Closed kshitizvars closed 1 week ago
Hi @simo5
Are you planning to merge this commit https://github.com/simo5/pkcs11-provider/commit/75cc2c3c622e09ce03c86cd4f55a6257bbdcd47f to main branch?
@kshitizvars I guess I should eventually, I had forgotten I written that code ... If I have not opened a PR it must mean that code was not ready yet.
Hi @simo5
FYI, I have tested https://github.com/simo5/pkcs11-provider/commit/75cc2c3c622e09ce03c86cd4f55a6257bbdcd47f patch after running TLS1.2 & TLS1.3. Initially, I was getting the issue mentioned in the discussion (DeriveKey: Host out of memory) but after applying https://github.com/simo5/pkcs11-provider/pull/2, no more issues and TLS1.2 & TLS1.3 connections are working fine with ECDH curve as secp256r1.
Hi @simo5
We are able to run ECDH key exchange operations on tls1.2, but facing some issues in tls1.3.
On further debugging, it is because of wrong client public key point (EC_POINT) and its length:-
TLS1.3 logs
TLS1.2 logs
Do you have any comments? Debug logs:- debug_tls1_2.log debug_tls1_3.log
A clear and concise description of what the bug is.
To Reproduce Steps to reproduce the behavior:
List of providers to load
[provider_sect] default = default_sect pkcs11 = pkcs11_sect
[default_sect] activate = 1 [pkcs11_sect] module = /usr/lib/ossl-modules/pkcs11.so pkcs11-module-path = /usr/lib/libckteec.so.0 pkcs11-module-cache-keys = false pkcs11-module-quirks = no-operation-state pkcs11-module-block-operations = digest activate = 1
[algorithm_sect] default_properties = ?provider=pkcs11