So here we go ... the PCKS#11 logger shows the following
331569088[1bd1610]: C_DigestUpdate
331569088[1bd1610]: hSession = 0x88
331569088[1bd1610]: pPart = 0x6e580a4
331569088[1bd1610]: ulPartLen = 70
331569088[1bd1610]: rv = CKR_OK
331569088[1bd1610]: C_GetMechanismInfo
331569088[1bd1610]: slotID = 0x1
331569088[1bd1610]: type = 0x132
331569088[1bd1610]: pInfo = 0x7fffcd592e70
331569088[1bd1610]: rv = CKR_OK
331569088[1bd1610]: C_UnwrapKey
331569088[1bd1610]: hSession = 0x6
331569088[1bd1610]: pMechanism = 0x7fffcd592ea0
331569088[1bd1610]: hUnwrappingKey = 0x8
331569088[1bd1610]: pWrappedKey = 0x36ac9bc
331569088[1bd1610]: ulWrappedKeyLen = 48
331569088[1bd1610]: pTemplate = 0x7fffcd592cf0
331569088[1bd1610]: ulAttributeCount = 6
331569088[1bd1610]: phKey = 0x36bfd58
331569088[1bd1610]: CKA_SIGN = CK_TRUE [1]
331569088[1bd1610]: CKA_VERIFY = CK_TRUE [1]
331569088[1bd1610]: CKA_CLASS = CKO_SECRET_KEY [8]
331569088[1bd1610]: CKA_KEY_TYPE = 0x10 [8]
331569088[1bd1610]: CKA_DERIVE = CK_TRUE [1]
331569088[1bd1610]: CKA_VALUE_LEN = 3000000000000000 [8]
331569088[1bd1610]: mechanism = CKM_DES3_ECB
331569088[1bd1610]: *phKey = 0x54
331569088[1bd1610]: rv = CKR_OK
331569088[1bd1610]: C_DeriveKey
331569088[1bd1610]: slotID = 0x1
331569088[1bd1610]: flags = 0x4
331569088[1bd1610]: pApplication = 0331569088331569088[1bd1610]:
Notify = 0x13231f333331569088[1bd1610]: phSession =
0x7fffc331569088[1bd1610]: phKey = 0x36c1618
331569088[1bd1610]: CKA_CLASS = CKO_SECRET_KEY [8]
331569088[1bd1610]: CKA_KEY_TYPE = 0x12 [8]
331569088[1bd1610]: *phSession = 0x132317f8
331569088[1bd1610]: rv = CKR_DEVICE_ERROR
331569088[1bd1610]: mechanism = CKM_TLS_KEY_AND_MAC_DERIVE
331569088[1bd1610]: C_DigestInit
331569088[1bd1610]: hSession = 0x1
331569088[1bd1610]: pMechanism = 0x7fffcd593290
331569088[1bd1610]: mechanism = CKM_MD5
331569088[1bd1610]: rv = CKR_DEVICE_ERROR
331569088[1bd1610]: C_OpenSession
331569088[1bd1610]: slotID = 0x1
331569088[1bd1610]: flags = 0x4
331569088[1bd1610]: pApplication = 0x4bdff70
331569088[1bd1610]: Notify = 0x13231f30
331569088[1bd1610]: phSession = 0x7fffcd593228
331569088[1bd1610]: *phSession = 0x132317f8
331569088[1bd1610]: rv = CKR_DEVICE_ERROR
Could someone please help me understand the trace?
I've also gathered an SSLTRACE log if needed.
TIA,
Bernhard
On 01/11/2011 09:59 PM, Robert Relyea wrote:
On 01/11/2011 12:51 PM, Bernhard Thalmayr wrote:
Hi Wan-Teh,
thanks for your reply.
Will it be helpfull to use the 'PKCS #11 Module Logger' before
starting with 'printfs'?
I tried that and get at least some output in the specified log.
-Bernhard
yes, that will tell you which PKCS #11 call returned a CKR_DEVICE_ERROR.
bob
On 01/11/2011 08:28 PM, Wan-Teh Chang wrote:
Hi Bernhard,
The best way to debug this is to find out where NSS's internal PKCS
#11 module sets the error code CKR_DEVICE_ERROR. Unfortunately there
are a lot of possible places (all the files in the
mozilla/security/nss/lib/softoken directory):
http://mxr.mozilla.org/security/ident?i=CKR_DEVICE_ERROR
The best way to track this down is to run your Apache httpd in a
debugger with debug symbols for NSS, or run your Apache httpd with NSS
shared libraries that you build from source code and insert printf
statements.
Wan-Teh
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
