[xmlsec] pkcs11 with OpenSSL

Aleksey Sanin aleksey at aleksey.com
Sun Oct 19 16:32:18 PDT 2008


Hi Ricardo,

A modified version of the patch you refer to was checked
in 3 years ago :) I believe it solves the problem with
using pkcs11 engines with xmlsec. You should probably
get a debugger and try to see for yourself why you get
this error.

Aleksey

Ricardo Garcia Reis wrote:
> Hi,
> 
> I use xmlsec with OpenSSL in my application, but now I need support for 
> pkcs11.
> 
> Noting the sources realized that there is no support for pkcs11 using 
> OpenSSL.
> 
> Was there any solution to the Mailing list topic: "Proposed patch to 
> allow OpenSSL / ENGINE operations" ?
> 
> I tried to change the sign3.c example, but as expected the error occurred
> xmlSecDSigCtxSign function:
> 
> 
> xmlSecKeyPtr my_load_key(const char *filename, msint format, const char 
> *pwd, void* pwdCallback, ENGINE *e = NULL);
> 
> .....
>   /* load private key, assuming that there is not password */
>   dsigCtx->signKey = my_load_key( key_file.Str(), 
>     xmlSecKeyDataFormatUnknown,  //Oops, only test
>     NULL, 
>     xmlSecCryptoAppGetDefaultPwdCallback(),
>     setup_engine("pkcs11", 0));
>   if(dsigCtx->signKey == NULL)
>   {
>     fprintf(stderr,"Error: failed to load private key ENGINE 
> from \"%s\"\n", cert_file.Str());
>     goto done;
>   }
> ...
> 
> xmlSecKeyPtr my_load_key(const char *filename, msint format, const char 
> *pwd, void* pwdCallback, ENGINE *e)
> {
>   xmlSecKeyPtr key = NULL;
>   xmlSecKeyDataPtr data;
>   EVP_PKEY* pKey = NULL;
>   BIO* bio;
>   int ret;
> 
>   switch(format) 
>   {
>     case xmlSecKeyDataFormatPem:
>       {
>        ....
>       }
>       break;
>     case xmlSecKeyDataFormatUnknown: //Oops, only test
>       {
>         if (!e)
>           msprintf("no engine specified\n");
>         else
>           pKey = ENGINE_load_private_key(e, filename, NULL, NULL);
>       }
>       break;
>   }        
> 
>   data = xmlSecOpenSSLEvpKeyAdopt(pKey);
>   if(data == NULL) {
>     EVP_PKEY_free(pKey);
>     return(NULL);    
>   }    
> 
>   key = xmlSecKeyCreate();
>   if(key == NULL) {
>     xmlSecKeyDataDestroy(data);
>     return(NULL);
>   }
> 
>   ret = xmlSecKeySetValue(key, data);
>   if(ret < 0) {
>     xmlSecKeyDestroy(key);
>     xmlSecKeyDataDestroy(data);
>     return(NULL);
>   }
>   return(key);
> }
> 
> Erro:
> 
> func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:
> subj=unknown:error=45:key is not found:
> func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=unknow
> n:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function 
> failed:
> func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSecDSi
> gCtxSigantureProcessNode:error=1:xmlsec library function failed:
> 
> 
> Any solution to support pkcs11 with OpenSSL?
> 
> 
> Thanks in Advanced.
> 
> Ricardo
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec



More information about the xmlsec mailing list