search

OpenSC / libp11

PKCS#11 wrapper library
GNU Lesser General Public License v2.1
311 stars 189 forks source link

Segmentation Fault in pkcs11_get_session when signing with proCertum card #520

Closed imaGuru closed 1 year ago

imaGuru commented 1 year ago

Not sure if this is the right place, but the segmentation fault seems to be in libp11 When running:

osslsigncode -verbose -pkcs11engine ~/workspace/libp11/src/.libs/pkcs11.so -pkcs11module /opt/proCertumCardManager/sc30pkcs11-3.0.6.68-MS.so -pkcs11cert "pkcs11:token=profil standardowy;object=<redacted>;type=cert" -h sha256 -t http://time.certum.pl -in unsigned.exe -out signed.exe

Results in:

Engine "pkcs11" set.
Segmentation fault (core dumped)

gdb bt

#0  pkcs11_get_session (slot=slot@entry=0x55555558f320, rw=<optimized out>, rw@entry=0, sessionp=sessionp@entry=0x7fffffffb648)
    at p11_slot.c:155
#1  0x00007ffff7f99055 in pkcs11_get_rsa (key=0x5555555ac640) at p11_rsa.c:220
#2  0x00007ffff7f99a53 in pkcs11_get_evp_key_rsa (key=0x5555555ac640) at p11_rsa.c:292
#3  0x00007ffff7f98432 in pkcs11_get_key (key0=0x5555555ac640, object_class=<optimized out>) at p11_key.c:464
#4  0x00007ffff7f9967f in pkcs11_rsa (key=<optimized out>) at p11_rsa.c:33
#5  pkcs11_get_key_size (key=<optimized out>) at p11_rsa.c:359
#6  0x00007ffff7f99704 in pkcs11_private_encrypt (flen=51, from=0x5555555d9f20 "010\r\006\t`\206H\001e\003\004\002\001\005", 
    to=0x55555558ef00 "\036\327\f", key=0x5555555ac640, padding=1) at p11_rsa.c:111
#7  0x00007ffff7a03623 in RSA_sign () from /usr/lib/libcrypto.so.3
#8  0x00007ffff7a058bd in ?? () from /usr/lib/libcrypto.so.3
#9  0x00007ffff79a3388 in EVP_DigestSignFinal () from /usr/lib/libcrypto.so.3
#10 0x00007ffff79e9dc4 in PKCS7_SIGNER_INFO_sign () from /usr/lib/libcrypto.so.3
#11 0x00007ffff79ea7c8 in PKCS7_dataFinal () from /usr/lib/libcrypto.so.3

Segmentation fault occurs inside p11_slot.c function pkcs11_get_session in line 155: rv = CRYPTOKI_call(ctx, C_GetSessionInfo(*sessionp, &session_info)); when trying to sign an exe file with osslsigncode and proCertum card 3.6.1. Problem occurs in master, libp11-0.4.12 and libp11-0.4.11. Any suggestions on how to start debuging this problem?

libp11 version: master, 0.4.12, 0.4.11 Reader: ACS ACR39U ICC Reader 00 00 Card: proCertum card 3.6.1 PKCS11 Module: sc30pkcs11-3.0.6.68-MS.so

imaGuru commented 1 year ago

Ok, after some digging in the debugger it looks like for some reason ctx_finish is called after retrieving the keys from the card and before signing with the key. If I gimp the ctx_finish function and just return before releasing any memory the signing process finishes successfully. This would probably mean that the problem is not in the libp11 but in osslsigncode or libcrypto. Will report back when I know more and probably move this issue to osslsigncode

imaGuru commented 1 year ago

It is indeed problem with osslsigncode which destroys the engine immediately after retrieving tokens which causes a segmentation fault later when trying to sign.