diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 18:37:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 18:37:14 +0000 |
commit | ea648e70a989cca190cd7403fe892fd2dcc290b4 (patch) | |
tree | e2b6b1c647da68b0d4d66082835e256eb30970e8 /bin/tests/pkcs11/README | |
parent | Initial commit. (diff) | |
download | bind9-ea648e70a989cca190cd7403fe892fd2dcc290b4.tar.xz bind9-ea648e70a989cca190cd7403fe892fd2dcc290b4.zip |
Adding upstream version 1:9.11.5.P4+dfsg.upstream/1%9.11.5.P4+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'bin/tests/pkcs11/README')
-rw-r--r-- | bin/tests/pkcs11/README | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/bin/tests/pkcs11/README b/bin/tests/pkcs11/README new file mode 100644 index 0000000..2b594d9 --- /dev/null +++ b/bin/tests/pkcs11/README @@ -0,0 +1,15 @@ +"pkcs11-hmacmd5" is here to check for the presence of a known bug in +the Thales nCipher PKCS#11 provider library. To test for the bug, use +pkcs11-hmacmd5 to hash a test vector from RFC 2104, and determine +whether the resulting digest is is correct. For instance: + + echo -n "Hi There" | \ + ./pkcs11-hmacmd5 -p <PIN> -k '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b' + +...must return "9294727a3638bb1c13f48ef8158bfc9d". + +If any other value is returned, then the provider library is buggy, +and theflag PK11_MD5_HMAC_REPLACE must be defined in +lib/isc/include/pk11/site.h +However, if the correct value is returned, then it is safe to turn +off PK11_MD5_HMAC_REPLACE. (It is on by default.) |