Comments (8)
mtrojnar
commented on June 16, 2024
Can you collect a stack backtrace and the output of strace for the hang? I guess the new OpenSSL breaks either the PKCS#11 engine or the PKCS#11 module.
from osslsigncode.
AllinCottrell
commented on June 16, 2024
I should be able to do that tomorrow.
from osslsigncode.
AllinCottrell
commented on June 16, 2024
Here's the backtrace I get from gdb:
(gdb) bt
#0 0x00007ffff76f5783 in clock_nanosleep () from /usr/lib/libc.so.6
#1 0x00007ffff7700f87 in nanosleep () from /usr/lib/libc.so.6
#2 0x00007ffff772b1fc in usleep () from /usr/lib/libc.so.6
#3 0x00007ffff717fe60 in C_Finalize () from /usr/lib/pkcs11/libeToken.so
#4 0x00007ffff7122ee9 in ?? () from /usr/lib/pkcs11/libeToken.so
#5 0x00007ffff7fca0f2 in ?? () from /lib64/ld-linux-x86-64.so.2
#6 0x00007ffff7fce0ce in ?? () from /lib64/ld-linux-x86-64.so.2
#7 0x00007ffff765b2e6 in ?? () from /usr/lib/libc.so.6
#8 0x00007ffff765b42e in exit () from /usr/lib/libc.so.6
#9 0x00007ffff7641d51 in ?? () from /usr/lib/libc.so.6
#10 0x00007ffff7641e0c in __libc_start_main () from /usr/lib/libc.so.6
#11 0x000055555555f025 in ?? ()
I'm attaching strace output.
strace.txt
from osslsigncode.
AllinCottrell
commented on June 16, 2024
Am I right in thinking these results show the hang occurs in libeToken? And if so, does that mean there's nothing osslsigncode can do about it?
from osslsigncode.
mtrojnar
commented on June 16, 2024
Am I right in thinking these results show the hang occurs in libeToken? And if so, does that mean there's nothing osslsigncode can do about it?
I'm afraid you may be right. The decompiled function of your binary PKCS#11 module looks like this:
undefined8 C_Finalize(long param_1)
{
undefined **ppuVar1;
bool bVar2;
bool bVar3;
ulong uVar4;
undefined8 *puVar5;
int iVar6;
int iVar7;
int iVar8;
int iVar9;
undefined8 uVar10;
undefined8 uVar11;
long **pplVar12;
undefined **ppuVar13;
undefined **ppuVar14;
long in_FS_OFFSET;
undefined local_41;
long local_40;
local_40 = *(long *)(in_FS_OFFSET + 0x28);
iVar7 = getProvider();
uVar10 = FUN_001146a0("PKCS11.main","C_Finalize",1);
FUN_001bb6e0(uVar10,"pReserved",param_1);
FUN_001bb6f0(uVar10,"provider",iVar7);
FUN_00114720(uVar10);
pkcsLock();
if ((param_1 != 0x7fffffff) || (bVar2 = true, iVar7 != 0)) {
uVar11 = 7;
if (param_1 != 0) goto LAB_0016dd10;
bVar2 = false;
}
if (0 < DAT_001fc5a0) {
iVar8 = getProvider();
iVar7 = DAT_001fc7dc;
if ((iVar8 != 1) && (iVar7 = DAT_001fc7d4, iVar8 == 2)) {
iVar7 = DAT_001fc7d8;
}
if (0 < iVar7) {
if (DAT_001fc9d8 == 0) {
DAT_001fc5a0 = DAT_001fc5a0 + -1;
iVar7 = iVar7 + -1;
iVar9 = getProvider();
iVar8 = DAT_001fc7d8;
iVar6 = iVar7;
if (((iVar9 != 1) && (iVar8 = iVar7, iVar6 = DAT_001fc7dc, iVar9 != 2)) &&
(iVar8 = DAT_001fc7d8, iVar9 == 0)) {
DAT_001fc7d4 = iVar7;
}
DAT_001fc7dc = iVar6;
DAT_001fc7d8 = iVar8;
if (((iVar7 != 0) && (!bVar2)) || (signalTrackers(), !bVar2)) {
uVar11 = 0;
