> From: openssl-users On Behalf Of George
> Sent: Tuesday, 12 January, 2021 00:18
> I'm running this in Windows 10 and when I load the smart card middleware
> PKCS11 DLL, I see the exception:
> Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception:
> unsigned long at memory locati
I'm running this in Windows 10 and when I load the smart card middleware
PKCS11 DLL, I see the exception:
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
exception: unsigned long at memory location 0x07FCFA00.
During mutual authentication, I also see alot of other exceptions
I found out what my problem is! I'm running it in FIPS mode and this
causes the PKCS11 engine to fail during mutual authentication. I
eventually traced the problem to the following issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1827535
It looks like there is a bug in libp11. Once I made the
Hi,
On 08/01/21 22:35, George wrote:
Hi,
I have been trying to setup mutual authentication using a smart
card but I can't seem to get the OpenSSL Engine to send a response
back to the server containing client's certificate from the smart card.
I'm using the following to configure the cer
> From: openssl-users On Behalf Of George
> Sent: Sunday, 10 January, 2021 21:01
> Right now I am using the "libp11" DLL (i.e.
> libp11-libp11-0.4.11\src\pkcs11.dll)
> with my PKCS11 smart card middleware DLL. Should I be using the OpenSC pkcs11
> DLL
> instead of my middleware DLL if I am usin
Hi,
I had a look at the pkcs11-helper and can see where the
RSA_METHOD_FLAG_NO_CHECK is being set. It's using a session object
called pkcs11h_openssl_session_t, which I do not see in the libp11 or
openSC code.
Right now I am using the "libp11" DLL (i.e.
libp11-libp11-0.4.11\src\pkcs11.d
> From: openssl-users On Behalf Of George
> Sent: Friday, 8 January, 2021 14:35
> The comment indicates that the flag RSA_METHOD_FLAG_NO_CHECK should be set
> for smart cards[...]
> However, it is not actually set when I use a debugger to inspect the flag.
> Does it need to be set? If so, how is
Hi,
I have been trying to setup mutual authentication using a smart card
but I can't seem to get the OpenSSL Engine to send a response back to
the server containing client's certificate from the smart card.
I'm using the following to configure the certificate and private key:
ENGINE_c
Hi,
On 05/01/21 07:39, George wrote:
Hi,
I was looking at the code in
https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c and
realized I forgot to call ENGINE_ctrl_cmd(...) to setup
"LOAD_CERT_CTRL". However, when I do this, the callback function is no
longer being called duri
Hi,
I was looking at the code in
https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c and
realized I forgot to call ENGINE_ctrl_cmd(...) to setup
"LOAD_CERT_CTRL". However, when I do this, the callback function is no
longer being called during the mutual authentication handshake.
Hi,
On 20/12/20 09:39, George wrote:
Hi,
I tried running the "s_client" command and it appears to be working.
I guess there must be something wrong in my code.
it is good news that the s_client command is working - it means there is
something wrong with your code but you have everything
Hi,
I tried running the "s_client" command and it appears to be working.
I guess there must be something wrong in my code.
My crash occurs when I call
ENGINE_init(pkey_engine);
I notice your code does not call this function. Is this needed needed?
If so, when/where should it be called?
Hi,
On 19/12/20 04:48, George wrote:
Hi,
I narrowed the problem down to
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL)
This causes the initial exception
Exception thrown at 0x757346D2 in GENCom.exe: Microsoft C++ exception:
unsigned long at memory location 0x006FCD68.
It looks like so
Hi,
I narrowed the problem down to
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL)
This causes the initial exception
Exception thrown at 0x757346D2 in GENCom.exe: Microsoft C++ exception:
unsigned long at memory location 0x006FCD68.
