Adding upstream version 1:9.16.44.upstream/1%9.16.44

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-27 07:24:22 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-27 07:24:22 +0000
commit: 45d6379135504814ab723b57f0eb8be23393a51d (patch)
tree: d4f2ec4acca824a8446387a758b0ce4238a4dffa /bin/tests/pkcs11/README
parent: Initial commit. (diff)
download: bind9-45d6379135504814ab723b57f0eb8be23393a51d.tar.xz
bind9-45d6379135504814ab723b57f0eb8be23393a51d.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/bin/tests/pkcs11/README b/bin/tests/pkcs11/README
new file mode 100644
index 0000000..2b594d9
--- /dev/null
+++ b/bin/tests/pkcs11/README
@@ -0,0 +1,15 @@
+"pkcs11-hmacmd5" is here to check for the presence of a known bug in
+the Thales nCipher PKCS#11 provider library.  To test for the bug, use
+pkcs11-hmacmd5 to hash a test vector from RFC 2104, and determine
+whether the resulting digest is is correct.  For instance:
+
+    echo -n "Hi There" | \
+        ./pkcs11-hmacmd5 -p <PIN> -k '0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b'
+
+...must return "9294727a3638bb1c13f48ef8158bfc9d".
+
+If any other value is returned, then the provider library is buggy,
+and theflag PK11_MD5_HMAC_REPLACE must be defined in
+lib/isc/include/pk11/site.h
+However, if the correct value is returned, then it is safe to turn
+off PK11_MD5_HMAC_REPLACE. (It is on by default.)
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-27 07:24:22 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-27 07:24:22 +0000
commit	45d6379135504814ab723b57f0eb8be23393a51d (patch)
tree	d4f2ec4acca824a8446387a758b0ce4238a4dffa /bin/tests/pkcs11/README
parent	Initial commit. (diff)
download	bind9-45d6379135504814ab723b57f0eb8be23393a51d.tar.xz bind9-45d6379135504814ab723b57f0eb8be23393a51d.zip