if (0 < DAT_001fc5a0) goto LAB_0016dd10;
iVar7 = prop("TolerantFinalize");
if (iVar7 != 0) {
DAT_001fc9d8 = 1;
}
}
}
DAT_001fc5a0 = 0xffffffff;
DAT_001fc740 = pthread_self();
if ((DAT_001fc740 != DAT_001fc760) && (local_41 = 0, DAT_001fc73c != 0)) {
write(DAT_001fc73c,&local_41,0);
}
signalTrackers();
while ((undefined **)PTR_LOOP_001f8410 != &PTR_LOOP_001f8410) {
pplVar12 = (long **)PTR_LOOP_001f8410;
bVar2 = false;
do {
while (bVar3 = bVar2, uVar4 = DAT_001fc9d0, DAT_001fc9d0 != 0) {
uVar11 = FUN_001146c0(&DAT_001d1084,"SCardCancel");
FUN_001bb700(uVar11,"hContext",uVar4 & 0xffffffff);
FUN_00114720(uVar11);
iVar7 = SCardCancel(uVar4);
FUN_001bb930(uVar11,(long)iVar7);
pplVar12 = (long **)*pplVar12;
bVar3 = true;
bVar2 = true;
if (pplVar12 == (long **)&PTR_LOOP_001f8410) goto LAB_0016de4c;
}
pplVar12 = (long **)*pplVar12;
bVar2 = bVar3;
} while (pplVar12 != (long **)&PTR_LOOP_001f8410);
LAB_0016de4c:
if (!bVar3) break;
pkcsUnlock();
usleep(100000);
pkcsLock();
}
while (0 < DAT_001fca38) {
FUN_001c3e50();
}
DAT_001fc740 = 0;
DAT_001fc5a0 = 0;
FUN_001bce30();
if ((undefined8 **)DAT_001fc9e0 != &DAT_001fc9e0) {
do {
puVar5 = DAT_001fc9e0;
FUN_001b95b0(DAT_001fc9e0);
if (puVar5 == (undefined8 *)0x0) break;
FUN_001b9c80("PkcsHandle",*(undefined4 *)(puVar5 + 3));
etFreeMemory(puVar5);
} while ((undefined8 **)DAT_001fc9e0 != &DAT_001fc9e0);
}
ppuVar1 = *(undefined ***)PTR_LOOP_001f8410;
ppuVar14 = (undefined **)PTR_LOOP_001f8410;
if ((undefined **)PTR_LOOP_001f8410 != &PTR_LOOP_001f8410) {
do {
ppuVar13 = ppuVar1;
if (*(short *)(ppuVar14 + 9) == 0) {
FUN_00150c00();
ppuVar1 = (undefined **)*ppuVar13;
}
else {
ppuVar1 = (undefined **)*ppuVar13;
}
ppuVar14 = ppuVar13;
} while (ppuVar13 != &PTR_LOOP_001f8410);
}
uVar11 = 0;
FUN_001ba9b0(&DAT_001fc7f0);
pthread_mutex_destroy((pthread_mutex_t *)&DAT_001fc800);
FUN_001ba9b0(&DAT_001fc980);
pthread_mutex_destroy((pthread_mutex_t *)&DAT_001fc9a0);
FUN_001ba9b0(&DAT_001fc7b0);
goto LAB_0016dd10;
}
}
uVar11 = 400;
LAB_0016dd10:
pkcsUnlock();
FUN_001bb930(uVar10,uVar11);
if (local_40 == *(long *)(in_FS_OFFSET + 0x28)) {
return uVar11;
}
/* WARNING: Subroutine does not return */
__stack_chk_fail();
}It seems to be busy-waiting for something to happen on an another thread. Did you specify -f to your strace to also monitor additional threads created by the application? osslsigncode itself is single-threaded, but your module apparently uses threads.
from osslsigncode.
AllinCottrell
commented on June 16, 2024
Thanks for following up. No, I didn't specify -f with strace; I can try that.
Meanwhile, it seems that although the hang is annoying it's not actually a show-stopper. Before the operation hangs, a signed executable is in fact produced. So if I invoke osslsigncode governed by timeout 4 -- and then check that the output file exists and is bigger than the input file -- I've probably got something that works.
from osslsigncode.
