[Freeipa-devel] [PATCH 0031] Update PKCS#11 mechanism constants for AES key wrapping to PKCS#11 v2.40
Martin Basti
mbasti at redhat.com
Wed Jun 10 13:53:06 UTC 2015
On 08/06/15 16:18, Petr Spacek wrote:
> Hello,
>
> Update PKCS#11 mechanism constants for AES key wrapping to PKCS#11 v2.40.
>
> SoftHSM 2.0.0rc1 was updates to these new constants to avoid collision with
> Blowfish mechanisms.
>
>
> Older code *cannot* work SoftHSM 2.0.0rc1 and newer.
>
> Symptoms include errors like this:
>
> On DNSSEC key master:
> ipa-ods-exporter: _ipap11helper.Error: Error at key wrapping: get buffer
> length: 0x70
>
> On DNSSEC replicas:
> ipa-dnskeysyncd: subprocess.CalledProcessError: Command
> ''/usr/libexec/ipa/ipa-dnskeysync-replica'' returned non-zero exit status 1
>
ACK
--
Martin Basti
More information about the Freeipa-devel
mailing list