1. 19 Jul, 2018 1 commit
  2. 22 May, 2018 1 commit
    • Ondřej Surý's avatar
      address win32 build issues · 7ee8a7e6
      Ondřej Surý authored
      - Replace external -DOPENSSL/-DPKCS11CRYPTO with properly AC_DEFINEd
        HAVE_OPENSSL/HAVE_PKCS11
      - Don't enforce the crypto provider from platform.h, just from dst_api.c
        and configure scripts
      7ee8a7e6
  3. 16 May, 2018 1 commit
    • Ondřej Surý's avatar
      Replace all random functions with isc_random, isc_random_buf and isc_random_uniform API. · 3a4f820d
      Ondřej Surý authored
      The three functions has been modeled after the arc4random family of
      functions, and they will always return random bytes.
      
      The isc_random family of functions internally use these CSPRNG (if available):
      
      1. getrandom() libc call (might be available on Linux and Solaris)
      2. SYS_getrandom syscall (might be available on Linux, detected at runtime)
      3. arc4random(), arc4random_buf() and arc4random_uniform() (available on BSDs and Mac OS X)
      4. crypto library function:
      4a. RAND_bytes in case OpenSSL
      4b. pkcs_C_GenerateRandom() in case PKCS#11 library
      3a4f820d
  4. 06 Apr, 2018 1 commit
  5. 04 Apr, 2018 1 commit
  6. 23 Feb, 2018 1 commit
  7. 13 Sep, 2017 1 commit
  8. 09 Aug, 2017 2 commits
  9. 27 Jun, 2016 1 commit
  10. 20 Nov, 2015 1 commit
  11. 01 Mar, 2015 1 commit
  12. 26 Feb, 2015 1 commit
  13. 02 Jul, 2014 1 commit
  14. 16 Jun, 2014 1 commit
    • Mukund Sivaraman's avatar
      [10686] Add version printing option to various BIND utilites · 42782931
      Mukund Sivaraman authored
      Squashed commit of the following:
      
      commit 95effe9b2582a7eb878ccb8cb9ef51dfc5bbfde7
      Author: Evan Hunt <each@isc.org>
      Date:   Tue Jun 10 16:52:45 2014 -0700
      
          [rt10686] move version() to dnssectool.c
      
      commit df205b541d1572ea5306a5f671af8b54b9c5c770
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:38:31 2014 +0530
      
          Rearrange order of cases
      
      commit cfd30893f2540bf9d607e1fd37545ea7b441e0d0
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:38:08 2014 +0530
      
          Add version printer to dnssec-verify
      
      commit a625ea338c74ab5e21634033ef87f170ba37fdbe
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:32:19 2014 +0530
      
          Add version printer to dnssec-signzone
      
      commit d91e1c0f0697b3304ffa46fccc66af65591040d9
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:26:01 2014 +0530
      
          Add version printer to dnssec-settime
      
      commit 46fc8775da3e13725c31d13e090b406d69b8694f
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:25:48 2014 +0530
      
          Fix docbook
      
      commit 8123d2efbd84cdfcbc70403aa9bb27b96921bab2
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:20:17 2014 +0530
      
          Add version printer to dnssec-revoke
      
      commit d0916420317d3e8c69cf1b37d2209ea2d072b913
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:17:54 2014 +0530
      
          Add version printer to dnssec-keygen
      
      commit 93b0bd5ebc043298dc7d8f446ea543cb40eaecf8
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:14:11 2014 +0530
      
          Add version printer to dnssec-keyfromlabel
      
      commit 07001bcd9ae2d7b09dd9e243b0ab35307290d05d
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:13:39 2014 +0530
      
          Update usage help output, docbook
      
      commit 85cdd702f41c96fbc767fc689d1ed97fe1f3a926
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:07:18 2014 +0530
      
          Add version printer to dnssec-importkey
      
      commit 9274fc61e38205aad561edf445940b4e73d788dc
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 21:01:53 2014 +0530
      