AllinCottrell
commented on June 16, 2024
I'm now attaching output from strace -f.
strace_f.txt
from osslsigncode.
mtrojnar
commented on June 16, 2024
The other two threads were waiting for data from the /run/pcscd/pcscd.comm UNIX socket connected on file descriptors 4 and 6.
The relevant strace lines are:
[pid 88729] socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 4
[pid 88729] connect(4, {sa_family=AF_UNIX, sun_path="/run/pcscd/pcscd.comm"}, 24) = 0
[pid 88729] fcntl(4, F_GETFL) = 0x2 (flags O_RDWR)
[pid 88729] fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid 88729] poll([{fd=4, events=POLLOUT}], 1, -1) = 1 ([{fd=4, revents=POLLOUT}])
[pid 88729] sendto(4, "\f\0\0\0\21\0\0\0", 8, MSG_NOSIGNAL, NULL, 0) = 8
[pid 88729] poll([{fd=4, events=POLLOUT}], 1, -1) = 1 ([{fd=4, revents=POLLOUT}])
[pid 88729] sendto(4, "\4\0\0\0\4\0\0\0\0\0\0\0", 12, MSG_NOSIGNAL, NULL, 0) = 12
[pid 88729] poll([{fd=4, events=POLLIN}], 1, -1) = 1 ([{fd=4, revents=POLLIN}])
[pid 88729] read(4, "\4\0\0\0\4\0\0\0\0\0\0\0", 12) = 12
[pid 88729] poll([{fd=4, events=POLLOUT}], 1, -1) = 1 ([{fd=4, revents=POLLOUT}])
[pid 88729] sendto(4, "\f\0\0\0\1\0\0\0", 8, MSG_NOSIGNAL, NULL, 0) = 8
[pid 88729] poll([{fd=4, events=POLLOUT}], 1, -1) = 1 ([{fd=4, revents=POLLOUT}])
[pid 88729] sendto(4, "\2\0\0\0\0\0\0\0\0\0\0\0", 12, MSG_NOSIGNAL, NULL, 0) = 12
[pid 88729] poll([{fd=4, events=POLLIN}], 1, -1) = 1 ([{fd=4, revents=POLLIN}])
[pid 88729] read(4, "\2\0\0\0\244\350kn\0\0\0\0", 12) = 12
[pid 88729] poll([{fd=4, events=POLLOUT}], 1, -1) = 1 ([{fd=4, revents=POLLOUT}])
[pid 88729] sendto(4, "\0\0\0\0\22\0\0\0", 8, MSG_NOSIGNAL, NULL, 0) = 8
[pid 88729] poll([{fd=4, events=POLLIN}], 1, -1) = 1 ([{fd=4, revents=POLLIN}])
[pid 88729] read(4, "SafeNet eToken 5100 [eToken 5110"..., 2944) = 2944
[pid 88729] poll([{fd=4, events=POLLOUT}], 1, -1) = 1 ([{fd=4, revents=POLLOUT}])
[pid 88729] sendto(4, "\0\0\0\0\23\0\0\0", 8, MSG_NOSIGNAL, NULL, 0) = 8
[pid 88729] poll([{fd=4, events=POLLIN}], 1, -1) = 1 ([{fd=4, revents=POLLIN}])
[pid 88729] read(4, "SafeNet eToken 5100 [eToken 5110"..., 2944) = 2944
[pid 88729] poll([{fd=4, events=POLLOUT}], 1, -1) = 1 ([{fd=4, revents=POLLOUT}])
[pid 88729] sendto(4, "\0\0\0\0\24\0\0\0", 8, MSG_NOSIGNAL, NULL, 0) = 8
[pid 88729] poll([{fd=4, events=POLLIN}], 1, -1) = 1 ([{fd=4, revents=POLLIN}])
[pid 88729] read(4, "\0\0\0\0\0\0\0\0", 8) = 8
[pid 88729] poll([{fd=4, events=POLLOUT}], 1, -1) = 1 ([{fd=4, revents=POLLOUT}])
[pid 88729] sendto(4, "\10\0\0\0\2\0\0\0", 8, MSG_NOSIGNAL, NULL, 0) = 8
[pid 88729] poll([{fd=4, events=POLLOUT}], 1, -1) = 1 ([{fd=4, revents=POLLOUT}])
