private key not available for client_cert_cb

Tue Jan 12 07:17:33 UTC 2021

I'm running this in Windows 10 and when I load the smart card middleware 
PKCS11 DLL, I see the exception:

    Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
    exception: unsigned long at memory location 0x07FCFA00.

During mutual authentication, I also see alot of other exceptions such as:

    Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
    exception: AI::Middleware::CMWException at memory location 0x032FD2D0.

I traced them down to various PKCS11 calls on the card in libp11.
e.g.
the function call to C_GetSlotList(...) in the file p11_slot.c triggers 
an exception:

    int pkcs11_enumerate_slots(PKCS11_CTX *ctx, PKCS11_SLOT **slotp,
    unsigned int *countp)
    {
    . . .
    *rv = cpriv->method->C_GetSlotList(FALSE, NULL_PTR, &nslots);*
    . . .
    }

It is interesting to note that this function seems to get called 
multiple times and it eventually works. I do not fully understand 
how/why the code does that and if this is the design intent. The 
exceptions don't seem to have any effect on the functionality, but I 
still need to understand why they are occurring.

It looks like someone else using a smart card has also encountered 
similar problems in Windows but there is no real answer as to why they 
are occurring:
https://www.codeproject.com/Questions/1254182/Smart-card-apis-throw-first-chance-exceptions-but

Thanks,
George

On 2021-01-11 9:41 a.m., Michael Wojcik wrote:
>> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of George
>> Sent: Sunday, 10 January, 2021 21:01
>> Right now I am using the "libp11" DLL (i.e. libp11-libp11-0.4.11\src\pkcs11.dll)
>> with my PKCS11 smart card middleware DLL. Should I be using the OpenSC pkcs11 DLL
>> instead of my middleware DLL if I am using libp1?
> Honestly, I have no idea. It's been years since I worked with PKCS#11, and then I was using a single piece of test hardware. I got it working with OpenSSL using the OpenSC modules, but that may have been specific to my case.
>
>> Do you know if it is normal to see exceptions related to the PKCS11 function calls
>> in the libp11 code? For example, I can see  the following function generate an
>> exception on C_GetSlotList(...) multiple times but it eventually is successful.
>> Is this normal behaviour?
> What sort of "exception"? A Windows exception? UNIX signal? C++ exception?
>
> My initial guess would be that this is a timing issue - maybe the device needs some time to become available, for example. But that's just a guess. Maybe someone with more experience with a variety of HSMs and PKCS#11 will weigh in.
>
> --
> Michael Wojcik

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210112/01573f1c/attachment.html>