BIND merge requestshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests2022-07-25T11:01:27Zhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5772keyfromlabel system test (9.16)2022-07-25T11:01:27ZMatthijs Mekkingmatthijs@isc.orgkeyfromlabel system test (9.16)Note that 9.16 also still supports native PKCS#11. The documentation in this version does not cover the `engine_pkcs11` approach and thus these parts of #3092 are not backported.Note that 9.16 also still supports native PKCS#11. The documentation in this version does not cover the `engine_pkcs11` approach and thus these parts of #3092 are not backported.March 2022 (9.11.37, 9.11.37-S1, 9.16.27, 9.16.27-S1, 9.18.1)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5802keyfromlabel test (9.16)2022-02-08T09:43:07ZMatthijs Mekkingmatthijs@isc.orgkeyfromlabel test (9.16)March 2022 (9.11.37, 9.11.37-S1, 9.16.27, 9.16.27-S1, 9.18.1)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/1990WIP: Add syntax to read HSM PIN from stdin (pin-source=-) and from environmen...2021-10-04T18:56:28ZOndřej SurýWIP: Add syntax to read HSM PIN from stdin (pin-source=-) and from environment (pin-source=%ENVNAME)Closes #911Closes #911BIND 9.17 BackburnerOndřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5387Remove native PKCS#11 support2021-10-04T10:49:53ZOndřej SurýRemove native PKCS#11 supportThe native PKCS#11 support has been removed in favour of better
maintained, more performance and easier to use OpenSSL PKCS#11 engine
from the OpenSC project.
Closes #2691The native PKCS#11 support has been removed in favour of better
maintained, more performance and easier to use OpenSSL PKCS#11 engine
from the OpenSC project.
Closes #2691October 2021 (9.11.36, 9.11.36-S1, 9.16.22, 9.16.22-S1, 9.17.19)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3658WIP: [v9_11] Test multiple SoftHSM versions in GitLab CI2021-01-29T14:02:49ZMichał KępieńWIP: [v9_11] Test multiple SoftHSM versions in GitLab CICloses #1841Closes #1841February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3330WIP: Add engine support to OpenSSL EdDSA implementation2020-05-01T08:55:53ZAaron ThompsonWIP: Add engine support to OpenSSL EdDSA implementationI haven't been able to actually execute this code yet because I don't have an engine that supports EdDSA (the libp11 PKCS#11 wrapper engine doesn't support it yet).I haven't been able to actually execute this code yet because I don't have an engine that supports EdDSA (the libp11 PKCS#11 wrapper engine doesn't support it yet).May 2020 (9.11.19, 9.11.19-S1, 9.14.12, 9.16.3)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3326Get native PCKS#11 EdDSA working again, update to PKCS#11 v3.0, and related c...2020-04-30T16:39:40ZAaron ThompsonGet native PCKS#11 EdDSA working again, update to PKCS#11 v3.0, and related cleanupWith these changes, the pkcs11 system test includes the Ed25519 test and passes when using SoftHSMv2. The eddsa system test does not pass however, because SoftHSM does not yet support Ed448. I can also submit changes to test Ed25519 and ...With these changes, the pkcs11 system test includes the Ed25519 test and passes when using SoftHSMv2. The eddsa system test does not pass however, because SoftHSM does not yet support Ed448. I can also submit changes to test Ed25519 and Ed448 separately depending on which are available at runtime, if that would be useful.
Closes #1648
May 2020 (9.11.19, 9.11.19-S1, 9.14.12, 9.16.3)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3402Update to PKCS#11 v3.0 EdDSA macros2020-04-29T11:57:52ZOndřej SurýUpdate to PKCS#11 v3.0 EdDSA macrosOndřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/3401Resolve "Implement and improve the PKCS#11 code"2020-04-29T11:57:22ZOndřej SurýResolve "Implement and improve the PKCS#11 code"Closes #1763Closes #1763Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/2482Add support for enabling and enforcing FIPS mode in OpenSSL:2019-10-23T12:45:53ZOndřej SurýAdd support for enabling and enforcing FIPS mode in OpenSSL:* Add configure option --enable-fips-mode that detects and enables FIPS mode
* Add a function to enable FIPS mode and call it on crypto init
* Log an OpenSSL error when FIPS_mode_set() fails and exit
* Report FIPS mode status in a separa...* Add configure option --enable-fips-mode that detects and enables FIPS mode
* Add a function to enable FIPS mode and call it on crypto init
* Log an OpenSSL error when FIPS_mode_set() fails and exit
* Report FIPS mode status in a separate log message from named
(cherry picked from commit c4cee27f9b6292034625d2488347e822ac12daab)
Closes #506Ondřej SurýOndřej Surý