<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">Hi,<br>
<br>
I narrowed the problem down to <br>
<font face="monospace">ENGINE_set_default(pkey_engine,
ENGINE_METHOD_ALL)</font><br>
<br>
This causes the initial exception<br>
<font face="monospace">Exception thrown at 0x757346D2 in
GENCom.exe: Microsoft C++ exception: unsigned long at memory
location 0x006FCD68.<br>
</font><br>
It looks like some of the Engine methods cause an exception, but
not all of them:<br>
<b><br>
Works:</b><br>
<font face="monospace">ENGINE_METHOD_CIPHERS<br>
ENGINE_METHOD_DIGESTS<br>
ENGINE_METHOD_DSA<br>
ENGINE_METHOD_DH<br>
ENGINE_METHOD_RAND<br>
ENGINE_METHOD_PKEY_ASN1_METHS</font><br>
<br>
<b>Causes An Exception:</b><br>
<font face="monospace">ENGINE_METHOD_RSA<br>
ENGINE_METHOD_ECDH<br>
ENGINE_METHOD_ECDSA<br>
ENGINE_METHOD_PKEY_METHS</font><br>
<br>
<br>
Is that normal behaviour, or is something wrong? Is there a way to
find the supported engine methods to avoid triggering an
exception?<br>
<br>
It seems like alot of other smaple code I have looked at calls<br>
<font face="monospace">ENGINE_init(pkey_engine);<br>
<br>
</font>Is the needed? When I call it, it always returns with "0".
Should it be returning with "1"?<br>
<br>
I did some testing in the OpenSSL command line, and here is what I
found:<br>
<blockquote>- The command line "speed" test appears to be fine:<br>
<blockquote><font face="monospace">OpenSSL> speed -engine
pkcs11<br>
engine "pkcs11" set.<br>
Doing mdc2 for 3s on 16 size blocks: 2688737 mdc2's in 2.98s<br>
Doing mdc2 for 3s on 64 size blocks: 880529 mdc2's in 3.00s<br>
Doing mdc2 for 3s on 256 size blocks: 240916 mdc2's in 2.98s<br>
Doing mdc2 for 3s on 1024 size blocks: 61287 mdc2's in 3.00s<br>
Doing mdc2 for 3s on 8192 size blocks: 7774 mdc2's in 2.98s<br>
.<br>
.<br>
.</font><br>
</blockquote>
- I also tried the following, which successfully created the
PEM files:<br>
<blockquote><font face="monospace"><font face="monospace">OpenSSL>
</font>req -engine pkcs11 -new -key
"pkcs11:object=Authentication -
*;type=private;pin-value=123456" -keyform engine -out
req2.pem -text -x509 -subj "/CN=*"<br>
</font><font face="monospace"><font face="monospace">OpenSSL>
</font>x509 -engine pkcs11 -signkey
"pkcs11:object=Authentication -
*;type=private;pin-value=123456" -keyform engine -in
req2.pem -out cert2.pem<br>
</font></blockquote>
</blockquote>
<br>
<br>
<br>
<br>
Thanks,<br>
George<br>
<br>
<br>
On 2020-12-18 3:40 a.m., Jan Just Keijser wrote:<br>
</div>
<blockquote type="cite"
cite="mid:8038268f-fd47-1ef8-7dec-ce365b0d453e@nikhef.nl">Hi,
<br>
<br>
On 18/12/20 06:21, George wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
I'm able to setup the engine now, but as soon as I attempt to
execute the command
<br>
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
<br>
,I see all kinds of middleware exceptions being generated:
<br>
<br>
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
exception: unsigned long at memory location 0x07FCFA00.
<br>
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
exception: AI::Middleware::CMWException at memory location
0x032FD2D0.
<br>
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
exception: AI::Middleware::CMWException at memory location
0x032FD2D0.
<br>
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
exception: AI::Middleware::CMWException at memory location
0x032FD2D0.
<br>
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
exception: AI::Middleware::CMWException at memory location
0x032FD2D0.
<br>
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
exception: AI::Middleware::CMWException at memory location
0x032FD2D0.
<br>
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
exception: AI::Middleware::CMWException at memory location
0x032FD2D0.
<br>
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
exception: AI::Middleware::CMWException at memory location
0x032FD2D0.
<br>
Exception thrown at 0x773046D2 in GENCom.exe: Microsoft C++
exception: AI::Middleware::CMWException at memory location
0x032FD2D0.
<br>
.
<br>
.
<br>
.
