Comments (10)
renesas-brandon-hussey
commented on May 11, 2024
1
I updated to de05123 and still see the same segmentation fault. Below is the trace.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `./osslsigncode/osslsigncode sign '.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f85ec756f28 in ?? () from /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so
[Current thread is 1 (Thread 0x7f85f2d87740 (LWP 20505))]
#0 0x00007f85ec756f28 in ?? () from /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so
#1 0x00007f85ec75795e in ?? () from /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so
#2 0x00007f85f2863b69 in RSA_sign () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#3 0x00007f85f2862952 in ?? () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#4 0x00007f85f282395a in EVP_DigestSignFinal () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#5 0x00007f85f284b363 in PKCS7_SIGNER_INFO_sign () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#6 0x00007f85f284b601 in PKCS7_dataFinal () from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
#7 0x000055ddfe81c062 in set_signing_blob (buf=0x55de00a8e080 <buf> "0h03\006\n+\006\001\004\001\202\067\002\001\017\060%\003\001", len=74, hash=0x55de020157e0, sig=0x55de02044210)
at osslsigncode.c:1677
#8 set_indirect_data_blob (header=<optimized out>, options=<optimized out>, indata=<optimized out>, type=<optimized out>, hash=0x55de020157e0, sig=0x55de02044210)
at osslsigncode.c:1743
#9 get_pkcs7 (cmd=<optimized out>, hash=0x55de020157e0, type=<optimized out>, indata=<optimized out>, options=<optimized out>, header=<optimized out>, cparams=0x7ffc3b9ee0a0,
cursig=0x0) at osslsigncode.c:5266
#10 0x000055ddfe81ea0a in pe_presign_file (type=FILE_TYPE_PE, cursig=<synthetic pointer>, outdata=0x55de020437a0, hash=0x55de020157e0,
indata=0x7f85f2ca7000 <error: Cannot access memory at address 0x7f85f2ca7000>, cparams=0x7ffc3b9ee0a0, options=0x7ffc3b9ee1b0, header=0x7ffc3b9ee0d0, cmd=CMD_SIGN)
at osslsigncode.c:5378
#11 main (argc=<optimized out>, argv=<optimized out>) at osslsigncode.c:5928
from osslsigncode.
renesas-brandon-hussey
commented on May 11, 2024
1
Result of git bisect.
0bb54d9f5148976f029293393b7e2d256fd297b0 is the first bad commit
commit 0bb54d9f5148976f029293393b7e2d256fd297b0
Author: olszomal <[email protected]>
Date: Wed Sep 30 10:44:36 2020 +0200
new option -pkcs11cert identifies a certificate in the token
fix and simplify read_crypto_params()
:100644 100644 a959751aaa6104727b80f5ff03ce0b90f2d81aa7 acd4e7d92453cbcae3c3d699986ba1324ecf1512 M osslsigncode.c
from osslsigncode.
alexivkin
commented on May 11, 2024
That did not help. I am getting segfault on the latest commit in much the same scenario as the OP. Reverted to the 2.0 tag and everything worked.
from osslsigncode.
olszomal
commented on May 11, 2024
I can't replicate this issue.
Could you please show me where exactly it got stuck by printing the stack backtrace for the crash.
from osslsigncode.
mtrojnar
commented on May 11, 2024
This looks bad (like a heap corruption)... Why would it crash the engine?
Could you try git bisect to identify the culprit?
from osslsigncode.
mtrojnar
commented on May 11, 2024
0bb54d9 is engine support refactoring, so it makes sense. I started a detailed analysis of this commit.
from osslsigncode.
mtrojnar
commented on May 11, 2024
This commit decrements the engine reference count early instead of delaying it until the osslsigncode cleanup. The old behavior could hide an error in the pkcs11 engine (another project I maintain). Which version of the engine do you use? Does updating the engine to its current master prevents this segmentation fault?
from osslsigncode.
renesas-brandon-hussey
commented on May 11, 2024
@mtrojnar I'm out of my depth here but I think I figured out what you wanted to know. Here is what I did:
- Checked version of "libengine-pkcs11-openssl" on my system. It is "0.4.7-3".
- Downloaded libp11-0.4.11
- Extracted and built libp11-0.4.11. This resulted in me having libp11-0.4.11/src/.libs/pkcs11.so
- Updated my command from earlier to use this new lib.
Changed:
osslsigncode sign -readpass <password_file> \
-pkcs11engine /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so \
-pkcs11module /usr/lib/libeToken.so \
-h sha256 -n test -t http://timestamp.digicert.com \
-certs <path_to_certs> \
-key "pkcs11:model=eToken;manufacturer=SafeNet%2c%20Inc.;<more>;type=cert" \
-verbose -in <unsigned_exe> -out <signed_exe>To this:
osslsigncode sign -readpass <password_file> \
-pkcs11engine libp11-0.4.11/src/.libs/pkcs11.so \
-pkcs11module /usr/lib/libeToken.so \
-h sha256 -n test -t http://timestamp.digicert.com \
-certs <path_to_certs> \
-key "pkcs11:model=eToken;manufacturer=SafeNet%2c%20Inc.;<more>;type=cert" \
-verbose -in <unsigned_exe> -out <signed_exe>With this change I no longer encounter the segmentation fault. The binary is signed as expected.
from osslsigncode.
alexivkin
commented on May 11, 2024
@mtrojnar I can confirm. Tried the same workaround as @renesas-brandon-hussey and it worked for me.
from osslsigncode.
olszomal
commented on May 11, 2024
This issue may be closed.
from osslsigncode.
Related Issues (20)
- Failed to parse PKCS#12 file: p12key.p12 (Wrong password?) HOT 3
- Dependency on openssl1.0, not working on Amazon Linux 2022 HOT 1
- Trouble with run after bad install osslsigncode HOT 5
- Signing EV with SafeNet eToken 5100/5110 HOT 9
- How to locate the ---BLOB_BEGIN--- location programatically after replacement with data? HOT 1
- Publish official docker image
- Default command "sign" not working in 2.5 HOT 1
- Question: CAB File Signature Specification HOT 3
- Improve readme to build on linux HOT 5
- Failed Timestamp validation in verify HOT 2
- Failing to sign .msi file - DIFAT sectors are not supported HOT 3
- IPE checksum missmatch HOT 3
- Linking fails when building with Nix on Darwin HOT 1
- [Bug Report] Fail to verify the revocation status of certificates. HOT 2
- Release builds for Ubuntu HOT 5
- [Bug Report] wrong timestamp parsing HOT 3
- [Usage-Help] Verfication fails on Windows every time HOT 1
- Missing OpenSSL legacy provider on Microsoft Windows HOT 1
- static binary with musl? HOT 3
- Multiple MSI signatures with different algorithms and a MsiDigitalSignatureEx entry HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from osslsigncode.