It looks like some of the Engine methods cause an excep
Hi,
On 18/12/20 06:21, George wrote:
Hi,
I'm able to setup the engine now, but as soon as I attempt to
execute the command
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
,I see all kinds of middleware exceptions being generated:
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft
Hi,
I'm able to setup the engine now, but as soon as I attempt to
execute the command
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
,I see all kinds of middleware exceptions being generated:
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++ exception:
unsigned long at memor
On 17/12/20 14:55, George wrote:
Ok. So I use the libp11 project DLL file for the SO_PATH and my smart
card middleware DLL for the MODULE_PATH when setting up the OpenSSL
Engine?
yes just like in the example I posted below.
I would recommend the p11 wiki page to do it using the command line
Ok. So I use the libp11 project DLL file for the SO_PATH and my smart
card middleware DLL for the MODULE_PATH when setting up the OpenSSL Engine?
Thanks,
George
On 2020-12-17 3:22 a.m., Jan Just Keijser wrote:
Hi,
On 16/12/20 20:26, George wrote:
Hi,
I've been looking at the code in t
Hi,
On 16/12/20 20:26, George wrote:
Hi,
I've been looking at the code in the pppd EAP-TLS patch, but I
can't seem to load the engine with the pkcs11 DLL. It is failing with
the error:
error:2507606A:DSO support routines:WIN32_BIND_FUNC:could not bind to
the requested symbol name
I've
Hi,
I've been looking at the code in the pppd EAP-TLS patch, but I can't
seem to load the engine with the pkcs11 DLL. It is failing with the error:
error:2507606A:DSO support routines:WIN32_BIND_FUNC:could not bind to
the requested symbol name
I've verified the path is correct.
I am usi
Hi,
On 14/12/20 21:01, George wrote:
Ok, so I am not actually going to populate EVP_PKEY with a private key
in the callback function:
int (*client_cert_cb)(SSL *ssl, X509 **x509, *EVP_PKEY **pkey*)?
Instead, I will call
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
UI_METHO
> From: openssl-users On Behalf Of George
> Sent: Monday, 14 December, 2020 13:01
> Once I get the resulting EVP_PKEY using ENGINE_load_private_key(...),
> how do I assign it to pkey in the callback function?
I don't know offhand. As I said in my other message, that's not an area I had
to get
Ok, so I am not actually going to populate EVP_PKEY with a private key
in the callback function:
int (*client_cert_cb)(SSL *ssl, X509 **x509, *EVP_PKEY **pkey*)?
Instead, I will call
EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
UI_METHOD *ui_method, void *callback_data);
to
> From: openssl-users On Behalf Of George
> Sent: Monday, 14 December, 2020 09:36
> I see what you mean. So once I have everything setup, i use the following
> to get the private key:
> EVP_PKEY *pkey = ENGINE_load_private_key(...);
>
> Will pkey actually contain the private key from the smart
How I did this:
1) You can make up your own EVP_PKEY that uses your own engine implementation
and attach a data ptr to it
EVP_PKEY* returnPKey;
returnPKey = EVP_PKEY_new();
if( returnPKey )
{
Hi Michael,
I see what you mean. So once I have everything setup, i use the
following to get the private key:
EVP_PKEY *pkey = ENGINE_load_private_key(pkey_engine, pkey_identifier,
transfer_pin, &cb_data);
Will pkey actually contain the private key from the smart card? I
thought it was no
> From: openssl-users On Behalf Of George
> Sent: Monday, 14 December, 2020 08:15
> Thanks for your response. It looks like I don't already have the PPP and
> PPPD.
You don't need PPP to use a smartcard or other PKCS#11 device. Jan just
mentioned the source as a exemplar of the interactions
Hi Jan,
Thanks for your response. It looks like I don't already have the PPP
and PPPD. Do I need to download and install the following?
https://github.com/jjkeijser/ppp/tree/eap-tls
I am using OpenSSL in Windows 10 and compiled it with Visual Studio
2019. Will this EAP-TLS code compile/wor
Hi,
On 14/12/20 08:08, George wrote:
Hi,
I'm new to OpenSSL and am trying to set up mutual authentication in
a client. The client is setup with OpenSSL 1.0.2u. and the client's
certificate + private key is stored on a Smart Card. When the client
receives a certificate request from the se
29 matches
Mail list logo