bind-9.7.1, opessl-0.9.8l and pkcs11 issue
Zbigniew Jasiński
szopen at nask.pl
Thu Jun 24 14:02:08 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
i'm trying to compile on my Linux (actually this is fedora 13, 32bit
arch) latest bind-9.7.1 with openssl-0.9.8l and pkcs11 patch (everything
according to README.pkcs11 from sun's patch), for working with softhsm
from opendnssec project. as pkcs11 engine, i use engine_pkcs11 from
opensc project (http://www.opensc-project.org/engine_pkcs11/).
compilation seems to be fine, ending without any errors but...
when i test openssl:
$ ./openssl engine pkcs11
(pkcs11) pkcs11 engine
$ ./openssl engine pkcs11 -t
(pkcs11) pkcs11 engine
[ available ]
looks fine.
trying pkcs11 tools from bind:
$ ./pkcs11-list
Enter Pin:
object[0]: handle 2 class 2 label[10] 'sample-ksk' id[0]
object[1]: handle 1 class 3 label[10] 'sample-ksk' id[0]
$ ./pkcs11-keygen -b 1024 -l sample-zsk
Enter Pin:
$ ./pkcs11-list
Enter Pin:
object[0]: handle 4 class 2 label[10] 'sample-zsk' id[0]
object[1]: handle 3 class 3 label[10] 'sample-zsk' id[0]
object[2]: handle 2 class 2 label[10] 'sample-ksk' id[0]
object[3]: handle 1 class 3 label[10] 'sample-ksk' id[0]
trying dnssec* tools:
$ ./dnssec-keyfromlabel -l sample-ksk example.net
Segmentation fault
Program received signal SIGSEGV, Segmentation fault.
0x0816a858 in EVP_PKEY_get1_RSA ()
(gdb) bt
#0 0x0816a858 in EVP_PKEY_get1_RSA ()
#1 0x082099ba in __dso_handle ()
#2 0x00000001 in ?? ()
#3 0x080c97e0 in opensslrsa_fromlabel (key=0xd52008, engine=0x82099ba
"pkcs11", label=0xd4f030 "pkcs11:sample-ksk", pin=0x0) at
opensslrsa_link.c:1344
#4 0x080c28da in dst_key_fromlabel (name=0xbffff370, alg=5, flags=256,
protocol=3, rdclass=1, engine=0x82099ba "pkcs11",
label=0xd4f030 "pkcs11:sample-ksk", pin=0x0, mctx=0x8265008,
keyp=0xbffff694) at dst_api.c:744
#5 0x0804b56d in main (argc=4, argv=0xbffff764) at
dnssec-keyfromlabel.c:444
so, is this even working?
- --
pozdrawiam
zbigniew jasinski
[SYStem OPerator]
.: www.dns.pl :.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJMI2VgAAoJEH26UYiRhe/goakQALH6ltqnTZbAZthpHsvTMMgs
mBYYKZbUdhiJvXNkLQG1OwxVJ8Wa6e5gbG1dt1aiKF7uB6i5W0v5Zjuztt+5NW7S
fE92muJ+xqykoCRTmiKxSZzJPWajNQkx7637pEK9qpCEXUnU6C87NDj3FD1y49il
jboehTKgiqJnJY684SR1sxk+nfZT2MihraIn66pkN1it9ZIOxllxszP/pngo94bj
KPi8ByJmBjlZsuYbmVPOduRyXZT1ZS/wu/MAoDgIVExLwazfmgBctgkLWWIO287R
otqR7atHyy4DoBZuglTVbZx3pcOIm38mEslJ8gSfWGBsVV7uie8uDFbOh4bpuBTN
0TEjFR9iY+LzApFNzzRXGgGxGz3jV4TaLSWF3mnQrEIg73k4AOuy/J1T+OZEoVhM
GxTN4qJf2RPvFMJ5UyEJpak5rwOSPScFBPxKrG6CAKv2Ae7GGONGBhisBjeSfX+W
kf2uCt9wtXVnFjO0mksWJeDzkLzxEirHO5E38PlJQa0LypBHra7jnkZjrVYcRE5V
1ej0DpcfXW/yWi+x11aR6EJ8SdzvWeg+od7WA6NgnRcvAVkDUMYbm+D6W6LPdah6
OPdKJD54DfccACgxndD7/JE5yI6iRmY9F6DcA55HAdjzMNIeSAsmshqYONITBYQc
WCQMIssfXdecqYNy/fG3
=FRZB
-----END PGP SIGNATURE-----
More information about the bind-workers
mailing list