CRYPTOKI_* is the series of functions which are defined in PKCS#11 to be able to access a hardware device which provides an API that matches the specification. CRYPTOKI_checkerr() is the function which gets the return code (if an error has been encountered by a CRYPTOKI call, akin to SSL_get_error() if the SSL connection has encountered an error) of any prior PKCS#11 call into the API.
It looks as though libtbpkcs11.so isn't thread-safe. -Kyle H On Tue, Jun 23, 2009 at 9:53 AM, Bram Cymet<bcy...@cbnco.com> wrote: > Hi, > > I am trying to work with the pkcs11_engine from the opensc project and a > vendor supplied module and I am running into some problems. > > This worked just fine on my SLES 10 SP2 server with an older version of > openssl but when I try to get it to work on my SLES 11 server with > openssl 0.9.8h it does not work. > > Here is what happens: > > OpenSSL> engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so > -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre > MODULE_PATH:/root/.tblive/libtbpkcs11.so > (dynamic) Dynamic engine loading support > [Success]: SO_PATH:/usr/lib/engines/engine_pkcs11.so > [Success]: ID:pkcs11 > [Success]: LIST_ADD:1 > [Success]: LOAD > [Success]: MODULE_PATH:/root/.tblive/libtbpkcs11.so > Loaded: (pkcs11) pkcs11 engine > OpenSSL> req -engine pkcs11 -new -key slot_0-label_TB_AUTH_KEY > -keyform engine -out req.pem -text -x509 -subj "/CN=TrustBearer" > unable to load module /root/.tblive/libtbpkcs11.so > Segmentation fault > > or sometimes I get: > __pthread_mutex_lock: Assertion `robust || (oldval & 0x40000000) == 0 > failed > instead of the segfault. > > I have traced the point where the load module fails to the call: > CRYPTOKI_checkerr(PKCS11_F_PKCS11_CTX_LOAD, rv); > in libp11 file src/p11_load.c > > I am not exactly sure what this call is checking but it looks like if rv > is not 0 then it waill always fail. > > Any idea what could be going on? > > Thanks, > > Bram Cymet > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
