Openssl Engine calling code (soft pkcs11) also written in openssl conflict

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Openssl Engine calling code (soft pkcs11) also written in openssl conflict

Christopher Nebergall
I've been working with some patches to curl I found on the curl mailing
list to support openssl and opensc's engine_pkcs11.  

Basically it consists of

Curl 7.14 + patch which adds dynamic engine support -> opensc-20050826
[engine_pkcs11.so] -> soft-pkcs11 1.2

on

Ubuntu Linux (5.04) Kernel 2.6.10-5-386

The problem is that engine_pkcs11 from opensc registers custom rsa
functions for its purposes.  They dlopen a pkcs11 library in my case
soft-pkcs11 which is also implemented using openssl.  The problem is
that the soft token seems to be calling the rsa functions registered by
opensc and not the original versions.  I need some advice or background
on overriding crypto implementations to figure out how to make
soft-pkcs11 not inherit the opensc's overridden functions. I would have
thought since soft-pkcs11 was dlopened that this wouldn't have inherited
the modified functions.  

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Openssl Engine calling code (soft pkcs11) also written in openssl conflict

Nils Larsch
Christopher Nebergall wrote:

> I've been working with some patches to curl I found on the curl mailing
> list to support openssl and opensc's engine_pkcs11.  
>
> Basically it consists of
>
> Curl 7.14 + patch which adds dynamic engine support -> opensc-20050826
> [engine_pkcs11.so] -> soft-pkcs11 1.2
>
> on
>
> Ubuntu Linux (5.04) Kernel 2.6.10-5-386

actually the openssl version would be more interesting

>
> The problem is that engine_pkcs11 from opensc registers custom rsa
> functions for its purposes.  They dlopen a pkcs11 library in my case
> soft-pkcs11 which is also implemented using openssl.  The problem is
> that the soft token seems to be calling the rsa functions registered by
> opensc and not the original versions.  I need some advice or background
> on overriding crypto implementations to figure out how to make
> soft-pkcs11 not inherit the opensc's overridden functions.

you could use RSA_set_method with RSA_PKCS1_SSLeay for example

> I would have
> thought since soft-pkcs11 was dlopened that this wouldn't have inherited
> the modified functions.  

the default engine is a global parameter

Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Openssl Engine calling code (soft pkcs11) also written in openssl conflict

Christopher Nebergall
 >you could use RSA_set_method with RSA_PKCS1_SSLeay for example

That was all I needed. I've got it working now.

Thanks,
Christopher
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]