Re: [Opensc-devel] exceptions occur when I use LOAD_CERT_CTRL

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

    Thanks for your help. I was able to enable the debug compile/link in 
the make file and can now step through the code using the visual studio 
debugger.
It looks like the exception

    "Exception thrown at 0x75D046D2 in GENCom.exe: Microsoft C++
    exception: unsigned long at memory location 0x0355CE98. "

is caused by the following code in libp11-libp11-0.4.11\src\libpkcs11.c:

    C_LoadModule(const char *mspec, CK_FUNCTION_LIST_PTR_PTR funcs)
    {
    .
    .
    .
    #ifdef WIN32
         mod->handle = LoadLibraryA(mspec); *<=== *** Exception occurs
    here ****
    #else
    .
    .
    .
    }

I'm not exactly sure why this is happening, though.

After that, I then see alot of the following exceptions:

    Exception thrown at 0x76AC46D2 in GENCom.exe: Microsoft C++
    exception: AI::Middleware::CMWException at memory location 0x0375D26C.
    Exception thrown at 0x76AC46D2 in GENCom.exe: Microsoft C++
    exception: AI::Middleware::CMWException at memory location 0x0375D26C.
    Exception thrown at 0x76AC46D2 in GENCom.exe: Microsoft C++
    exception: AI::Middleware::CMWException at memory location 0x0375D26C.
    Exception thrown at 0x76AC46D2 in GENCom.exe: Microsoft C++
    exception: AI::Middleware::CMWException at memory location 0x0375D26C.
    .
    .
    .

Are these the result of the first exception, or is there a separate problem?

