I'm trying to debug an SSL connection to a webserver utilizing my PIV Authentication Certificate and the associated private key on my card and I believe I've found a bug in mechanism.c
I *think* I'm doing everything correctly, although documentation on the engine in openssl are *very* sparse. Here's how I'm setting up the connection. openssl engine -t dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:src/pkcs11/.libs/opensc-pkcs11.so -pre VERBOSE s_client -engine pkcs11 -connect webserver:443 -CAfile ca.crt -cert pivauth.crt -certform PEM -key 1:01 -keyform engine -prexit According to the opensc tools, my card is in slot 1 and my key is id 01. I'm fairly certain I'm using the -key and -keyform parameters correctly but I'm not sure of -cert and -certform. Should I instead be telling openssl how to pull the cert from my card instead of the local file (which corresponds with the key?) How do I do that? (I've tried a few ways.) This will prompt me for my pin, but then segfaults on line 428 of mechanism.c -- seemingly data is pointing to an address but has no member buffer_len (this could be wrong, my c and gdb experience is highly lacking) Found slot: Broadcom Corp 5880 [Contacted SmartCard] (0123456789ABCD) 00 00 Found token: PIV_II (PIV Card Holder pin) Found 4 certificates: 1 Certificate for PIV Authentication 2 Certificate for Digital Signature 3 Certificate for Key Management 4 Certificate for Card Authentication PKCS#11 token PIN: Found 4 keys: 1 P PIV AUTH key 2 P SIGN key 3 P KEY MAN key 4 P CARD AUTH key Program received signal SIGSEGV, Segmentation fault. 0x00002aaaac155660 in sc_pkcs11_signature_final (operation=0x6cb7d0, pSignature=0x7fffffffda30 "", pulSignatureLen=0x0) at mechanism.c:428 428 sc_log(context, "data length %li", data->buffer_len); (gdb) print data $1 = (struct signature_data *) 0x30 (gdb) print data->buffer_len Cannot access memory at address 0x248 (gdb) backtrace #0 0x00002aaaac155660 in sc_pkcs11_signature_final (operation=0x6cb7d0, pSignature=0x7fffffffda30 "", pulSignatureLen=0x0) at mechanism.c:428 #1 0x00002aaaab036e3d in look_str_cb () from /usr/lib/libcrypto.so.1.0.0 #2 0x00002aaaab04722c in lh_doall_arg () from /usr/lib/libcrypto.so.1.0.0 #3 0x00002aaaab03565c in engine_table_doall () from /usr/lib/libcrypto.so.1.0.0 #4 0x00002aaaab037203 in ENGINE_pkey_asn1_find_str () from /usr/lib/libcrypto.so.1.0.0 #5 0x00002aaaab071fa3 in EVP_PKEY_asn1_find_str () from /usr/lib/libcrypto.so.1.0.0 #6 0x00002aaaaad179d7 in ssl_create_cipher_list () from /usr/lib/libssl.so.1.0.0 #7 0x00002aaaaad10964 in SSL_CTX_new () from /usr/lib/libssl.so.1.0.0 #8 0x000000000043d07e in ?? () #9 0x0000000000419587 in ?? () #10 0x000000000041927d in ?? () #11 0x00002aaaab363725 in __libc_start_main () from /usr/lib/libc.so.6 #12 0x000000000041934d in ?? () #13 0x00007fffffffe598 in ?? () #14 0x0000000000000000 in ?? () Thanks for any advice/patches/help :) Matt _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
