Commits · 239e9dc81c94885d25572959d9c8597d2504d731 · ISC Open Source Projects / BIND

21 Apr, 2017 1 commit
- Reject incorrect RSA key lengths during key generation and and sign/verify... · 239e9dc8
  Mukund Sivaraman authored Apr 21, 2017
```
Reject incorrect RSA key lengths during key generation and and sign/verify context creation (#45043)
```
  239e9dc8
05 Jan, 2017 1 commit
- update copyright notice / whitespace · f557aeef
  Tinderbox User authored Jan 05, 2017
  
  f557aeef
04 Jan, 2017 1 commit
- [master] add support for native pkcs11 on keyper · 185d680e
  Evan Hunt authored Jan 03, 2017
```
4547.	[port]		Add support for --enable-native-pkcs11 on the AEP
			Keyper HSM. [RT #42463]
```
  185d680e
18 Aug, 2016 1 commit
- 4450. [port] Provide more nuanced HSM support which better matches · 8ee6f289
  Mark Andrews authored Aug 19, 2016
```
                        the specific PKCS11 providers capabilities. [RT #42458]
```
  8ee6f289
27 Jun, 2016 1 commit
- 4401. [misc] Change LICENSE to MPL 2.0. · 0c27b3fe
  Mark Andrews authored Jun 27, 2016
  
  0c27b3fe
04 May, 2016 1 commit
- [master] update pkcs11 headers · 699f790c
  Evan Hunt authored May 04, 2016
```
4353.	[cleanup]	Update PKCS#11 header files. [RT #42175]
```
  699f790c
18 Aug, 2015 1 commit

[master] timing safe memory comparisons · 420a43c8

Evan Hunt authored Aug 17, 2015

4183.	[cleanup]	Use timing-safe memory comparisons in cryptographic
			code. Also, the timing-safe comparison functions have
			been renamed to avoid possible confusion with
			memcmp(). [RT #40148]

420a43c8

07 Aug, 2015 1 commit

[master] address buffer accounting error · ce9f893e

Evan Hunt authored Aug 07, 2015

4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]

ce9f893e

17 Apr, 2015 1 commit
- misc fixes for VS 2015 CTP #39267 · bcb68be0
  Francis Dupont authored Apr 17, 2015
  
  bcb68be0
13 Mar, 2014 1 commit

[master] better error output when initializing pkcs11 · acbb301e

Evan Hunt authored Mar 12, 2014

3786.	[func]		Provide more detailed error codes when using
			native PKCS#11. "pkcs11-tokens" now fails robustly
			rather than asserting when run against an HSM with
			an incomplete PCKS#11 API implementation. [RT #35479]

acbb301e

12 Feb, 2014 1 commit

[master] merge libiscpk11 to libisc · dbb01276

Evan Hunt authored Feb 11, 2014

3735.	[cleanup]	Merged the libiscpk11 library into libisc
			to simplify dependencies. [RT #35205]

dbb01276

31 Jan, 2014 1 commit

[master] rationalize external key handling · 3249da26

Evan Hunt authored Jan 30, 2014

3723.	[cleanup]	Imported keys are now handled the same way
			regardless of DNSSEC algorithm. [RT #35215]

3249da26

21 Jan, 2014 1 commit
- [master] overlooked some memcpy->memmove changes with pkcs11 merge · 1b255a0c
  Evan Hunt authored Jan 21, 2014
  
  1b255a0c
18 Jan, 2014 1 commit
- [master] address several issues with native pkcs11 · 12bf5d47
  Evan Hunt authored Jan 18, 2014
  
  12bf5d47
16 Jan, 2014 1 commit
- update copyrights · e20788e1
  Mark Andrews authored Jan 16, 2014
  
  e20788e1
14 Jan, 2014 1 commit

[master] native PKCS#11 support · ba751492

Evan Hunt authored Jan 14, 2014

3705.	[func]		"configure --enable-native-pkcs11" enables BIND
			to use the PKCS#11 API for all cryptographic
			functions, so that it can drive a hardware service
			module directly without the need to use a modified
			OpenSSL as intermediary (so long as the HSM's vendor
			provides a complete-enough implementation of the
			PKCS#11 interface). This has been tested successfully
			with the Thales nShield HSM and with SoftHSMv2 from
			the OpenDNSSEC project. [RT #29031]

ba751492