upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-24 02:10:30 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/bin/tests/pkcs11
History
Mark Andrews c40906dfad 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]

(cherry picked from commit 8ee6f289d8)
2016-08-19 08:05:47 +10:00
..
benchmarks 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
.gitignore [master] update gitignore files; use rev-parse to get srcid 2014-06-17 13:49:30 -07:00
Makefile.in 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
pkcs11-hmacmd5.c 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
pkcs11-md5sum.c 4401. [misc] Change LICENSE to MPL 2.0. 2016-06-27 14:56:38 +10:00
README 4450. [port] Provide more nuanced HSM support which better matches 2016-08-19 08:05:47 +10:00

README 

"pkcs11-hmacmd5" is here to check for the presence of a known bug in
the Thales nCipher PKCS#11 provider library.  To test for the bug, use
pkcs11-hmacmd5 to hash a test vector from RFC 2104, and determine
whether the resulting digest is is correct.  For instance:

    echo -n "Hi There" | \
        ./pkcs11-hmacmd5 -p <PIN> -k '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'

...must return "9294727a3638bb1c13f48ef8158bfc9d".

If any other value is returned, then the provider library is buggy,
and theflag PK11_MD5_HMAC_REPLACE must be defined in
lib/isc/include/pk11/site.h
However, if the correct value is returned, then it is safe to turn
off PK11_MD5_HMAC_REPLACE. (It is on by default.)