Could not load pkcs11 Engine

[opensrc-cloud]

Compiled 1.15.0 from source on Mint 19.3 / Ubuntu Bionic without issue. Created /etc/openfortivpn/config containing:
user-cert = pkcs11:
and the usual host and port.

When running openfortivpn, it exits with:
ERROR: Could not load pkcs11 Engine: error:2606A074:engine routines:ENGINE_by_id:no such engine

Other values after pkcs11: were tried, but the issue seems to be lack of pkcs11 support or isn't including a critical library such as opensc-pkcs11.so.
I'm successfully using the smartcard on the same machine with OpenSSH, OpenConnect, Firefox, and p11tool though.

[DimitriPapadopoulos]

Does this happen on Mint only or Ubuntu too? The error message points to a misconfiguration of OpenSSL as far as I can see, but then openfortivpn works just fine on Ubuntu Bionic for me.

[mrbaseman]

I think in #464 (comment) @rmuehl has mentioned this behavior, but I think he was referring to Mac OSX where he said that he had no idea yet

[opensrc-cloud]

I tried again on a vanilla install of Ubuntu 18.04; same behavior as on Mint 19.3.

root@ubuntu:~# apt install pcscd pcsc-tools opensc gnutls-bin gcc automake autoconf libssl-dev make pkg-config git

root@ubuntu:~# p11tool --list-tokens
Token 0:
	URL: pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=System%20Trust
	Label: System Trust
	Type: Trust module
	Manufacturer: PKCS#11 Kit
	Model: p11-kit-trust
	Serial: 1
	Module: p11-kit-trust.so

Token 1:
	URL: pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=39cc390d7ee;token=PIV%20Card%20Holder%20pin%20%28PIV_II%29
	Label: PIV Card Holder pin (PIV_II)
	Type: Hardware token
	Manufacturer: piv_II
	Model: PKCS#15 emulated
	Serial: 39cc390d7ee
	Module: opensc-pkcs11.so

root@ubuntu:~# ./configure --prefix=/opt/openfortivpn --sysconfdir=/etc
root@ubuntu:~# make
root@ubuntu:~# make install

root@ubuntu:~# /opt/openfortivpn/bin/openfortivpn -v --user-cert=pkcs11:
DEBUG:  openfortivpn 1.15.0
DEBUG:  revision v1.15.0+git2.gc3ae8b9
DEBUG:  Loaded config file "/etc/openfortivpn/config".
DEBUG:  Config host = "vpn.x.com"
DEBUG:  Config realm = "staff"
DEBUG:  Config port = "443"
DEBUG:  Resolving gateway host ip
DEBUG:  Establishing ssl connection
DEBUG:  server_addr: x.x.5.99
DEBUG:  server_port: 443
DEBUG:  gateway_addr: x.x.5.99
DEBUG:  gateway_port: 443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Setting minimum protocol version to: 0x303.
ERROR:  Could not load pkcs11 Engine: error:2606A074:engine routines:ENGINE_by_id:no such engine
INFO:   Closed connection to gateway.
DEBUG:  server_addr: x.x.5.99
DEBUG:  server_port: 443
DEBUG:  gateway_addr: x.x.5.99
DEBUG:  gateway_port: 443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Setting minimum protocol version to: 0x303.
ERROR:  Could not load pkcs11 Engine: error:2606A074:engine routines:ENGINE_by_id:no such engine
INFO:   Could not log out.

[DimitriPapadopoulos]

I really can't help much here. I do not use openfortivpn with a smartcard, which is probably why it "works just fine on Ubuntu Bionic for me".

[DimitriPapadopoulos]

This sample code compiles but fails on Ubuntu 20.04 LTS:

#include <openssl/engine.h>
#include <openssl/err.h>
#include <stdio.h>

int main() {
	ENGINE *e;

	ENGINE_load_builtin_engines();
	e = ENGINE_by_id("pkcs11");
	if (!e) {
		fprintf(stderr,
		        "Could not load pkcs11 Engine: %s\n",
		        ERR_error_string(ERR_peek_last_error(), NULL));
	}
}

The error message is identical:

Could not load pkcs11 Engine: error:2606A074:engine routines:ENGINE_by_id:no such engine

If we can get it to work, perhaps we can get openfortivpn to work too....

