upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-23 23:28:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/bin/tests/pkcs11
History
Mark Andrews e0449a0a4a 4450. [port] Provide more nuanced HSM support which better matches 
the specific PKCS11 providers capabilities. [RT #42458]

(cherry picked from commit 8ee6f289d8)
2016-08-19 08:25:54 +10:00
..
benchmarks update copyright notice / whitespace 2016-05-04 23:46:09 +00:00
.gitignore [v9_10] update gitignore files; use rev-parse to get srcid 2014-06-17 13:49:44 -07:00
Makefile.in 3738. [bug] --enable-openssl-hash failed to build. [RT #35343] 2014-02-13 15:09:08 +11:00
pkcs11-hmacmd5.c added print.h includes 2015-05-23 14:46:47 +02:00
pkcs11-md5sum.c added print.h includes 2015-05-23 14:46:47 +02:00
README 4450. [port] Provide more nuanced HSM support which better matches 2016-08-19 08:25:54 +10:00

README 

"pkcs11-hmacmd5" is here to check for the presence of a known bug in
the Thales nCipher PKCS#11 provider library.  To test for the bug, use
pkcs11-hmacmd5 to hash a test vector from RFC 2104, and determine
whether the resulting digest is is correct.  For instance:

    echo -n "Hi There" | \
        ./pkcs11-hmacmd5 -p <PIN> -k '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'

...must return "9294727a3638bb1c13f48ef8158bfc9d".

If any other value is returned, then the provider library is buggy,
and theflag PK11_MD5_HMAC_REPLACE must be defined in
lib/isc/include/pk11/site.h
However, if the correct value is returned, then it is safe to turn
off PK11_MD5_HMAC_REPLACE. (It is on by default.)