PKCS#11 keys
 2023-01-09 19:22:40 +01:00
Michal Nowak
370acd1f0a Merge branch 'mnowak/abort-on-ubsan-errors' into 'main' 
Abort on UBSAN errors

See merge request isc-projects/bind9!6877
 2023-01-09 16:39:24 +00:00
Michal Nowak
1451bb7390 Abort on UBSAN errors 
Previously, UBSAN errors might slip undetected.
 2023-01-09 17:19:19 +01:00
Ondřej Surý
29de02e0ec Merge branch '3785-openssl-refactoring-11' into 'main' 
Make the OpenSSL RSA fromlabel helper a generic one

Closes #3785

See merge request isc-projects/bind9!7326
 2023-01-09 15:43:09 +00:00
Timo Teräs
a0404696d7 Make the OpenSSL RSA fromlabel helper a generic one 2023-01-09 16:35:30 +01:00
Ondřej Surý
56614a722a Merge branch '3785-openssl-refactoring-10' into 'main' 
Rename the global ENGINE *e to global_engine

Closes #3785

See merge request isc-projects/bind9!7325
 2023-01-09 15:35:24 +00:00
Ondřej Surý
11692467cd Merge branch '3785-openssl-refactoring-9' into 'main' 
Refactor OpenSSL RSA pkey building to use components struct

Closes #3785

See merge request isc-projects/bind9!7322
 2023-01-09 15:31:46 +00:00
Timo Teräs
9e417f9815 Rename the global ENGINE *e to global_engine 2023-01-09 16:31:40 +01:00
Timo Teräs
451edf3242 Refactor OpenSSL RSA pkey building to use components struct 2023-01-09 15:31:24 +00:00
Petr Špaček
1d52a4cffd Merge branch 'pspacek/aclelementtype_cleanup' into 'main' 
Remove unused dns_aclelementtype_{ipprefix,any} enum values

See merge request isc-projects/bind9!7295
 2023-01-09 15:06:22 +00:00
Petr Špaček
f5fa9b2965 Remove unused dns_aclelementtype_{ipprefix,any} enum values 
Seems like they are unused, and all system tests pass when those values
removed.
 2023-01-09 16:05:41 +01:00
Ondřej Surý
4d374786f9 Merge branch '3785-openssl-refactoring-8-cleanup' into 'main' 
BN_free() and BN_clear_free() both accept NULL

Closes #3785

See merge request isc-projects/bind9!7323
 2023-01-09 15:02:55 +00:00
Ondřej Surý
9e185cd611 BN_free() and BN_clear_free() both accept NULL 
Remove the extra check in opensslrsa_components_free() as both BN_free()
and BN_clear_free() both accepts NULL as valid argument and do nothing.
 2023-01-09 16:00:18 +01:00
Ondřej Surý
edd1b44d0b Merge branch '3785-openssl-refactoring-8' into 'main' 
Refactor OpenSSL RSA components getting to a helper function

Closes #3785

See merge request isc-projects/bind9!7321
 2023-01-09 14:56:07 +00:00
Timo Teräs
b31d9f0b42 Refactor OpenSSL RSA components getting to a helper function 2023-01-09 15:55:07 +01:00
Matthijs Mekking
05b781e2f0 Merge branch '3743-unexpected-prohibited-ede' into 'main' 
Fix unexpected "Prohibited" extended DNS error on allow-recursion mismatch

Closes #3743

See merge request isc-projects/bind9!7223
 2023-01-09 14:40:31 +00:00
Matthijs Mekking
8db8ec1f6e Add system test for #3743 2023-01-09 15:39:57 +01:00
Matthijs Mekking
e43a26fd1e Add release note and CHANGES for #3743 2023-01-09 15:39:57 +01:00
Matthijs Mekking
798c8f57d4 Don't set EDE in ns_client_aclchecksilent 
The ns_client_aclchecksilent is used to check multiple ACLs before
the decision is made that a query is denied. It is also used to
determine if recursion is available. In those cases we should not
set the extended DNS error "Prohibited".
 2023-01-09 15:38:35 +01:00
Ondřej Surý
680921c4ef Merge branch '3785-openssl-refactoring-7' into 'main' 
Refactor OpenSSL RSA generation to be more readable

Closes #3785

See merge request isc-projects/bind9!7320
 2023-01-09 14:33:09 +00:00
Ondřej Surý
1ce3f2eb7e Merge branch '3785-openssl-refactoring-6' into 'main' 
Provide identical BN_GENCB_new shim

Closes #3785

See merge request isc-projects/bind9!7319
 2023-01-09 14:22:22 +00:00
Timo Teräs
0881d7fbf5 Refactor OpenSSL RSA generation to be more readable 
No major code changes. Just reduce the ifdef clutter.
 2023-01-09 15:22:18 +01:00
Timo Teräs
307f95d72f Provide identical BN_GENCB_new shim 
Instead of trying to optimize by using a stack local variable
with additional #ifdef logic, use identical implementations of
the upstream functions to reduce #ifdef clutter.

