[xmlsec] pkcs11 with OpenSSL

Ricardo Garcia Reis ricardo.greis at gmail.com
Thu Oct 16 11:19:57 PDT 2008 

Hi,
I use xmlsec with OpenSSL in my application, but now I need support for
pkcs11.

Noting the sources realized that there is no support for pkcs11 using
OpenSSL.

Was there any solution to the Mailing list topic: "Proposed patch to allow
OpenSSL / ENGINE operations" ?

I tried to change the sign3.c example, but as expected the error occurred
xmlSecDSigCtxSign function:


xmlSecKeyPtr my_load_key(const char *filename, msint format, const char
*pwd, void* pwdCallback, ENGINE *e = NULL);

.....
  /* load private key, assuming that there is not password */
  dsigCtx->signKey = my_load_key( key_file.Str(),
    xmlSecKeyDataFormatUnknown,  //Oops, only test
    NULL,
    xmlSecCryptoAppGetDefaultPwdCallback(),
    setup_engine("pkcs11", 0));
  if(dsigCtx->signKey == NULL)
  {
    fprintf(stderr,"Error: failed to load private key ENGINE from \"%s\"\n",
cert_file.Str());
    goto done;
  }
...

xmlSecKeyPtr my_load_key(const char *filename, msint format, const char
*pwd, void* pwdCallback, ENGINE *e)
{
  xmlSecKeyPtr key = NULL;
  xmlSecKeyDataPtr data;
  EVP_PKEY* pKey = NULL;
  BIO* bio;
  int ret;

  switch(format)
  {
    case xmlSecKeyDataFormatPem:
      {
       ....
      }
      break;
    case xmlSecKeyDataFormatUnknown: //Oops, only test
      {
        if (!e)
          msprintf("no engine specified\n");
        else
          pKey = ENGINE_load_private_key(e, filename, NULL, NULL);
      }
      break;
  }

  data = xmlSecOpenSSLEvpKeyAdopt(pKey);
  if(data == NULL) {
    EVP_PKEY_free(pKey);
    return(NULL);
  }

  key = xmlSecKeyCreate();
  if(key == NULL) {
    xmlSecKeyDataDestroy(data);
    return(NULL);
  }

  ret = xmlSecKeySetValue(key, data);
  if(ret < 0) {
    xmlSecKeyDestroy(key);
    xmlSecKeyDataDestroy(data);
    return(NULL);
  }
  return(key);
}

Erro:

func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:
subj=unknown:error=45:key is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=unknow
n:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function
failed:
func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSecDSi
gCtxSigantureProcessNode:error=1:xmlsec library function failed:


Any solution to support pkcs11 with OpenSSL?


Thanks in Advanced.

Ricardo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20081016/4bb9378e/attachment-0002.htm

More information about the xmlsec mailing list