|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: openssl-pkcs11 segfault creating RSA (WAS RE: [Muscle] eToken devel.)
From: Vladimir Beker (Vladimir.Beker
ealaddin.com)
Date: Tue Jan 11 2005 - 01:50:46 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Well, at this point only guys from opensc may help to you. If you format token with Windows utility from Aladdin, format it as "empty", so that it will not create Aladdin-specific data on token - since you work with opensc you don't need them anyway.
Vladimir
> -----Original Message-----
> From: muscle-bounceslists.musclecard.com [mailto:muscle-
> bounceslists.musclecard.com] On Behalf Of Rodrigo Henriquez M -
> Corporacion Linux S.A.
> Sent: Monday, January 10, 2005 1:29 PM
> To: MUSCLE
> Subject: openssl-pkcs11 segfault creating RSA (WAS RE: [Muscle] eToken
> devel.)
>
> El dom, 09-01-2005 a las 10:00 +0200, Vladimir Beker escribió:
> > It depends on what exactly you need to do. Since eToken
> > Pro is actually smartcard (like most of USB tokens in the
> > world, I guess) there is no such thing to get the whole
> > information from it: it is impossible to get keys from the
> > card.
> > I guess that you have eToken Pro prepared to work with some
> > software and want to get access to relevant objects.
> > If you have eToken prepared with some PKCS#11-library - use
> > the same library to get objects. If it is spoken about opensc
> > - I guess it is PKCS#15 compliant, so you may try to parse it
> > by yourself. If it is prepared with PKCS#11 module provided by
> > Aladdin itself - it uses proprietary format.
>
> Vladimir.
>
> Thanks for your reply.
>
> Following your advices and the David and Andreas advices, I formatted
> the eToken with the eToken utilitary for Windows and finally installed
> opensc and openct programs with no troubles.
>
> Following the opensc's QUICKSTART , I've executed successfully the
> commands:
>
> # pkcs15-init --create-pkcs15
> # pkcs15-init --store-pin --auth-id 01 --label "Rodrigo Henriquez"
> # pkcs15-init --generate-key rsa/1024 --auth-id 01
>
> No troubles at this point. The problem begins, when I tried to create
> the RSA key:
>
>
> OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/opensc/engine_pkcs11.so -
> pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD
> (dynamic) Dynamic engine loading support
> [Success]: SO_PATH:/usr/lib/opensc/engine_pkcs11.so
> [Success]: ID:pkcs11
> [Success]: LIST_ADD:1
> [Success]: LOAD
> Loaded: (pkcs11) pkcs11 engine
> OpenSSL> req -engine pkcs11 -new -key id_45 -keyform engine -out req.pem
> -text -x509
> Debug: connect() failed: No such file or directory
> Debug: connect() failed: No such file or directory
> Debug: connect() failed: No such file or directory
> Debug: connect() failed: No such file or directory
> engine "pkcs11" set.
> Debug: connect() failed: No such file or directory
> Debug: connect() failed: No such file or directory
> Debug: connect() failed: No such file or directory
> Debug: connect() failed: No such file or directory
> Debug: connect() failed: No such file or directory
> SmartCard PIN:
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a
> DN.
> There are quite a few fields but you can leave some blank
> For some fields there will be a default value,
> If you enter '.', the field will be left blank.
> -----
> Country Name (2 letter code) [GB]:CL
> State or Province Name (full name) [Berkshire]:Santiago
> Locality Name (eg, city) [Newbury]:Santiago
> Organization Name (eg, company) [My Company Ltd]:Corp. Linux S.A.
> Organizational Unit Name (eg, section) []:
> Common Name (eg, your name or your server's hostname) []:
> Email Address []:rcorporacionlinux.cl
> Segmentation fault
> ^^^^^^^^^^^^^^^^^^
>
>
> I did a "strace openssl" and executed the same commands, but I didn't
> find nothing relevant:
>
>
> write(2, "You are about to be asked to ent"..., 73You are about to be
> asked to enter information that will be incorporated
> ) = 73
> write(2, "into your certificate request.\n", 31into your certificate
> request.
> ) = 31
> write(2, "What you are about to enter is w"..., 76What you are about to
> enter is what is called a Distinguished Name or a DN.
> ) = 76
> write(2, "There are quite a few fields but"..., 58There are quite a few
> fields but you can leave some blank
> ) = 58
> write(2, "For some fields there will be a "..., 47For some fields there
> will be a default value,
> ) = 47
> write(2, "If you enter \'.\', the field will"..., 48If you enter '.',
> the field will be left blank.
> ) = 48
> write(2, "-----\n", 6-----
> ) = 6
> write(2, "Country Name (2 letter code) [GB"..., 34Country Name (2 letter
> code) [GB]:) = 34
> read(0, CL
> "CL\n", 1024) = 3
> write(2, "State or Province Name (full nam"..., 47State or Province Name
> (full name) [Berkshire]:) = 47
> read(0, Santiago
> "Santiago\n", 1024) = 9
> write(2, "Locality Name (eg, city) [Newbur"..., 35Locality Name (eg,
> city) [Newbury]:) = 35
> read(0, Santiago
> "Santiago\n", 1024) = 9
> write(2, "Organization Name (eg, company) "..., 49Organization Name (eg,
> company) [My Company Ltd]:) = 49
> read(0, Corp. Linux S.A.