[DimitriPapadopoulos]

Perhaps openssl does not load engine from config file can help. You probably need to get this to work:

$ openssl engine pkcs11 -t
140624419796288:error:25066067:DSO support routines:dlfcn_load:could not load the shared library:../crypto/dso/dso_dlfcn.c:118:filename(/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so): /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so: cannot open shared object file: No such file or directory
140624419796288:error:25070067:DSO support routines:DSO_load:could not load the shared library:../crypto/dso/dso_lib.c:162:
140624419796288:error:260B6084:engine routines:dynamic_load:dso not found:../crypto/engine/eng_dyn.c:414:
140624419796288:error:2606A074:engine routines:ENGINE_by_id:no such engine:../crypto/engine/eng_list.c:334:id=pkcs11
$ 

[opensrc-cloud]

Thanks Dimitri. Don't need the openssl config file; just the libengine-pkcs11-openssl package turned out to be missing. It now prompts for PIN and fails on SSL even though "openssl s_client -connect" negotiates successfully using TLS1.3.

laptop:~# /opt/fortivpn/bin/openfortivpn --min-tls=1.3
Enter PKCS#11 token PIN for PIV Card Holder pin (PIV_II):
ERROR: SSL_connect: error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib
You might want to try --insecure-ssl or specify a different --cipher-list
INFO: Closed connection to gateway.
ERROR: SSL_connect: error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib
You might want to try --insecure-ssl or specify a different --cipher-list

I suppose another issue.

[DimitriPapadopoulos]

Ah, good to learn package libengine-pkcs11-openssl needs to be installed on Ubuntu. I'd like to add it to README but packages depend on the Linux distribution.

Otherwise, the above looks like a different issue. Perhaps the RSA certificates on the smartcard are considered obsolete/unsecure by Ubuntu 20.04 and higher. See for example #682 (comment). Try --seclevel-1.

[opensrc-cloud]

Thanks for your help and dedication.

Yes, may help if the package name was in the README, just like the relevant packages were mentioned for compiling. The man page makes reference to an engine but I didn't connect that in Ubuntu it's referenced more like a library package or what library was needed.

I'm on Mint 19, which uses packages from Ubuntu 18.04. I can't tell from the output if this is an issue with negotiating TLS (would seem unlikely) or that the server is rejecting the PIV certificate.

laptop:~# nmap --script ssl-enum-ciphers -p 443 vpn.x.com

Starting Nmap 7.60 ( https://nmap.org ) at 2020-12-11 15:38 EST
Nmap scan report for vpn.x.com (x.x.5.99)
Host is up (0.049s latency).

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp384r1) - A
|       TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CCM_8 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CCM (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (secp384r1) - A
|       TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp384r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (secp384r1) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp384r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CCM_8 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CCM (rsa 2048) - A
|       TLS_RSA_WITH_ARIA_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp384r1) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CCM_8 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CCM (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (secp384r1) - A
|       TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp384r1) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (secp384r1) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp384r1) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CCM_8 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CCM (rsa 2048) - A
|       TLS_RSA_WITH_ARIA_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 76.09 seconds

The server TLS certificate has a signature algorithm of SHA-256. The certificate on the PIV is also SHA-256. I've tried with and without defining ciphers to use when connecting:

