1. 21 Apr, 2017 1 commit
  2. 05 Jan, 2017 1 commit
  3. 04 Jan, 2017 1 commit
  4. 18 Aug, 2016 1 commit
  5. 27 Jun, 2016 1 commit
  6. 04 May, 2016 1 commit
  7. 18 Aug, 2015 1 commit
    • Evan Hunt's avatar
      [master] timing safe memory comparisons · 420a43c8
      Evan Hunt authored
      4183.	[cleanup]	Use timing-safe memory comparisons in cryptographic
      			code. Also, the timing-safe comparison functions have
      			been renamed to avoid possible confusion with
      			memcmp(). [RT #40148]
      420a43c8
  8. 07 Aug, 2015 1 commit
    • Evan Hunt's avatar
      [master] address buffer accounting error · ce9f893e
      Evan Hunt authored
      4168.	[security]	A buffer accounting error could trigger an
      			assertion failure when parsing certain malformed
      			DNSSEC keys. (CVE-2015-5722) [RT #40212]
      ce9f893e
  9. 17 Apr, 2015 1 commit
  10. 13 Mar, 2014 1 commit
    • Evan Hunt's avatar
      [master] better error output when initializing pkcs11 · acbb301e
      Evan Hunt authored
      3786.	[func]		Provide more detailed error codes when using
      			native PKCS#11. "pkcs11-tokens" now fails robustly
      			rather than asserting when run against an HSM with
      			an incomplete PCKS#11 API implementation. [RT #35479]
      acbb301e
  11. 12 Feb, 2014 1 commit
  12. 31 Jan, 2014 1 commit
  13. 21 Jan, 2014 1 commit
  14. 18 Jan, 2014 1 commit
  15. 16 Jan, 2014 1 commit
  16. 14 Jan, 2014 1 commit
    • Evan Hunt's avatar
      [master] native PKCS#11 support · ba751492
      Evan Hunt authored
      3705.	[func]		"configure --enable-native-pkcs11" enables BIND
      			to use the PKCS#11 API for all cryptographic
      			functions, so that it can drive a hardware service
      			module directly without the need to use a modified
      			OpenSSL as intermediary (so long as the HSM's vendor
      			provides a complete-enough implementation of the
      			PKCS#11 interface). This has been tested successfully
      			with the Thales nShield HSM and with SoftHSMv2 from
      			the OpenDNSSEC project. [RT #29031]
      ba751492