<br>
<br>
<br>
Do you have any idea what is causing these errors? Am I missing
something in the configuration? When I use the OpenSSL command
line debugger, there are no errors:
<br>
<br>
OpenSSL> engine -t dynamic -pre
"SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll"
-pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
"MODULE_PATH:C:\Program Files (x86)\HID
Global\ActivClient\\acpkcs211.dll"
<br>
(dynamic) Dynamic engine loading support
<br>
[Success]:
SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll
<br>
[Success]: ID:pkcs11
<br>
[Success]: LIST_ADD:1
<br>
[Success]: LOAD
<br>
[Success]: MODULE_PATH:C:\Program Files (x86)\HID
Global\ActivClient\\acpkcs211.dll
<br>
Loaded: (pkcs11) pkcs11 engine
<br>
[ available ]
<br>
OpenSSL>
<br>
<br>
<br>
Here is what my simplified code looks like:
<br>
<br>
char* enginePluginLibrary =
"C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll";
<br>
char* pkcs11MiddlewareLibrary = "C:\\Program Files (x86)\\HID
Global\\ActivClient\\acpkcs211.dll";
<br>
ENGINE_load_builtin_engines();
<br>
ENGINE_register_all_complete();
<br>
ENGINE *pkey_engine = ENGINE_by_id("dynamic");
<br>
<br>
ENGINE_ctrl_cmd_string(pkey_engine, "SO_PATH",
enginePluginLibrary, 0);
<br>
ENGINE_ctrl_cmd_string(pkey_engine, "ID", "pkcs11", 0);
<br>
ENGINE_ctrl_cmd_string(pkey_engine, "LIST_ADD", "1", 0);
<br>
ENGINE_ctrl_cmd_string(pkey_engine, "LOAD", NULL, 0);
<br>
ENGINE_ctrl_cmd_string(pkey_engine, "MODULE_PATH",
pkcs11MiddlewareLibrary, 0);
<br>
ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL);
<br>
<br>
<br>
</blockquote>
main difference between the OPENSSL.EXE example and your code is
that last call:
<br>
<br>
here's wat "ENGINE_set_default(pkey_engine, ENGINE_METHOD_ALL)"
does:
<br>
<br>
<br>
int ENGINE_set_default(ENGINE *e, unsigned int flags)
<br>
{
<br>
if ((flags & ENGINE_METHOD_CIPHERS) &&
!ENGINE_set_default_ciphers(e))
<br>
return 0;
<br>
if ((flags & ENGINE_METHOD_DIGESTS) &&
!ENGINE_set_default_digests(e))
<br>
return 0;
<br>
#ifndef OPENSSL_NO_RSA
<br>
if ((flags & ENGINE_METHOD_RSA) &&
!ENGINE_set_default_RSA(e))
<br>
return 0;
<br>
#endif
<br>
#ifndef OPENSSL_NO_DSA
<br>
if ((flags & ENGINE_METHOD_DSA) &&
!ENGINE_set_default_DSA(e))
<br>
return 0;
<br>
#endif
<br>
#ifndef OPENSSL_NO_DH
<br>
if ((flags & ENGINE_METHOD_DH) &&
!ENGINE_set_default_DH(e))
<br>
return 0;
<br>
#endif
<br>
#ifndef OPENSSL_NO_ECDH
<br>
if ((flags & ENGINE_METHOD_ECDH) &&
!ENGINE_set_default_ECDH(e))
<br>
return 0;
<br>
#endif
<br>
#ifndef OPENSSL_NO_ECDSA
<br>
if ((flags & ENGINE_METHOD_ECDSA) &&
!ENGINE_set_default_ECDSA(e))
<br>
return 0;
<br>
#endif
<br>
if ((flags & ENGINE_METHOD_RAND) &&
!ENGINE_set_default_RAND(e))
<br>
return 0;
<br>
if ((flags & ENGINE_METHOD_PKEY_METHS)
<br>
&& !ENGINE_set_default_pkey_meths(e))
<br>
return 0;
<br>
if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS)
<br>
&& !ENGINE_set_default_pkey_asn1_meths(e))
<br>
return 0;
<br>
return 1;
<br>
}
<br>
<br>
(from the openssl 1.0.2 source tree)
<br>
It could be that one of those methods is not throwing the errors
with your smart card.
<br>
I'd advise you to test your smart card capabilities . It might
also be useful to do more command line testing with your smartcard
using
<br>
<br>
engine -vvvv -t dynamic -pre
"SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll"
-pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
"MODULE_PATH:C:\Program Files (x86)\HID
Global\ActivClient\\acpkcs211.dll"
<br>
<br>
and then try out certain operations, like encrypt/decrypt or
simply use the command
<br>
speed
<br>
<br>
and watch for any errors - that should give you a hint which
method is not supported by your smart card.
<br>
<br>
HTH,
<br>
<br>
JJK
<br>
<blockquote type="cite">
<br>
</blockquote>
</blockquote>
<br>
</body>
</html>