tags:

views:

73

answers:

2
Q: 

Proper way to cleanup dynamic engines and can they be loaded twice?

Hello -

I am having problems loading Engine PKCS #11 as a dynamic engine using python and M2Crypto. I am trying to access an Aladdin USB eToken.

Here are the important steps from my python code:

dynamic = Engine.load_dynamic_engine("pkcs11", "/usr/local/ssl/lib/engines/engine_pkcs11.so")
pkcs11 = Engine.Engine("pkcs11")
pkcs11.ctrl_cmd_string("MODULE_PATH", "/usr/lib/libeTPkcs11.so")
pkcs11.engine_init_custom()  # initialize engine with custom M2Crypto patch
# next few steps which I deleted pass password and grab key & cert off token    
Engine.cleanup()

This works fine the first time this method gets run. The second time, it fails when loading the dynamic engine (see error below).

Traceback (most recent call last): File "", line 1, in ? File "/usr/local/lib/python2.4/site-packages/M2Crypto/Engine.py", line 98, in load_dynamic_engine e.ctrl_cmd_string("LOAD", None) File "/usr/local/lib/python2.4/site-packages/M2Crypto/Engine.py", line 38, in ctrl_cmd_string raise EngineError(Err.get_error()) M2Crypto.Engine.EngineError: 4002:error:260B606D:engine routines:DYNAMIC_LOAD:init failed:eng_dyn.c:521:

Is it impossible to load engines twice in a python session? Am I missing some kind of engine cleanup/deletion? The OpenSSL docs talk about engine_finish() but I don't think M2Crypto offers that. Is there a method to tell if the engine is already loaded?

Thanks!

A: 

M2Crypto does have ENGINE_finish and ENGINE_free available in the svn trunk version. The Engine class has init, and finish methods, and when an instance gets deleted it will be free'd. Can you give that a try? If you see any issues there is still time to fix them for next release.

Heikki Toivonen  2010-03-24 04:30:04
I finally got around to trying the latest M2Crypto. I am using revision 723 from the repository. I am using the init and finish methods which are new in M2Crypto. The finish method throws a segmentation fault. (I'll post my code in a separate comment otherwise I'll run out of space)As soon as the pkcs11.finish() line is hit, my script crashes with a segmentation fault. The same thing was happening when I tried to patch M2Crypto myself and add a finish method.
Becky  2010-04-05 13:13:07
Becky  2010-04-05 13:13:36
Heikki - I am really stuck on this. I don't know how to troubleshoot the segmentation fault. Please let me know if you have any suggestions.
Becky  2010-04-06 15:55:31
A: 

My python code displayed nicer than it is in the comment section. The pkcs11.finish() method causes a segmentation fault in M2Crypto revision 723.

dynamic = Engine.load_dynamic_engine("pkcs11", "/usr/local/ssl/lib/engines/engine_pkcs11.so")
pkcs11 = Engine.Engine("pkcs11")
pkcs11.ctrl_cmd_string("MODULE_PATH", "/usr/lib/libeTPkcs11.so")
pkcs11.init()
# next few steps which I deleted pass password and grab key & cert off token
pkcs11.finish()                                   
Engine.cleanup()

Anyone have advice on whether I'm doing something wrong or if there is a problem with the M2Crypto code?

Becky  2010-04-06 18:05:40

related questions

How to generate SSH key pairs with Python
socket.setdefaulttimeout interacting with M2Crypto connection
M2Crypto SSL and compression method
How to digitally sign a message with M2Crypto using the keys within a DER format certificate
M2Crypto: Override Post Connection Check of HostName
How to verify ECDSA/SHA2 S-MIME signature with python ?
M2Crypto: API Question on Engine Class
Need help using M2Crypto.Engine to access USB Token
M2Crypto: AttributeError for load_dynamic_engine()
m2crypto custom certificate verification
What to put for a commonName when making an OpenSSL key?
Gen public key from xml data file using M2Crypto for signature verification.
What is the difference between M2Crypto's set_client_CA_list_from_file() and load_verify_info() and when would you use each?
Java to Python RSA
How to sign a document in python with M2Crypto using particular padding technique?
How to disable URL redirection in Python when using M2Crypto SSL?
How do you verify an RSA SHA1 signature in pyOpenSSL
java to python conversion: x509 / dsa / sha1withdsa crypto howto?
file accessing in load_pub_key
m2crypto throws "TypeError: in method 'x509_req_set_pubkey'"
How to use .pem file with Python M2Crypto
How can I create a RSA public key in PEM format from an RSA modulus?
M2Crypto Encrypt/Decrypt using AES256
Python M2Crypto EC Support
Python M2Crypto - generating a DSA key pair and separating public/private components