Thanks,
George

On 2021-01-06 8:26 a.m., Douglas E Engert wrote:
>
> ./src/eng_back.c ctx_load_cert() is expecting s_slot_cert_id is either 
> a URI based on RFC7512 or the old way as defined in
> ./src/eng_parse.c parse_slot_id_string. This looks like it is assuming 
> the slot is not defined and returns slot=-1 and the hex id.
>
>
> slot=-1 may not be the issue, but is easy to change.
>
> You are calling a routine that is normally called internally by libp11,
> so it may be missing some setup that libp11 would have done.
>
> Something else that might help in debugging is to use the OpenSC 
> pkcs11 SPY module as the module loaded.
>
> https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC#pkcs-11-spy
>
> On 1/5/2021 11:35 PM, George wrote:
>> Hi,
>>
>> I'm trying to use a certificate on a smart card with OpenSSL + libp11 
>> in Windows 10. However, when I attempt to configure the OpenSSL 
>> PKCS11 engine with "*LOAD_CERT_CTRL*", I'm seeing some exceptions. 
>> Here is my console output :
>>
>>     'GENCom.exe' (Win32): Loaded 
>> 'C:\Users\whipp\junk4\libp11-libp11-0.4.11\src\pkcs11.dll'. Module 
>> was built without symbols.
>>     *Exception thrown at 0x75D046D2 in GENCom.exe: Microsoft C++ 
>> exception: unsigned long at memory location 0x0355CE98.*
>>     *'GENCom.exe' (Win32): Loaded 'C:\Program Files (x86)\HID 
>> Global\ActivClient\ac.smmw.mwctl.dll'. *
>>     *'GENCom.exe' (Win32): Loaded 'C:\Program Files (x86)\HID 
>> Global\ActivClient\ac.smmw.common.srvprov.dll'. *
>>     *'GENCom.exe' (Win32): Loaded 'C:\Program Files (x86)\HID 
>> Global\ActivClient\ac.smmw.common.srvctl.dll'. *
>>     .
>>     .
>>     .
>>
>>
>> Here is a snippet of what my code looks like:
>>
>>     struct
>>     {
>>         const char* s_slot_cert_id;
>>         X509* cert;
>>     } cert_info;
>>     *cert_info.s_slot_cert_id = 
>> "a9bee4d72100c52f77c3fc288d2be01a34b5d44f91b3b7ea3d349b8a25752c45";*
>>     cert_info.cert = NULL;
>>
>>     *int return Code = ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, 
>> &cert_info, NULL, 0);*
>>     *returnCode = SSL_CTX_use_certificate(sslContext, cert_info.cert);*
>>
>> *
>>
>> *The return code from ENGINE_ctrl_cmd is "1" even though I am seeing 
>> some exceptions. Does anyone know what is causing the exceptions and 
>> how I can fix it?
>> Are there any debug logs I can look at? It seems like cert_info.cert 
>> is being populated with a value, but I am not sure if it is valid or 
>> not.*
>> *
>> The value 
>> "2b2586c684d69b670c0a805edf514e720f2b757d8e2faa0b3a7ff23d1ccfc7ba" is 
>> the object ID of the certificate on the smart card:
>>
>>     C:\Program Files\OpenSC Project\OpenSC\tools>pkcs11-tool 
>> --module="C:\Program Files\HID Global\ActivClient/acpkcs211.dll" -l -O
>>     Using slot 0 with a present token (0x0)
>>     Certificate Object; type = X.509 cert
>>        label:      Authentication - *
>>        subject:    DN: C=CA, ST=ON, L=OT, O=ABCD, OU=EFG, CN=*
>>     *ID: 
>> 2b2586c684d69b670c0a805edf514e720f2b757d8e2faa0b3a7ff23d1ccfc7ba*
>>     .
>>     .
>>     .
>>
>>
>> I tried to manually use LOAD_CERT_CTRL in the openssl shell but I 
>> cannot seem to get it to work and cannot find any examples of how to 
>> use it.  Is the syntax for *LOAD_CERT_CTRL* correct? Is there any 
>> detailed documentation on how to use it?
>>
>> Here is what I am trying to do
>>
>>     OpenSSL> engine -vvvv -t dynamic -pre 
>> "SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll" 
>> -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre "MODULE_PATH:C:\Program 
>> Files (x86)\HID
>>     Global\ActivClient\\acpkcs211.dll" -pre PIN:123456 -pre 
>> FORCE_LOGIN *-pre 
>> "LOAD_CERT_CTRL:a9bee4d72100c52f77c3fc288d2be01a34b5d44f91b3b7ea3d349b8a25752c45"
>>
>>     *(dynamic) Dynamic engine loading support
>>     [Success]: 
>> SO_PATH:C:\\Users\\whipp\\junk4\\libp11-libp11-0.4.11\\src\\pkcs11.dll
>>     [Success]: ID:pkcs11
>>     [Success]: LIST_ADD:1
>>     [Success]: LOAD
>>     [Success]: MODULE_PATH:C:\Program Files (x86)\HID 
>> Global\ActivClient\\acpkcs211.dll
>>     [Success]: PIN:123456
>>     [Success]: FORCE_LOGIN
>>     *[Failure]: 
>> LOAD_CERT_CTRL:a9bee4d72100c52f77c3fc288d2be01a34b5d44f91b3b7ea3d349b8a25752c45**
>>     **4196:error:260AB086:engine routines:ENGINE_ctrl_cmd_string:cmd 
>> not executable:.\crypto\engine\eng_ctrl.c:316:*
>>     Loaded: (pkcs11) pkcs11 engine
>>           [ available ]
>>           SO_PATH: Specifies the path to the 'pkcs11' engine shared 
>> library
>>                (input flags): STRING
>>           MODULE_PATH: Specifies the path to the PKCS#11 module 
>> shared library
>>                (input flags): STRING
>>           PIN: Specifies the pin code
>>                (input flags): STRING
>>           VERBOSE: Print additional details
>>                (input flags): NO_INPUT
>>           QUIET: Remove additional details
>>                (input flags): NO_INPUT
>>     *LOAD_CERT_CTRL: Get the certificate from card**
>>     **          (input flags): [Internal]*
>>           INIT_ARGS: Specifies additional initialization arguments to 
>> the PKCS#11 module
>>                (input flags): STRING
>>           SET_USER_INTERFACE: Set the global user interface (internal)
>>                (input flags): [Internal]
>>           SET_CALLBACK_DATA: Set the global user interface extra data 
>> (internal)
>>                (input flags): [Internal]
>>           FORCE_LOGIN: Force login to the PKCS#11 module
>>                (input flags): NO_INPUT
>>     OpenSSL>
>>
>>
>>
>>
>>
>> Thanks,
>> George
>> *
>> *
>>
>>
>> _______________________________________________
>> Opensc-devel mailing list
>> Ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>
>

Re: [Opensc-devel] exceptions occur when I use LOAD_CERT_CTRL

OpenSC - tools and libraries for smart cards

Re: [Opensc-devel] exceptions occur when I use LOAD_CERT_CTRL