[pid 88729] sendto(4, "\244\350kn\0\0\0\0", 8, MSG_NOSIGNAL, NULL, 0) = 8
[pid 88729] poll([{fd=4, events=POLLIN}], 1, -1) = 1 ([{fd=4, revents=POLLIN}])
[pid 88729] read(4, "\244\350kn\0\0\0\0", 8) = 8
[pid 88730] pselect6(5, [4], NULL, NULL, {tv_sec=0, tv_nsec=200000000}, NULL <unfinished ...>
[pid 88733] socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0 <unfinished ...>
[pid 88733] <... socket resumed>) = 6
[pid 88733] connect(6, {sa_family=AF_UNIX, sun_path="/run/pcscd/pcscd.comm"}, 24 <unfinished ...>
[pid 88733] fcntl(6, F_GETFL <unfinished ...>
[pid 88733] fcntl(6, F_SETFL, O_RDWR|O_NONBLOCK <unfinished ...>
[pid 88733] poll([{fd=6, events=POLLOUT}], 1, -1 <unfinished ...>...
[pid 88733] <... poll resumed>) = 1 ([{fd=6, revents=POLLOUT}])
[pid 88733] sendto(6, "\4\0\0\0\4\0\0\0\0\0\0\0", 12, MSG_NOSIGNAL, NULL, 0 <unfinished ...>
[pid 88733] poll([{fd=6, events=POLLIN}], 1, -1 <unfinished ...>
[pid 88733] <... poll resumed>) = 1 ([{fd=6, revents=POLLIN}])
[pid 88733] read(6, "\4\0\0\0\4\0\0\0\0\0\0\0", 12) = 12
[pid 88733] poll([{fd=6, events=POLLOUT}], 1, -1) = 1 ([{fd=6, revents=POLLOUT}])
[pid 88733] sendto(6, "\f\0\0\0\1\0\0\0", 8, MSG_NOSIGNAL, NULL, 0) = 8
[pid 88733] poll([{fd=6, events=POLLOUT}], 1, -1) = 1 ([{fd=6, revents=POLLOUT}])
[pid 88733] sendto(6, "\2\0\0\0\0\0\0\0\0\0\0\0", 12, MSG_NOSIGNAL, NULL, 0) = 12
[pid 88733] poll([{fd=6, events=POLLIN}], 1, -1) = 1 ([{fd=6, revents=POLLIN}])
[pid 88733] read(6, "\2\0\0\0P(\314\17\0\0\0\0", 12) = 12
[pid 88733] poll([{fd=6, events=POLLOUT}], 1, -1) = 1 ([{fd=6, revents=POLLOUT}])
[pid 88733] sendto(6, "\0\0\0\0\22\0\0\0", 8, MSG_NOSIGNAL, NULL, 0) = 8
[pid 88733] poll([{fd=6, events=POLLIN}], 1, -1) = 1 ([{fd=6, revents=POLLIN}])
[pid 88733] read(6, "SafeNet eToken 5100 [eToken 5110"..., 2944) = 2944
[pid 88733] poll([{fd=6, events=POLLOUT}], 1, -1) = 1 ([{fd=6, revents=POLLOUT}])
[pid 88733] sendto(6, "\0\0\0\0\23\0\0\0", 8, MSG_NOSIGNAL, NULL, 0) = 8
[pid 88733] poll([{fd=6, events=POLLIN}], 1, -1) = 1 ([{fd=6, revents=POLLIN}])
[pid 88733] read(6, "SafeNet eToken 5100 [eToken 5110"..., 2944) = 2944
[pid 88733] poll([{fd=6, events=POLLOUT}], 1, -1) = 1 ([{fd=6, revents=POLLOUT}])
[pid 88733] sendto(6, "\0\0\0\0\24\0\0\0", 8, MSG_NOSIGNAL, NULL, 0) = 8
[pid 88733] poll([{fd=6, events=POLLIN}], 1, -1) = 1 ([{fd=6, revents=POLLIN}])
[pid 88733] read(6, "\0\0\0\0\0\0\0\0", 8) = 8
[pid 88733] poll([{fd=6, events=POLLOUT}], 1, -1 <unfinished ...>
[pid 88733] <... poll resumed>) = 1 ([{fd=6, revents=POLLOUT}])
[pid 88733] sendto(6, "\0\0\0\0\23\0\0\0", 8, MSG_NOSIGNAL, NULL, 0 <unfinished ...>
[pid 88733] poll([{fd=6, events=POLLIN}], 1, -1 <unfinished ...>
