bind9

mirror of https://github.com/isc-projects/bind9.git synced 2026-02-23 18:04:10 -05:00

History

Evan Hunt acbb301e64 [master] better error output when initializing pkcs11 3786. [func] Provide more detailed error codes when using native PKCS#11. "pkcs11-tokens" now fails robustly rather than asserting when run against an HSM with an incomplete PCKS#11 API implementation. [RT #35479]		2014-03-12 20:52:01 -07:00
..
benchmarks	[master] better error output when initializing pkcs11	2014-03-12 20:52:01 -07:00
Makefile.in	3738. [bug] --enable-openssl-hash failed to build. [RT #35343 ]	2014-02-13 15:09:08 +11:00
pkcs11-hmacmd5.c	[master] better error output when initializing pkcs11	2014-03-12 20:52:01 -07:00
pkcs11-md5sum.c	[master] better error output when initializing pkcs11	2014-03-12 20:52:01 -07:00
README	[master] address several issues with native pkcs11	2014-01-18 11:51:07 -08:00

README

"pkcs11-hmacmd5" is here to check for the presence of a known bug in
the Thales nCipher PKCS#11 provider library.  To test for the bug, use
pkcs11-hmacmd5 to hash a test vector from RFC 2104, and determine
whether the resulting digest is is correct.  For instance:

    echo -n "Hi There" | \
        ./pkcs11-hmacmd5 -p <PIN> -k '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'

...must return "9294727a3638bb1c13f48ef8158bfc9d".

If any other value is returned, then the provider library is buggy,
and the compilation flag PKCS11CRYPTOWITHHMAC must *not* be defined.
However, if the correct value is returned, then it is safe to turn
on PKCS11CRYPTOWITHHMAC. (It is off by default.)