> "Corp. Linux S.A.\n", 1024) = 17
> write(2, "Organizational Unit Name (eg, se"..., 42Organizational Unit
> Name (eg, section) []:) = 42
> read(0, Ingenieria
> "Ingenieria\n", 1024) = 11
> write(2, "Common Name (eg, your name or yo"..., 57Common Name (eg, your
> name or your server's hostname) []:) = 57
> read(0, corporacionlinux.cl
> "corporacionlinux.cl\n", 1024) = 20
> write(2, "Email Address []:", 17Email Address []:) = 17
> read(0, rcorporacionlinux.cl
> "rcorporacionlinux.cl\n", 1024) = 22
> time([1105294788]) = 1105294788
> open("/etc/localtime", O_RDONLY) = 4
> fstat64(4, {st_mode=S_IFREG|0644, st_size=890, ...}) = 0
> fstat64(4, {st_mode=S_IFREG|0644, st_size=890, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xf6f56000
> read(4, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0"...,
> 4096) = 890
> close(4) = 0
> munmap(0xf6f56000, 4096) = 0
> time([1105294788]) = 1105294788
> --- SIGSEGV (Segmentation fault) 0 (0) ---
> +++ killed by SIGSEGV (core dumped) +++
>
>
> After that, I executed a gdb to see what happening but it just says
> this:
>
> [roottakako rhenriqu]# gdb -c core.11531
> GNU gdb Red Hat Linux (6.1post-1.20040607.43rh)
> This GDB was configured as "i386-redhat-linux-gnu".
> Core was generated by `openssl'.
> Program terminated with signal 11, Segmentation fault.
> #0 0x419ff569 in ?? ()
>
>
> I was googlizing but I didn't find anything useful or relevant.
>
> FYI I'm using FC3, openct-0.6.2, opensc-0.9.4 and openssl-0.9.7a-40.
>
> opensc and openct were compiled on this way:
>
> openct:
>
> # ./configure --prefix=/usr --sysconfdir=/etc
> OpenCT has been configured with the following options
>
> User binaries: ${exec_prefix}/bin
> Configuration files: /etc
>
> Host: i686-pc-linux-gnu
> Compiler: gcc
> Compiler flags: -Wall -g -O2
> Preprocessor flags: -I${top_builddir}/src/include -I
> ${top_srcdir}/src/include
> Linker flags:
> Libraries: -lpthread
>
> PC/SC support: no
> Libusb used: yes
>
>
> After do all the steps, I have:
>
> [roottakako openct-20050108]# ps -fea | grep ifd
> root 5538 1 0 11:03 ? 00:00:00 /usr/sbin/ifdhandler -H
> etoken /proc/bus/usb/003/005
>
>
> [roottakako openct-20050108]# openct-control status
> No. Name Info
> ===================================================
> 0 Aladdin eToken PRO slot0: card present
>
>
> [roottakako ~]# openct-tool -r 0 atr
> Detected Aladdin eToken PRO
> Card present, status changed
> ATR: 3b e2 00 ff c1 10 31 fe 55 c8 02 9c
>
>
> opensc:
>
> [roottakako opensc]# ./configure --prefix=/usr --
> sysconfdir=/etc
>
> OpenSC has been configured with the following options
>
> User binaries: /usr/bin
> Configuration files: /etc
>
> Host: i686-pc-linux-gnu
> Compiler: gcc
> Compiler flags: -Wall -fno-strict-aliasing -g -O2
> Preprocessor flags: -I${top_builddir}/src/include
> Linker flags:
> Libraries: -lpthread
>
> Random number collection: device (/dev/urandom)
> OpenSSL support: yes
> with engine: yes
> with sslhack: yes
> PC/SC support: no
> OpenCT support: yes
> Assuan support: no
> LDAP support: yes
> PAM support: yes
>
>
> [roottakako ~]# opensc-tool --list-readers
> Readers known about:
> Nr. Driver Name
> 0 openct Aladdin eToken PRO
> 1 openct OpenCT reader (detached)
> 2 openct OpenCT reader (detached)
> 3 openct OpenCT reader (detached)
> 4 openct OpenCT reader (detached)
>
>
> My card is:
>
> [roottakako tests]# cardos-info
> Info : CardOS/M4.0 (C) Siemens AG 1994-1999 (Feb 15 2000)
> Chip type: 20
> Serial number: 13 bb 97 0f 1e 08
> Full prom dump:
> 33 FF EB 31 FF FF FF FF 14 65 13 BB 97 0F 1E 08 3..1.....e......
> 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
> OS Version: 200.2 (that's CardOS M4.0)
> Current life cycle: 32 (administration)
> Security Status of current DF:
> Free memory : 1024
> ATR Status: 0x0 ROM-ATR
> Packages installed:
> 01 04 01 01 C8 02 01 04 08 01 C8 02 01 04 03 01 ................
> C8 02 01 04 0B 01 C8 02 01 04 07 03 C8 02 ..............
> Ram size: 1024, Eeprom size: 16384, cpu type: 66, chip config: 61
> Free eeprom memory: 5635
> System keys: PackageLoadKey (version 1, retries 10)
> System keys: StartKey (version 1, retries 10)
> Path to current DF:
>
>
> Any clues?
>
> Thank you so much for your time and patience.
>
> Regards.
>
> --
> Rodrigo Henriquez M. http://www.corporacionlinux.cl
> Corporacion Linux S.A. Fonos: 02 2442988 - 02 2444250
>
> _______________________________________________
> Muscle mailing list
> Musclelists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
**************************************************************************************************
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or the
sender immediately and do not disclose the contents to anyone or make copies.
** eSafe scanned this email for viruses, vandals and malicious content **
**************************************************************************************************
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]