upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-26 03:11:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/bin/tests/pkcs11/README
Mark Andrews 8ee6f289d8 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]
2016-08-19 08:02:51 +10:00

15 lines
684 B
Text
Raw Blame History

"pkcs11-hmacmd5" is here to check for the presence of a known bug in
the Thales nCipher PKCS#11 provider library. To test for the bug, use
pkcs11-hmacmd5 to hash a test vector from RFC 2104, and determine
whether the resulting digest is is correct. For instance:
echo -n "Hi There" | \
./pkcs11-hmacmd5 -p <PIN> -k '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'
...must return "9294727a3638bb1c13f48ef8158bfc9d".
If any other value is returned, then the provider library is buggy,
and theflag PK11_MD5_HMAC_REPLACE must be defined in
lib/isc/include/pk11/site.h
However, if the correct value is returned, then it is safe to turn
off PK11_MD5_HMAC_REPLACE. (It is on by default.)
Reference in a new issue View git blame Copy permalink