Move the definitions from dst_openssl.h to openssl_shim.h where
rest of the shim is.
 2023-01-09 15:20:49 +01:00
Ondřej Surý
220267f241 Merge branch '3785-openssl-refactoring-5' into 'main' 
Refactor OpenSSL RSA private key handling

Closes #3785

See merge request isc-projects/bind9!7318
 2023-01-09 14:20:38 +00:00
Timo Teräs
74361b0b6e Refactor OpenSSL RSA private key handling 
Instead of trying to enforce one pkey to contain both a private
and a public key pair, refactor the code to have separate public
and private pkeys.

This is a prerequisite for proper openssl 3.0 providers support
and greatly simplifies the code.
 2023-01-09 15:19:37 +01:00
Ondřej Surý
471a2a3ffb Merge branch '3768-dns_zonemgr-use-after-free' into 'main' 
Fix a use-after-free bug in dns_zonemgr_releasezone()

Closes #3768

See merge request isc-projects/bind9!7303
 2023-01-09 14:14:41 +00:00
Aram Sargsyan
d50cb1d45d Add a CHANGES note for [GL #3768] 2023-01-09 14:14:31 +00:00
Aram Sargsyan
c1fc212253 Fix a use-after-free bug in dns_zonemgr_releasezone() 
The dns_zonemgr_releasezone() function makes a decision to destroy
'zmgr' (based on its references count, after decreasing it) inside
a lock, and then destroys the object outside of the lock.

This causes a race with dns_zonemgr_detach(), which could destroy
the object in the meantime.

Change dns_zonemgr_releasezone() to detach from 'zmgr' and destroy
the object (if needed) using dns_zonemgr_detach(), outside of the
lock.
 2023-01-09 14:14:31 +00:00
Ondřej Surý
6675731adf Merge branch '3785-openssl-refactoring-4' into 'main' 
Remove non-sensical RSA key compare tests

Closes #3785

See merge request isc-projects/bind9!7317
 2023-01-09 14:03:03 +00:00
Ondřej Surý
d92bf40e23 Merge branch '3785-openssl-refactoring-3' into 'main' 
Refactor OpenSSL RSA exponent bits checking to a helper function

Closes #3785

See merge request isc-projects/bind9!7316
 2023-01-09 14:00:07 +00:00
Timo Teräs
b2eefba387 Remove non-sensical RSA key compare tests 
The keys tested are not valid RSA keys as a single private
component was modified manually. The key would not pass
basic sanity test.
 2023-01-09 14:59:56 +01:00
Timo Teräs
c8bcf3a34e Refactor OpenSSL RSA exponent bits checking to a helper function 
- Make it a separate opensslrsa_check_exponent_bits() function to
  clean up the code a bit
- Always use provider API first if using openssl 3.0, and fallback
  to EVP API for older openssl or if built with engine support
- Use RSA_get0_key() (with shim for openssl 1.0) to avoid memory
  allocations
 2023-01-09 14:58:55 +01:00
Ondřej Surý
e78d61e2f5 Merge branch '3785-openssl-refactoring-2' into 'main' 
Refactor OpenSSL RSA type check to opensslrsa_valid_key_alg helper

Closes #3785

See merge request isc-projects/bind9!7315
 2023-01-09 13:34:41 +00:00
Timo Teräs
8bc52f836c Refactor OpenSSL RSA type check to opensslrsa_valid_key_alg helper 
Move the repetetive code into a small opensslrsa_valid_key_alg() helper
function.
 2023-01-09 14:33:09 +01:00
Ondřej Surý
df2b767d45 Merge branch '3785-openssl-refactoring-1' into 'main' 
Remove obsolete and unused EVP_dss1 compat #define

Closes #3785

See merge request isc-projects/bind9!7314
 2023-01-09 13:32:59 +00:00