Re: [openssl-users] smartcard/ pkcs11 - 'bad decrypt' error after upgrade from 0.9.8 to 1.0.1
Hi, On 10/11/16 10:49, Pawel Suwinski wrote: Hello After openssl upgrade (new OS version, new machine) I get error decrypting SMIME messages using Alladin eToken SmardCard (pkcs11 engine). On old system (Debian 6.0 Squeeze-LTS)/ machine: #v+ [old]$ openssl version OpenSSL 0.9.8g 19 Oct 2007 (Library: OpenSSL 0.9.8o 01 Jun 2010) [old]$ openssl smime -decrypt -passin pass: -inform DER -in smime.p7m -engine pkcs11 -inkey id_e3c5 -keyform engine > /dev/null ; echo $? engine "pkcs11" set. 0 #v- Now on the new system (Debian 8.6 Jessie)/ machine I get: #v+ [new]$ openssl version OpenSSL 1.0.1t 3 May 2016 [new]$ openssl smime -decrypt -passin pass: -inform DER -in smime.p7m -engine pkcs11 -inkey id_e3c5 -keyform engine > /dev/null ; echo $? engine "pkcs11" set. Error decrypting PKCS#7 structure 3073701564:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:516: 4 #v- Of course smime.p7m file and smartcard are the same. Machines differs but smartcard reader on the new machine seams to work fine, for example I can access smartcard data: #v+ [new]$ pkcs11-dump dump /usr/lib/libeTPkcs11.so 0 | grep -1 CKA_ID: e3 c5 (...) #v- Config files are the same with additional pkcs11 engine section described in libengine-pkcs11-openssl package docs: #v+ # /etc/ssl/openssl.cnf (...) openssl_conf= openssl_def [openssl_def] engines = engine_section [engine_section] pkcs11 = pkcs11_section [pkcs11_section] engine_id = pkcs11 dynamic_path = /usr/lib/engines/engine_pkcs11.so MODULE_PATH = /usr/lib/libeTPkcs11.so init = 0 (...) #v- I will be grateful for any hints why it does not work? Maybe I missed something in config file? This has little to do with openssl itself, but I am familiar with such issues. I'm using the same token with the same driver on CentOS 6, 7 and Fedora 20/22 without and issues. Your problem could be caused by numerous incompatibilities: - which version of opensc is installed - which version of engine_pkcs11 and libp11 are installed - which *exact* version of the eTPkcs11 driver are you using? Keep in mind that for the latest OSes you will need the SafeNet client v9 HTH, JJK -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Failed to load libssl.so.1.1 while execuitng openssl comand
I tried to execute ./openssl s_server command in the latest Openssl Version 1.1.0c after doing Openssl compilation steps: ./config make make test make install and It's throwing this error below: ./openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory after debugging this issue I found this error is coming because libssl.so.1.1 is not present in /usr/lib64 directory. but by default it should search these library in /usr/local/lib64/ directory. Regards, Saurabh -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Facing issues with dynamic loading engine RSA methods using e_capi.so library in openssl-1.1.0b.
I tried to dynamically load e_capi.so engine example on openssl version 1.1.0b present in the openssl engine directory but not able to offload RSA methods. Commands Used: (i) ./openssl speed rsa -engine ../engines/capi.so Error: speed: Unknown algorithm -engine (ii) ./openssl s_server -engine ../engines/capi.so Error: invalid engine "../engines/capi.so" 139890999146240:error:25066067:DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:113:filename(/usr/local/lib64/engines-1.1/../engines/capi.so): /usr/local/lib64/engines-1.1/../engines/capi.so: cannot open shared object file: No such file or directory 139890999146240:error:25070067:DSO support routines:DSO_load:could not load the shared library:crypto/dso/dso_lib.c:161: 139890999146240:error:260B6084:engine routines:dynamic_load:dso not found:crypto/engine/eng_dyn.c:414: 139890999146240:error:2606A074:engine routines:ENGINE_by_id:no such engine:crypto/engine/eng_list.c:339:id=../engines/capi.so 139890999146240:error:260B606D:engine routines:dynamic_load:init failed:crypto/engine/eng_dyn.c:485: Using default temp DH parameters ACCEPT We are facing similar issue with RSA while implementing our custom engine, please let me know if any one have a solution for this. We were able to use the RSA implementation upto 1.02h version, the problem is seen 1.1.0 series. Regards, Saurabh -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