          Add version printer to dnssec-dsfromkey
      
      commit bf4605ea2d7282e751fd73489627cc8a99f45a90
      Author: Mukund Sivaraman <muks@isc.org>
      Date:   Tue Jun 10 20:49:22 2014 +0530
      
          Add -V to nsupdate usage output
      42782931
  15. 13 Mar, 2014 1 commit
    • Evan Hunt's avatar
      [master] better error output when initializing pkcs11 · acbb301e
      Evan Hunt authored
      3786.	[func]		Provide more detailed error codes when using
      			native PKCS#11. "pkcs11-tokens" now fails robustly
      			rather than asserting when run against an HSM with
      			an incomplete PCKS#11 API implementation. [RT #35479]
      acbb301e
  16. 16 Jan, 2014 1 commit
  17. 14 Jan, 2014 1 commit
    • Evan Hunt's avatar
      [master] native PKCS#11 support · ba751492
      Evan Hunt authored
      3705.	[func]		"configure --enable-native-pkcs11" enables BIND
      			to use the PKCS#11 API for all cryptographic
      			functions, so that it can drive a hardware service
      			module directly without the need to use a modified
      			OpenSSL as intermediary (so long as the HSM's vendor
      			provides a complete-enough implementation of the
      			PKCS#11 interface). This has been tested successfully
      			with the Thales nShield HSM and with SoftHSMv2 from
      			the OpenDNSSEC project. [RT #29031]
      ba751492
  18. 28 Nov, 2012 2 commits
  19. 20 Oct, 2011 2 commits
  20. 06 May, 2010 2 commits
  21. 18 Dec, 2009 2 commits
  22. 27 Oct, 2009 1 commit
  23. 26 Oct, 2009 1 commit
  24. 12 Oct, 2009 1 commit
    • Evan Hunt's avatar
      2712. [func] New 'auto-dnssec' zone option allows zone signing · 77b8f88f
      Evan Hunt authored
      			to be fully automated in zones configured for
      			dynamic DNS.  'auto-dnssec allow;' permits a zone
      			to be signed by creating keys for it in the
      			key-directory and using 'rndc sign <zone>'.
      			'auto-dnssec maintain;' allows that too, plus it
      			also keeps the zone's DNSSEC keys up to date
      			according to their timing metadata. [RT #19943]
      77b8f88f
  25. 09 Oct, 2009 1 commit
  26. 05 Oct, 2009 1 commit
  27. 29 Sep, 2009 1 commit
  28. 23 Sep, 2009 1 commit
  29. 04 Sep, 2009 1 commit
    • Evan Hunt's avatar
      RT #20213: · 8d0a1ede
      Evan Hunt authored
      - correctly use -K option in dnssec-keygen
      - fix an improper free() in dnssec-revoke
      - fix grammar in dnssec-settime
      8d0a1ede
  30. 02 Sep, 2009 2 commits
  31. 28 Aug, 2009 2 commits
  32. 19 Jul, 2009 2 commits
    • Evan Hunt's avatar
      windows portability fix (review by mgraff) · 2a3574f8
      Evan Hunt authored
      2a3574f8
    • Evan Hunt's avatar
      2636. [func] Simplify zone signing and key maintenance with the · 553ead32
      Evan Hunt authored
      			dnssec-* tools.  Major changes:
      			- all dnssec-* tools now take a -K option to
      			  specify a directory in which key files will be
      			  stored
      			- DNSSEC can now store metadata indicating when
      			  they are scheduled to be published, acttivated,
      			  revoked or removed; these values can be set by
      			  dnssec-keygen or overwritten by the new
      			  dnssec-settime command
      			- dnssec-signzone -S (for "smart") option reads key
      			  metadata and uses it to determine automatically
      			  which keys to publish to the zone, use for
      			  signing, revoke, or remove from the zone
      			[RT #19816]
      553ead32