[pid 88733] <... poll resumed>) = 1 ([{fd=6, revents=POLLIN}])
[pid 88733] read(6, <unfinished ...>
[pid 88733] poll([{fd=6, events=POLLIN}], 1, 60000 <unfinished ...>
[pid 88730] pselect6(5, [4], NULL, NULL, {tv_sec=0, tv_nsec=200000000}, NULL <unfinished ...>
[pid 88730] pselect6(5, [4], NULL, NULL, {tv_sec=0, tv_nsec=200000000}, NULL <unfinished ...>
[pid 88730] pselect6(5, [4], NULL, NULL, {tv_sec=0, tv_nsec=200000000}, NULL <unfinished ...>
[pid 88730] pselect6(5, [4], NULL, NULL, {tv_sec=0, tv_nsec=200000000}, NULL <unfinished ...>
[pid 88730] pselect6(5, [4], NULL, NULL, {tv_sec=0, tv_nsec=200000000}, NULL <unfinished ...>
[pid 88730] pselect6(5, [4], NULL, NULL, {tv_sec=0, tv_nsec=200000000}, NULL) = 0 (Timeout)
[pid 88730] pselect6(5, [4], NULL, NULL, {tv_sec=0, tv_nsec=200000000}, NULL) = 0 (Timeout)
[pid 88730] pselect6(5, [4], NULL, NULL, {tv_sec=0, tv_nsec=200000000}, NULL) = 0 (Timeout)
[pid 88730] pselect6(5, [4], NULL, NULL, {tv_sec=0, tv_nsec=200000000}, NULL) = 0 (Timeout)
[pid 88730] pselect6(5, [4], NULL, NULL, {tv_sec=0, tv_nsec=200000000}, NULL) = 0 (Timeout)
[pid 88730] pselect6(5, [4], NULL, NULL, {tv_sec=0, tv_nsec=200000000}, NULL) = 0 (Timeout)
...
The issue could be caused by a race condition that weirdly worked due to an excessive locking or a timing issue that was fixed in the OpenSSL 3.3 branch.
Fixing a closed-source module is hard. Hopefully, we managed to collect enough data for the vendor's technical support.
from osslsigncode.
Related Issues (20)
- using on windows with nitrokey HSM2 HOT 11
- Signing an .appx file corrupts the .appx HOT 5
- syntax error near unexpected token `newline' HOT 1
- osslsigncode cmd generates different executables each time HOT 7
- Failed to verify signature even though its valid HOT 6
- Verifying digital signature in offline environment HOT 7
- SIGSEGV with 2.8 if "consistency of a private key" check fails HOT 2
- Documentation issue HOT 3
- Write errors to stderr instead of stdout
- GAP: When signing a Appx, signtool creates AppxMetadata\CodeIntegrity.cat, osslsigncode doesn't HOT 6
- Hangs in macOS Sonoma 14.0 with latest libs HOT 1
- [Behavior]: osslsigncode adds timestamp even without passing a timestamp server URL HOT 2
- [Feature Request] Ignore CRL HOT 3
- v2.8 regression: SIGSEGV in BIO_free HOT 2
- v2.8 SIGSEGV in check_key_fork HOT 2
- Verify Signed 'cab' Files HOT 1
- Signing with Inno Setup HOT 2
- Segmentation Fault after DNS resolution failure of Timestamp server HOT 1
- "Warning: MsiDigitalSignatureEx stream doesn't exist" harmless? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from osslsigncode.