Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 633
    • Issues 633
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 87
    • Merge requests 87
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • BINDBIND
  • Issues
  • #2178
Closed
Open
Issue created Sep 22, 2020 by Peter Davies@peterdDeveloper

dnssec-keyfromlabel ECDSAP256SHA256 error on AEP Keypers HSM

Summary

When attempting to generate a ECDSAP256SHA256 key pair from a AEP Keypers HSM dnssec-keyfromlabel exits with a segment fault. For core an binary see RT #17055

BIND version used

BIND 9.16.6 (Stable Release) id:25846cf running on Linux x86_64 3.10.0-1062.12.1.el7.x86_64 #1 SMP Tue Feb 4 23:02:59 UTC 2020 built by make with '--with-openssl=/opt/openssl-versions/openssl-1.1.1g/' '--prefix=/opt/bind-versions/bind-9.16.6' '--with-pkcs11=/opt/Keyper/PKCS11Provider-versions/PKCS11Provider-5.05/pkcs11.so' +'PKG_CONFIG_PATH=/opt/openssl-versions/openssl-1.1.1g/lib/pkgconfig'. compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-39). compiled with OpenSSL version: OpenSSL 1.1.1g 21 Apr 2020
linked to OpenSSL version: OpenSSL 1.1.1g 21 Apr 2020
compiled with libuv version: 1.38.0
linked to libuv version: 1.38.0
compiled with zlib version: 1.2.7
linked to zlib version: 1.2.7
threads support is enabled

default paths: named configuration: /opt/bind-versions/bind-9.16.6/etc/named.conf rndc configuration: /opt/bind-versions/bind-9.16.6/etc/rndc.conf DNSSEC root key: /opt/bind-versions/bind-9.16.6/etc/bind.keys nsupdate session key: /opt/bind-versions/bind-9.16.6/var/run/named/session.key named PID file: /opt/bind-versions/bind-9.16.6/var/run/named/named.pid named lock file: /opt/bind-versions/bind-9.16.6/var/run/named/named.lock

Steps to reproduce

dnssec-keyfromlabel -E pkcs11 -a ECDSAP256SHA256 -l "token=prod.fr;object=re9166-zsk;pin-value=XXXX"

What is the current bug behavior?

Segmentation fault (core dumped)

What is the expected correct behavior?

Generation of key pair

Relevant configuration files

OpenSSL 1.1.1g 21 Apr 202

OpenSSL configuration:

openssl_conf = openssl_init [...] [ openssl_init ] engines = engine_section

[ engine_section ] pkcs11 = pkcs11_section

[ pkcs11_section ] engine_id = pkcs11
dynamic_path = /opt/bind/engines/pkcs11.so
MODULE_PATH = /opt/Keyper/PKCS11Provider-versions/PKCS11Provider-5.05/pkcs11.so
init = 0

Edited Sep 22, 2020 by Peter Davies
Assignee
Assign to
Time tracking