X-Scanned-BY: MIMEDefang 2.68 on 10.5.11.24
MIME-Version: 1.0
X-Spam-Status: No, score=-7.2 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.1
content-type: text/plain; charset="utf-8"; format="flowed"
Message-ID: <530E0424.1030407@redhat.com>
Organization: Red Hat
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) by bugs.isc.org (Postfix) with ESMTP id 397A92D20051 for <bind9-bugs@bugs.isc.org>; Wed, 26 Feb 2014 15:11:58 +0000 (UTC)
Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id C4B51C94D3 for <bind9-bugs@isc.org>; Wed, 26 Feb 2014 15:11:45 +0000 (UTC) (envelope-from pspacek@redhat.com)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.pao1.isc.org (Postfix) with ESMTP for <bind9-bugs@isc.org>; Wed, 26 Feb 2014 15:11:39 +0000 (UTC) (envelope-from pspacek@redhat.com)
Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s1QFBbPa018515 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <bind9-bugs@isc.org>; Wed, 26 Feb 2014 10:11:38 -0500
Received: from pspacek.brq.redhat.com (vpn1-4-54.ams2.redhat.com [10.36.4.54]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s1QFBZWj032015 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for <bind9-bugs@isc.org>; Wed, 26 Feb 2014 10:11:37 -0500
X-DCC-X.dcc-Servers-Metrics: post.isc.org 104; Body=1 Fuz1=1 Fuz2=1
Delivered-To: bind9-bugs@bugs.isc.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
Subject: --enable-native-pkcs11 doesn't work with SoftHSM
Return-Path: <pspacek@redhat.com>
X-Original-To: bind9-bugs@bugs.isc.org
Date: Wed, 26 Feb 2014 16:11:32 +0100
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mx.pao1.isc.org
To: bind9-bugs@isc.org
Content-Transfer-Encoding: 7bit
From: Petr Spacek <pspacek@redhat.com>
X-RT-Original-Encoding: ISO-8859-1
Content-Length: 3405

Hello,

I'm trying to test BIND 9.10.0b1 with SoftHSM 1.3.3-4.fc20.x86_64 and it 
doesn't work.

I'm trying to make it work for some time now but it seems like regression 
introduced some time after BIND 9.9.4-P2 to me.

SoftHSM seems initialized:
$ softhsm --show-slots
Available slots:
Slot 0
            Token present: yes
            Token initialized: yes
            User PIN initialized: yes
            Token label: OpenDNSSEC


But pkcs11-list fails:
$ pkcs11-list
Enter Pin:
pk11.c:315: fatal error: Can't find digest service
Aborted


$ ltrace pkcs11-list
__libc_start_main(0x400ca0, 1, 0x7fffef224088, 0x4013e0 <unfinished ...>
isc_commandline_parse(1, 0x7fffef224088, 0x4015ea, 0x4013e0) = 0xffffffff
getpass("Enter Pin: "Enter Pin:
) = "1234"
pk11_get_session(0x7fffef223cd0, 0, 0, 1pk11.c:315: fatal error: Can't find 
digest service
  <no return ...>
--- SIGABRT (Aborted) ---



The same version of SoftHSM works with pkcs11-list from BIND 9.9.4-P2:
$  pkcs11-list
Enter Pin:
object[0]: handle 6 class 2 label[10] 'sample-zsk' id[0]
object[1]: handle 5 class 3 label[10] 'sample-zsk' id[0]
object[2]: handle 4 class 2 label[10] 'sample-ksk' id[0]
object[3]: handle 3 class 3 label[10] 'sample-ksk' id[0]
object[4]: handle 2 class 2 label[10] 'OpenDNSSEC' id[0]
object[5]: handle 1 class 3 label[10] 'OpenDNSSEC' id[0]

$ ltrace -a0 pkcs11-list
__libc_start_main(0x400950, 1, 0x7fffc8a02bf8, 0x401680 <unfinished ...>
getenv("PKCS11_PROVIDER") = "/usr/lib64/softhsm/libsofthsm.so"...
getopt(1, 0x7fffc8a02bf8, ":m:s:i:l:p:P") = -1
dlopen("/usr/lib64/softhsm/libsofthsm.so"..., 2) = 0x1894040
dlsym(0x1894040, "C_Initialize") = 0x7f6c0bd57ac0
dlsym(0x1894040, "C_OpenSession") = 0x7f6c0bd56a30
getpass("Enter Pin: "Enter Pin:
) = "1234"
dlsym(0x1894040, "C_Login") = 0x7f6c0bd56b00
memset(0x18e4330, '\0', 4) = 0x18e4330
dlsym(0x1894040, "C_FindObjectsInit") = 0x7f6c0bd56c20
dlsym(0x1894040, "C_FindObjects") = 0x7f6c0bd56c50
dlsym(0x1894040, "C_GetAttributeValue") = 0x7f6c0bd56bc0
__printf_chk(1, 0x4019c0, 0, 6) = 57
putchar(10, 0x372bdbaa10, 57, 0x7fffffc8object[0]: handle 6 class 2 label[10] 
'sample-zsk' id[0]
) = 10
dlsym(0x1894040, "C_GetAttributeValue") = 0x7f6c0bd56bc0
__printf_chk(1, 0x4019c0, 1, 5) = 57
putchar(10, 0x372bdbaa10, 57, 0x7fffffc8object[1]: handle 5 class 3 label[10] 
'sample-zsk' id[0]
) = 10
dlsym(0x1894040, "C_GetAttributeValue") = 0x7f6c0bd56bc0
__printf_chk(1, 0x4019c0, 2, 4) = 57
putchar(10, 0x372bdbaa10, 57, 0x7fffffc8object[2]: handle 4 class 2 label[10] 
'sample-ksk' id[0]
) = 10
dlsym(0x1894040, "C_GetAttributeValue") = 0x7f6c0bd56bc0
__printf_chk(1, 0x4019c0, 3, 3) = 57
putchar(10, 0x372bdbaa10, 57, 0x7fffffc8object[3]: handle 3 class 3 label[10] 
'sample-ksk' id[0]
) = 10
dlsym(0x1894040, "C_GetAttributeValue") = 0x7f6c0bd56bc0
__printf_chk(1, 0x4019c0, 4, 2) = 57
putchar(10, 0x372bdbaa10, 57, 0x7fffffc8object[4]: handle 2 class 2 label[10] 
'OpenDNSSEC' id[0]
) = 10
dlsym(0x1894040, "C_GetAttributeValue") = 0x7f6c0bd56bc0
__printf_chk(1, 0x4019c0, 5, 1) = 57
putchar(10, 0x372bdbaa10, 57, 0x7fffffc8object[5]: handle 1 class 3 label[10] 
'OpenDNSSEC' id[0]
) = 10
dlsym(0x1894040, "C_FindObjects") = 0x7f6c0bd56c50
dlsym(0x1894040, "C_FindObjectsFinal") = 0x7f6c0bd56dd0
dlsym(0x1894040, "C_CloseSession") = 0x7f6c0bd56a70
dlsym(0x1894040, "C_Finalize") = 0x7f6c0bd57a50
exit(0 <no return ...>


Have a nice day!

-- 
Petr^2 Spacek