laptop:~# /opt/fortivpn/bin/openfortivpn -vvv  vpn.x.com:443 --realm=staff --user-cert='pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=39cc390d7ee;token=PIV%20Card%20Holder%20pin%20%28PIV_II%29;id=%03;object=Certificate%20for%20Key%20Management' --min-tls=1.2 --cipher-list=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
DEBUG:  ATTENTION: the output contains sensitive information such as the THE CLEAR TEXT PASSWORD.
DEBUG:  openfortivpn 1.15.0
DEBUG:  revision v1.15.0+git2.gc3ae8b9
DEBUG:  Loaded config file "/etc/openfortivpn/config".
DEBUG:  Config host = "vpn.x.com"
DEBUG:  Config realm = "staff"
DEBUG:  Config port = "443"
DEBUG:  Resolving gateway host ip
DEBUG:  Establishing ssl connection
DEBUG:  server_addr: x.x.5.99
DEBUG:  server_port: 443
DEBUG:  gateway_addr: x.x.5.99
DEBUG:  gateway_port: 443
DEBUG:  Setting cipher list to: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
DEBUG:  Setting minimum protocol version to: 0x303.
Enter PKCS#11 token PIN for PIV Card Holder pin (PIV_II):
ERROR:  SSL_connect: error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib
You might want to try --insecure-ssl or specify a different --cipher-list
INFO:   Closed connection to gateway.
DEBUG:  server_addr: x.x.5.99
DEBUG:  server_port: 443
DEBUG:  gateway_addr: x.x.5.99
DEBUG:  gateway_port: 443
DEBUG:  Setting cipher list to: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
DEBUG:  Setting minimum protocol version to: 0x303.
ERROR:  SSL_connect: error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib
You might want to try --insecure-ssl or specify a different --cipher-list
INFO:   Could not log out.

Shouldn't the output print that the connection to the server is successfully established over TLS before prompting for the PIV PIN?

[DimitriPapadopoulos]

This 141F0006 error might be related to certificate padding:

• OpenVPN - OpenSSL: error:141F0006
• Certificate via MI with OpenSSL 1.1.1 errors with "Unknown Padding Type"
• Add support for OpenSSL TLS 1.3 when using management-external-key
• Issue with smartcard authentication for openvpn
• ...

But then you seem to be using TLS 1.2, not TLS 1.3. Hard to tell without having a smartcard to test myself.

[opensrc-cloud]

Alright, so I did try a live boot on Ubuntu 20.04, which has libpkcs11-helper1 1.26-1 in the repository.

Enter PKCS#11 token PIN for certificate:

Enter PKCS#11 key PIN for SIGN key:
DEBUG:  Gateway certificate validation succeeded.
INFO:   Connected to gateway.
ERROR:  Could not authenticate to gateway. Please check the password, client certificate, etc.
DEBUG:  No cookie given -7
INFO:   Closed connection to gateway.

I can authenticate in Firefox (which uses opensc-pkcs11.so), but am prompted for my PIN about 8 times in the process. Of course, connecting in a browser isn't a solution as it returns "The SSL-VPN portal has been enabled for tunnel mode use only. FortiClient is required to connect."

I was able to run "pkcs11-tool --read-object --id 02 --type cert | openssl x509 -inform der -text -noout" to verify that the correct certificate selected for openfortivpn is the same as the one used in the browser and is the authorized cert.

[DimitriPapadopoulos]

The error message is emitted by run_tunnel() in src/tunnel.c:
https://github.com/adrienverge/openfortivpn/blob/68ddf5c/src/tunnel.c#L1271-L1274

	ret = auth_log_in(&tunnel);
	if (ret != 1) {
		log_error("Could not authenticate to gateway. Please check the password, client certificate, etc.\n");
		log_debug("%s %d\n", err_http_str(ret), ret);

As you can see, the call to auth_log_in() in src/http.c returns an error. I suspect this specific piece of code is the one failing:
https://github.com/adrienverge/openfortivpn/blob/68ddf5c/src/http.c#L705-L709

		ret = get_value_from_response(res, "tokeninfo=", token, 128);
		if (ret != 1) {
			// No SVPNCOOKIE and no tokeninfo, return error.
			ret = ERR_HTTP_NO_COOKIE;

Could you perhaps build openfortivpn yourself and add a few debug statements in get_value_from_response()?

[rmuehl]

This does not look like a problem with the pkcs11 engine. It seems that the vpn gateway is denying your certificate. You should debug this on the fortigate.
You should also try your smartcard on a win10 machine. Just install the forticlient from the M$-Store and connect to your gateway.

[opensrc-cloud]

Will close as my involvement with the project using FortiVPN just needed at the beginning of the month, so nowhere to test.